Add test for bytestring realloc overflow and revert implicit free add…

…ed in #228/
PJK · Dec 27, 2022 · 8c3d092 · 8c3d092
1 parent 783fe24
commit 8c3d092
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 18 deletions.
diff --git a/src/cbor/bytestrings.c b/src/cbor/bytestrings.c
@@ -97,10 +97,7 @@ bool cbor_bytestring_add_chunk(cbor_item_t *item, cbor_item_t *chunk) {
   struct cbor_indefinite_string_data *data =
       (struct cbor_indefinite_string_data *)item->data;
   if (data->chunk_count == data->chunk_capacity) {
-    // TODO: Add a test for this
     if (!_cbor_safe_to_multiply(CBOR_BUFFER_GROWTH, data->chunk_capacity)) {
-      _CBOR_FREE(chunk->data);
-      _CBOR_FREE(chunk);
       return false;
     }
 
@@ -112,8 +109,6 @@ bool cbor_bytestring_add_chunk(cbor_item_t *item, cbor_item_t *chunk) {
         data->chunks, sizeof(cbor_item_t *), new_chunk_capacity);
 
     if (new_chunks_data == NULL) {
-      _CBOR_FREE(chunk->data);
-      _CBOR_FREE(chunk);
       return false;
     }
     data->chunk_capacity = new_chunk_capacity;

diff --git a/test/bytestring_test.c b/test/bytestring_test.c
@@ -309,19 +309,40 @@ static void test_inline_creation(void **_CBOR_UNUSED(_state)) {
   cbor_decref(&bs);
 }
 
+static void test_add_chunk_reallocation_overflow(void **_CBOR_UNUSED(_state)) {
+  bs = cbor_new_indefinite_bytestring();
+  cbor_item_t *chunk = cbor_build_bytestring((cbor_data) "Hello!", 6);
+  struct cbor_indefinite_string_data *metadata =
+      (struct cbor_indefinite_string_data *)bs->data;
+  // Pretend we already have many chunks allocated
+  metadata->chunk_count = SIZE_MAX;
+  metadata->chunk_capacity = SIZE_MAX;
+
+  assert_false(cbor_bytestring_add_chunk(bs, chunk));
+  assert_int_equal(cbor_refcount(chunk), 1);
+
+  metadata->chunk_count = 0;
+  metadata->chunk_capacity = 0;
+  cbor_decref(&chunk);
+  cbor_decref(&bs);
+}
+
 int main(void) {
-  const struct CMUnitTest tests[] = {cmocka_unit_test(test_empty_bs),
-                                     cmocka_unit_test(test_embedded_bs),
-                                     cmocka_unit_test(test_notenough_data),
-                                     cmocka_unit_test(test_short_bs1),
-                                     cmocka_unit_test(test_short_bs2),
-                                     cmocka_unit_test(test_half_bs),
-                                     cmocka_unit_test(test_int_bs),
-                                     cmocka_unit_test(test_long_bs),
-                                     cmocka_unit_test(test_zero_indef),
-                                     cmocka_unit_test(test_short_indef),
-                                     cmocka_unit_test(test_two_indef),
-                                     cmocka_unit_test(test_missing_indef),
-                                     cmocka_unit_test(test_inline_creation)};
+  const struct CMUnitTest tests[] = {
+      cmocka_unit_test(test_empty_bs),
+      cmocka_unit_test(test_embedded_bs),
+      cmocka_unit_test(test_notenough_data),
+      cmocka_unit_test(test_short_bs1),
+      cmocka_unit_test(test_short_bs2),
+      cmocka_unit_test(test_half_bs),
+      cmocka_unit_test(test_int_bs),
+      cmocka_unit_test(test_long_bs),
+      cmocka_unit_test(test_zero_indef),
+      cmocka_unit_test(test_short_indef),
+      cmocka_unit_test(test_two_indef),
+      cmocka_unit_test(test_missing_indef),
+      cmocka_unit_test(test_inline_creation),
+      cmocka_unit_test(test_add_chunk_reallocation_overflow),
+  };
   return cmocka_run_group_tests(tests, NULL, NULL);
 }