From 8c3d092bac11d5857d9dc95e07b6ac17bf59a434 Mon Sep 17 00:00:00 2001 From: Pavel Kalvoda Date: Tue, 27 Dec 2022 15:51:33 +0100 Subject: [PATCH] Add test for bytestring realloc overflow and revert implicit free added in #228/ --- src/cbor/bytestrings.c | 5 ----- test/bytestring_test.c | 47 ++++++++++++++++++++++++++++++------------ 2 files changed, 34 insertions(+), 18 deletions(-) diff --git a/src/cbor/bytestrings.c b/src/cbor/bytestrings.c index 086effef..670db275 100644 --- a/src/cbor/bytestrings.c +++ b/src/cbor/bytestrings.c @@ -97,10 +97,7 @@ bool cbor_bytestring_add_chunk(cbor_item_t *item, cbor_item_t *chunk) { struct cbor_indefinite_string_data *data = (struct cbor_indefinite_string_data *)item->data; if (data->chunk_count == data->chunk_capacity) { - // TODO: Add a test for this if (!_cbor_safe_to_multiply(CBOR_BUFFER_GROWTH, data->chunk_capacity)) { - _CBOR_FREE(chunk->data); - _CBOR_FREE(chunk); return false; } @@ -112,8 +109,6 @@ bool cbor_bytestring_add_chunk(cbor_item_t *item, cbor_item_t *chunk) { data->chunks, sizeof(cbor_item_t *), new_chunk_capacity); if (new_chunks_data == NULL) { - _CBOR_FREE(chunk->data); - _CBOR_FREE(chunk); return false; } data->chunk_capacity = new_chunk_capacity; diff --git a/test/bytestring_test.c b/test/bytestring_test.c index 49dfc60b..6eef4215 100644 --- a/test/bytestring_test.c +++ b/test/bytestring_test.c @@ -309,19 +309,40 @@ static void test_inline_creation(void **_CBOR_UNUSED(_state)) { cbor_decref(&bs); } +static void test_add_chunk_reallocation_overflow(void **_CBOR_UNUSED(_state)) { + bs = cbor_new_indefinite_bytestring(); + cbor_item_t *chunk = cbor_build_bytestring((cbor_data) "Hello!", 6); + struct cbor_indefinite_string_data *metadata = + (struct cbor_indefinite_string_data *)bs->data; + // Pretend we already have many chunks allocated + metadata->chunk_count = SIZE_MAX; + metadata->chunk_capacity = SIZE_MAX; + + assert_false(cbor_bytestring_add_chunk(bs, chunk)); + assert_int_equal(cbor_refcount(chunk), 1); + + metadata->chunk_count = 0; + metadata->chunk_capacity = 0; + cbor_decref(&chunk); + cbor_decref(&bs); +} + int main(void) { - const struct CMUnitTest tests[] = {cmocka_unit_test(test_empty_bs), - cmocka_unit_test(test_embedded_bs), - cmocka_unit_test(test_notenough_data), - cmocka_unit_test(test_short_bs1), - cmocka_unit_test(test_short_bs2), - cmocka_unit_test(test_half_bs), - cmocka_unit_test(test_int_bs), - cmocka_unit_test(test_long_bs), - cmocka_unit_test(test_zero_indef), - cmocka_unit_test(test_short_indef), - cmocka_unit_test(test_two_indef), - cmocka_unit_test(test_missing_indef), - cmocka_unit_test(test_inline_creation)}; + const struct CMUnitTest tests[] = { + cmocka_unit_test(test_empty_bs), + cmocka_unit_test(test_embedded_bs), + cmocka_unit_test(test_notenough_data), + cmocka_unit_test(test_short_bs1), + cmocka_unit_test(test_short_bs2), + cmocka_unit_test(test_half_bs), + cmocka_unit_test(test_int_bs), + cmocka_unit_test(test_long_bs), + cmocka_unit_test(test_zero_indef), + cmocka_unit_test(test_short_indef), + cmocka_unit_test(test_two_indef), + cmocka_unit_test(test_missing_indef), + cmocka_unit_test(test_inline_creation), + cmocka_unit_test(test_add_chunk_reallocation_overflow), + }; return cmocka_run_group_tests(tests, NULL, NULL); }