Loading changes/bug40076 0 → 100644 +5 −0 Original line number Diff line number Diff line o Minor bugfixes (correctness, buffers): - Fix a correctness bug that could cause an assertion failure if we ever tried using the buf_move_all() function with an empty input. As far as we know, no released versions of Tor do this. Fixes bug 40076; bugfix on 0.3.3.1-alpha. src/lib/buf/buffers.c +2 −0 Original line number Diff line number Diff line Loading @@ -689,6 +689,8 @@ buf_move_all(buf_t *buf_out, buf_t *buf_in) tor_assert(buf_out); if (!buf_in) return; if (buf_datalen(buf_in) == 0) return; if (BUG(buf_out->datalen >= INT_MAX || buf_in->datalen >= INT_MAX)) return; if (BUG(buf_out->datalen >= INT_MAX - buf_in->datalen)) Loading src/test/test_buffers.c +64 −0 Original line number Diff line number Diff line Loading @@ -302,6 +302,69 @@ test_buffer_pullup(void *arg) tor_free(tmp); } static void test_buffers_move_all(void *arg) { (void)arg; buf_t *input = buf_new(); buf_t *output = buf_new(); char *s = NULL; /* Move from empty buffer to nonempty buffer. (This is a regression test for * #40076) */ buf_add(output, "abc", 3); buf_assert_ok(input); buf_assert_ok(output); buf_move_all(output, input); buf_assert_ok(input); buf_assert_ok(output); tt_int_op(buf_datalen(output), OP_EQ, 3); s = buf_extract(output, NULL); tt_str_op(s, OP_EQ, "abc"); buf_free(output); buf_free(input); tor_free(s); /* Move from empty to empty. */ output = buf_new(); input = buf_new(); buf_move_all(output, input); buf_assert_ok(input); buf_assert_ok(output); tt_int_op(buf_datalen(output), OP_EQ, 0); buf_free(output); buf_free(input); /* Move from nonempty to empty. */ output = buf_new(); input = buf_new(); buf_add(input, "longstanding bugs", 17); buf_move_all(output, input); buf_assert_ok(input); buf_assert_ok(output); s = buf_extract(output, NULL); tt_str_op(s, OP_EQ, "longstanding bugs"); buf_free(output); buf_free(input); tor_free(s); /* Move from nonempty to nonempty. */ output = buf_new(); input = buf_new(); buf_add(output, "the start of", 12); buf_add(input, " a string", 9); buf_move_all(output, input); buf_assert_ok(input); buf_assert_ok(output); s = buf_extract(output, NULL); tt_str_op(s, OP_EQ, "the start of a string"); done: buf_free(output); buf_free(input); tor_free(s); } static void test_buffer_copy(void *arg) { Loading Loading @@ -799,6 +862,7 @@ struct testcase_t buffer_tests[] = { { "basic", test_buffers_basic, TT_FORK, NULL, NULL }, { "copy", test_buffer_copy, TT_FORK, NULL, NULL }, { "pullup", test_buffer_pullup, TT_FORK, NULL, NULL }, { "move_all", test_buffers_move_all, 0, NULL, NULL }, { "startswith", test_buffer_peek_startswith, 0, NULL, NULL }, { "allocation_tracking", test_buffer_allocation_tracking, TT_FORK, NULL, NULL }, Loading Loading
changes/bug40076 0 → 100644 +5 −0 Original line number Diff line number Diff line o Minor bugfixes (correctness, buffers): - Fix a correctness bug that could cause an assertion failure if we ever tried using the buf_move_all() function with an empty input. As far as we know, no released versions of Tor do this. Fixes bug 40076; bugfix on 0.3.3.1-alpha.
src/lib/buf/buffers.c +2 −0 Original line number Diff line number Diff line Loading @@ -689,6 +689,8 @@ buf_move_all(buf_t *buf_out, buf_t *buf_in) tor_assert(buf_out); if (!buf_in) return; if (buf_datalen(buf_in) == 0) return; if (BUG(buf_out->datalen >= INT_MAX || buf_in->datalen >= INT_MAX)) return; if (BUG(buf_out->datalen >= INT_MAX - buf_in->datalen)) Loading
src/test/test_buffers.c +64 −0 Original line number Diff line number Diff line Loading @@ -302,6 +302,69 @@ test_buffer_pullup(void *arg) tor_free(tmp); } static void test_buffers_move_all(void *arg) { (void)arg; buf_t *input = buf_new(); buf_t *output = buf_new(); char *s = NULL; /* Move from empty buffer to nonempty buffer. (This is a regression test for * #40076) */ buf_add(output, "abc", 3); buf_assert_ok(input); buf_assert_ok(output); buf_move_all(output, input); buf_assert_ok(input); buf_assert_ok(output); tt_int_op(buf_datalen(output), OP_EQ, 3); s = buf_extract(output, NULL); tt_str_op(s, OP_EQ, "abc"); buf_free(output); buf_free(input); tor_free(s); /* Move from empty to empty. */ output = buf_new(); input = buf_new(); buf_move_all(output, input); buf_assert_ok(input); buf_assert_ok(output); tt_int_op(buf_datalen(output), OP_EQ, 0); buf_free(output); buf_free(input); /* Move from nonempty to empty. */ output = buf_new(); input = buf_new(); buf_add(input, "longstanding bugs", 17); buf_move_all(output, input); buf_assert_ok(input); buf_assert_ok(output); s = buf_extract(output, NULL); tt_str_op(s, OP_EQ, "longstanding bugs"); buf_free(output); buf_free(input); tor_free(s); /* Move from nonempty to nonempty. */ output = buf_new(); input = buf_new(); buf_add(output, "the start of", 12); buf_add(input, " a string", 9); buf_move_all(output, input); buf_assert_ok(input); buf_assert_ok(output); s = buf_extract(output, NULL); tt_str_op(s, OP_EQ, "the start of a string"); done: buf_free(output); buf_free(input); tor_free(s); } static void test_buffer_copy(void *arg) { Loading Loading @@ -799,6 +862,7 @@ struct testcase_t buffer_tests[] = { { "basic", test_buffers_basic, TT_FORK, NULL, NULL }, { "copy", test_buffer_copy, TT_FORK, NULL, NULL }, { "pullup", test_buffer_pullup, TT_FORK, NULL, NULL }, { "move_all", test_buffers_move_all, 0, NULL, NULL }, { "startswith", test_buffer_peek_startswith, 0, NULL, NULL }, { "allocation_tracking", test_buffer_allocation_tracking, TT_FORK, NULL, NULL }, Loading
