Gitweb links:
...log
http://git.netsurf-browser.org/libparserutils.git/shortlog/3b3385ca09c9ca...
...commit
http://git.netsurf-browser.org/libparserutils.git/commit/3b3385ca09c9cab4...
...tree
http://git.netsurf-browser.org/libparserutils.git/tree/3b3385ca09c9cab412...
The branch, master has been updated
via 3b3385ca09c9cab412dd9213f7f018309b438140 (commit)
via 5f7fe78d1119fd068e8c932bb0ea321b31088787 (commit)
from 93c721d6edc90e6f06eff8701824aa0d9ed6da16 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commitdiff
http://git.netsurf-browser.org/libparserutils.git/commit/?id=3b3385ca09c9...
commit 3b3385ca09c9cab412dd9213f7f018309b438140
Author: Michael Drake <tlsa(a)netsurf-browser.org>
Commit: Michael Drake <tlsa(a)netsurf-browser.org>
Fix memmove beyond buffer length in parserutlis_buffer_discard. Thanks to Elie
Roudninski.
diff --git a/src/utils/buffer.c b/src/utils/buffer.c
index 5a2a7ce..716e67c 100644
--- a/src/utils/buffer.c
+++ b/src/utils/buffer.c
@@ -134,7 +134,7 @@ parserutils_error parserutils_buffer_discard(parserutils_buffer
*buffer,
return PARSERUTILS_BADPARM;
memmove(buffer->data + offset, buffer->data + offset + len,
- buffer->length - len);
+ buffer->length - (len + offset));
buffer->length -= len;
commitdiff
http://git.netsurf-browser.org/libparserutils.git/commit/?id=5f7fe78d1119...
commit 5f7fe78d1119fd068e8c932bb0ea321b31088787
Author: Michael Drake <tlsa(a)netsurf-browser.org>
Commit: Michael Drake <tlsa(a)netsurf-browser.org>
Add test for memmove beyond buffer length, in parserutils_buffer_discard.
diff --git a/test/regression/INDEX b/test/regression/INDEX
index f6de6cf..63e1a3b 100644
--- a/test/regression/INDEX
+++ b/test/regression/INDEX
@@ -5,3 +5,4 @@
filter-segv Segfault in input filtering
stream-nomem Inputstream buffer expansion
filter-badenc-segv Segfault on resetting bad encoding in filter
+buffer-discard Memmove beyond data length
diff --git a/test/regression/Makefile b/test/regression/Makefile
index c83de62..cf6acee 100644
--- a/test/regression/Makefile
+++ b/test/regression/Makefile
@@ -1,6 +1,8 @@
# Tests
DIR_TEST_ITEMS := filter-segv:filter-segv.c \
- stream-nomem:stream-nomem.c filter-badenc-segv:filter-badenc-segv.c
+ stream-nomem:stream-nomem.c \
+ filter-badenc-segv:filter-badenc-segv.c \
+ buffer-discard:buffer-discard.c
CFLAGS := $(CFLAGS) -I$(CURDIR)/test
diff --git a/test/regression/buffer-discard.c b/test/regression/buffer-discard.c
new file mode 100644
index 0000000..d3eefb8
--- /dev/null
+++ b/test/regression/buffer-discard.c
@@ -0,0 +1,67 @@
+#include <stdio.h>
+#include <string.h>
+
+#include <parserutils/parserutils.h>
+#include <parserutils/utils/buffer.h>
+
+#include "utils/utils.h"
+
+#include "testutils.h"
+
+#define BUFF_LEN 2000
+
+int main(int argc, char **argv)
+{
+ uint8_t data[BUFF_LEN];
+ parserutils_buffer *buf;
+ int i;
+
+ UNUSED(argc);
+ UNUSED(argv);
+
+ assert(parserutils_buffer_create(&buf) == PARSERUTILS_OK);
+
+ /* Populate the data with '4's */
+ for (i = 0; i < BUFF_LEN; i++)
+ data[i] = '4';
+
+ assert(parserutils_buffer_append(buf, data, BUFF_LEN) ==
+ PARSERUTILS_OK);
+
+ /* Double the size, appending 'c's */
+ for (i = 0; i < BUFF_LEN; i++)
+ data[i] = 'c';
+
+ assert(parserutils_buffer_append(buf, data, BUFF_LEN) ==
+ PARSERUTILS_OK);
+ assert(buf->length == 2 * BUFF_LEN);
+
+ /* Now reduce the length by half */
+ /* Buffer length is all '4's now */
+ buf->length = BUFF_LEN;
+
+ /* Now discard half of the 4s from the middle of the buffer */
+ assert(parserutils_buffer_discard(buf, BUFF_LEN / 4, BUFF_LEN / 2) ==
+ PARSERUTILS_OK);
+
+ /* Now check that the length is what we expect */
+ assert(buf->length == BUFF_LEN / 2);
+
+ /* Now check that the buffer contains what we expect */
+ for (i = 0; i < BUFF_LEN / 2; i++)
+ assert(buf->data[i] == '4');
+
+ /* Now check that the space we allocated beyond the buffer length is
+ * as we expect, and not overwritten with 'c', which should be beyond
+ * what the buffer_ code is allowed to move. */
+ for (i = BUFF_LEN / 2; i < BUFF_LEN; i++)
+ assert(buf->data[i] != 'c');
+
+
+ assert(parserutils_buffer_destroy(buf) == PARSERUTILS_OK);
+
+ printf("PASS\n");
+
+ return 0;
+}
+
-----------------------------------------------------------------------
Summary of changes:
src/utils/buffer.c | 2 +-
test/regression/INDEX | 1 +
test/regression/Makefile | 4 ++-
test/regression/buffer-discard.c | 67 ++++++++++++++++++++++++++++++++++++++
4 files changed, 72 insertions(+), 2 deletions(-)
create mode 100644 test/regression/buffer-discard.c
diff --git a/src/utils/buffer.c b/src/utils/buffer.c
index 5a2a7ce..716e67c 100644
--- a/src/utils/buffer.c
+++ b/src/utils/buffer.c
@@ -134,7 +134,7 @@ parserutils_error parserutils_buffer_discard(parserutils_buffer
*buffer,
return PARSERUTILS_BADPARM;
memmove(buffer->data + offset, buffer->data + offset + len,
- buffer->length - len);
+ buffer->length - (len + offset));
buffer->length -= len;
diff --git a/test/regression/INDEX b/test/regression/INDEX
index f6de6cf..63e1a3b 100644
--- a/test/regression/INDEX
+++ b/test/regression/INDEX
@@ -5,3 +5,4 @@
filter-segv Segfault in input filtering
stream-nomem Inputstream buffer expansion
filter-badenc-segv Segfault on resetting bad encoding in filter
+buffer-discard Memmove beyond data length
diff --git a/test/regression/Makefile b/test/regression/Makefile
index c83de62..cf6acee 100644
--- a/test/regression/Makefile
+++ b/test/regression/Makefile
@@ -1,6 +1,8 @@
# Tests
DIR_TEST_ITEMS := filter-segv:filter-segv.c \
- stream-nomem:stream-nomem.c filter-badenc-segv:filter-badenc-segv.c
+ stream-nomem:stream-nomem.c \
+ filter-badenc-segv:filter-badenc-segv.c \
+ buffer-discard:buffer-discard.c
CFLAGS := $(CFLAGS) -I$(CURDIR)/test
diff --git a/test/regression/buffer-discard.c b/test/regression/buffer-discard.c
new file mode 100644
index 0000000..d3eefb8
--- /dev/null
+++ b/test/regression/buffer-discard.c
@@ -0,0 +1,67 @@
+#include <stdio.h>
+#include <string.h>
+
+#include <parserutils/parserutils.h>
+#include <parserutils/utils/buffer.h>
+
+#include "utils/utils.h"
+
+#include "testutils.h"
+
+#define BUFF_LEN 2000
+
+int main(int argc, char **argv)
+{
+ uint8_t data[BUFF_LEN];
+ parserutils_buffer *buf;
+ int i;
+
+ UNUSED(argc);
+ UNUSED(argv);
+
+ assert(parserutils_buffer_create(&buf) == PARSERUTILS_OK);
+
+ /* Populate the data with '4's */
+ for (i = 0; i < BUFF_LEN; i++)
+ data[i] = '4';
+
+ assert(parserutils_buffer_append(buf, data, BUFF_LEN) ==
+ PARSERUTILS_OK);
+
+ /* Double the size, appending 'c's */
+ for (i = 0; i < BUFF_LEN; i++)
+ data[i] = 'c';
+
+ assert(parserutils_buffer_append(buf, data, BUFF_LEN) ==
+ PARSERUTILS_OK);
+ assert(buf->length == 2 * BUFF_LEN);
+
+ /* Now reduce the length by half */
+ /* Buffer length is all '4's now */
+ buf->length = BUFF_LEN;
+
+ /* Now discard half of the 4s from the middle of the buffer */
+ assert(parserutils_buffer_discard(buf, BUFF_LEN / 4, BUFF_LEN / 2) ==
+ PARSERUTILS_OK);
+
+ /* Now check that the length is what we expect */
+ assert(buf->length == BUFF_LEN / 2);
+
+ /* Now check that the buffer contains what we expect */
+ for (i = 0; i < BUFF_LEN / 2; i++)
+ assert(buf->data[i] == '4');
+
+ /* Now check that the space we allocated beyond the buffer length is
+ * as we expect, and not overwritten with 'c', which should be beyond
+ * what the buffer_ code is allowed to move. */
+ for (i = BUFF_LEN / 2; i < BUFF_LEN; i++)
+ assert(buf->data[i] != 'c');
+
+
+ assert(parserutils_buffer_destroy(buf) == PARSERUTILS_OK);
+
+ printf("PASS\n");
+
+ return 0;
+}
+
--
Lexer/parser utility functions