Re: [libvirt] [PATCH 3/3] virbitmaptest: Add test for out of bounds condition
On 08/16/2013 06:32 AM, Peter Krempa wrote:
Previous patch fixed an issue where when parsing a bitmap from the a
string the bounds of the bitmap weren't checked. That flaw resulted into
crashes. This test tests that case to avoid it in the future.
---
tests/virbitmaptest.c | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/tests/virbitmaptest.c b/tests/virbitmaptest.c
index 8cfd8b5..c56d6fa 100644
--- a/tests/virbitmaptest.c
+++ b/tests/virbitmaptest.c
@@ -464,6 +464,38 @@ cleanup:
return ret;
}
(just getting back from PTO :-))
Coverity found 3 RESOURCE_LEAK issues - all related though... Looks
like you're missing a "virBitmapFree(bitmap);"
+
+/* test out of bounds conditions on virBitmapParse */
+static int
+test9(const void *opaque ATTRIBUTE_UNUSED)
+{
+ int ret = -1;
+ virBitmapPtr bitmap;
+
+ if (virBitmapParse("100000000", 0, &bitmap, 20) != -1)
+ goto cleanup;
+
(1) Event alloc_arg: "virBitmapParse(char const *, char, virBitmapPtr
*, size_t)" allocates memory that is stored into "bitmap". [details]
+ if (bitmap)
+ goto cleanup;
+
+ if (virBitmapParse("1-1000000000", 0, &bitmap, 20) != -1)
+ goto cleanup;
+
+ if (bitmap)
+ goto cleanup;
+
+ if (virBitmapParse("1-10^10000000000", 0, &bitmap, 20) != -1)
+ goto cleanup;
+
+ if (bitmap)
+ goto cleanup;
+
+ ret = 0;
+cleanup:
+ return ret;
+
494 cleanup:
(5) Event leaked_storage: Variable "bitmap" going out of scope leaks
the storage it points to.
Also see events: [alloc_arg]
495 return ret;
John
+}
+
static int
mymain(void)
{
@@ -485,6 +517,8 @@ mymain(void)
ret = -1;
if (virtTestRun("test8", 1, test8, NULL) < 0)
ret = -1;
+ if (virtTestRun("test9", 1, test9, NULL) < 0)
+ ret = -1;
return ret;
}