Commit 2420f7ae authored by Simon McVittie's avatar Simon McVittie

Add a test-case for CVE-2013-2168

Reviewed-by: Thiago Macieira's avatarThiago Macieira <thiago@kde.org>
[build system adjusted to compile it even if we don't have GLib -smcv]
parent 954d75b2
......@@ -81,6 +81,10 @@ shell_test_LDADD = libdbus-testutils.la
spawn_test_CPPFLAGS = $(static_cppflags)
spawn_test_LDADD = $(top_builddir)/dbus/libdbus-internal.la
test_printf_SOURCES = internals/printf.c
test_printf_CPPFLAGS = $(static_cppflags)
test_printf_LDADD = $(top_builddir)/dbus/libdbus-internal.la
test_refs_SOURCES = internals/refs.c
test_refs_CPPFLAGS = $(static_cppflags)
test_refs_LDADD = libdbus-testutils.la $(GLIB_LIBS)
......@@ -97,6 +101,7 @@ testexec_PROGRAMS =
installable_tests = \
shell-test \
test-printf \
$(NULL)
if DBUS_WITH_GLIB
......
/* Regression test for _dbus_printf_string_upper_bound
*
* Author: Simon McVittie <simon.mcvittie@collabora.co.uk>
* Copyright © 2013 Intel Corporation
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include <config.h>
#define DBUS_COMPILATION /* this test uses libdbus-internal */
#include <dbus/dbus.h>
#include <dbus/dbus-internals.h>
#include <dbus/dbus-string.h>
#include "test-utils.h"
#include <stdio.h>
#include <stdlib.h>
static void
do_test (int minimum,
const char *format,
...)
{
va_list ap;
int result;
va_start (ap, format);
result = _dbus_printf_string_upper_bound (format, ap);
va_end (ap);
if (result < minimum)
{
fprintf (stderr, "expected at least %d, got %d\n", minimum, result);
abort ();
}
}
#define X_TIMES_8 "XXXXXXXX"
#define X_TIMES_16 X_TIMES_8 X_TIMES_8
#define X_TIMES_32 X_TIMES_16 X_TIMES_16
#define X_TIMES_64 X_TIMES_32 X_TIMES_32
#define X_TIMES_128 X_TIMES_64 X_TIMES_64
#define X_TIMES_256 X_TIMES_128 X_TIMES_128
#define X_TIMES_512 X_TIMES_256 X_TIMES_256
#define X_TIMES_1024 X_TIMES_512 X_TIMES_512
int
main (int argc,
char **argv)
{
char buf[] = X_TIMES_1024 X_TIMES_1024 X_TIMES_1024 X_TIMES_1024;
int i;
do_test (1, "%d", 0);
do_test (7, "%d", 1234567);
do_test (3, "%f", 3.5);
do_test (0, "%s", "");
do_test (1024, "%s", X_TIMES_1024);
do_test (1025, "%s", X_TIMES_1024 "Y");
for (i = 4096; i > 0; i--)
{
buf[i] = '\0';
do_test (i, "%s", buf);
do_test (i + 3, "%s:%d", buf, 42);
}
return 0;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment