Skip to content

Commit 30ff050

Browse files
rscharfegitster
rscharfe
authored and
gitster
committed
t-prio-queue: check result array bounds
Avoid reading past the end of the "result" array, which could otherwise happen if the prio-queue were to yield more items than were put into it due to an implementation bug, or if the array has not enough entries due to a test bug. Also check at the end whether all "result" entries were consumed, which would not be the case if the prio-queue forgot some entries or the test definition contained too many. Signed-off-by: René Scharfe <[email protected]> Signed-off-by: Junio C Hamano <[email protected]>
1 parent e6f9cb7 commit 30ff050

File tree

1 file changed

+11
-3
lines changed

1 file changed

+11
-3
lines changed

t/unit-tests/t-prio-queue.c

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,18 +19,22 @@ static int show(int *v)
1919
return v ? *v : MISSING;
2020
}
2121

22-
static void test_prio_queue(int *input, int *result, size_t input_size)
22+
static void test_prio_queue(int *input, size_t input_size,
23+
int *result, size_t result_size)
2324
{
2425
struct prio_queue pq = { intcmp };
26+
int j = 0;
2527

26-
for (int i = 0, j = 0; i < input_size; i++) {
28+
for (int i = 0; i < input_size; i++) {
2729
void *peek, *get;
2830
switch(input[i]) {
2931
case GET:
3032
peek = prio_queue_peek(&pq);
3133
get = prio_queue_get(&pq);
3234
if (!check(peek == get))
3335
return;
36+
if (!check_uint(j, <, result_size))
37+
break;
3438
if (!check_int(result[j], ==, show(get)))
3539
test_msg(" j: %d", j);
3640
j++;
@@ -40,6 +44,8 @@ static void test_prio_queue(int *input, int *result, size_t input_size)
4044
get = prio_queue_get(&pq);
4145
if (!check(peek == get))
4246
return;
47+
if (!check_uint(j, <, result_size))
48+
break;
4349
if (!check_int(result[j], ==, show(get)))
4450
test_msg(" j: %d", j);
4551
j++;
@@ -56,6 +62,7 @@ static void test_prio_queue(int *input, int *result, size_t input_size)
5662
break;
5763
}
5864
}
65+
check_uint(j, ==, result_size);
5966
clear_prio_queue(&pq);
6067
}
6168

@@ -79,7 +86,8 @@ static void test_prio_queue(int *input, int *result, size_t input_size)
7986
{ \
8087
int input[] = {INPUT}; \
8188
int result[] = {RESULT}; \
82-
test_prio_queue(input, result, ARRAY_SIZE(input)); \
89+
test_prio_queue(input, ARRAY_SIZE(input), \
90+
result, ARRAY_SIZE(result)); \
8391
}
8492

8593
TEST_INPUT(BASIC_INPUT, BASIC_RESULT, basic)

0 commit comments

Comments
 (0)