Skip to content

Commit 60930f4

Browse files
jwangtbeu
jwang
authored and
tbeu
committed
adding unit tests and fixing same overflow issue in hpp files
1 parent b3dfe28 commit 60930f4

File tree

3 files changed

+37
-1
lines changed

3 files changed

+37
-1
lines changed

include/msgpack/v1/vrefbuffer.hpp

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,12 @@ class vrefbuffer {
7171
m_end = array + nfirst;
7272
m_array = array;
7373

74+
75+
if((sizeof(chunk) + chunk_size) < chunk_size){
76+
throw std::bad_alloc();
77+
}
78+
79+
7480
chunk* c = static_cast<chunk*>(::malloc(sizeof(chunk) + chunk_size));
7581
if(!c) {
7682
::free(array);
@@ -141,7 +147,11 @@ class vrefbuffer {
141147
if(sz < len) {
142148
sz = len;
143149
}
144-
150+
151+
if(sizeof(chunk) + sz < sz){
152+
throw std::bad_alloc();
153+
}
154+
145155
chunk* c = static_cast<chunk*>(::malloc(sizeof(chunk) + sz));
146156
if(!c) {
147157
throw std::bad_alloc();
@@ -183,6 +193,10 @@ class vrefbuffer {
183193
{
184194
size_t sz = m_chunk_size;
185195

196+
if((sizeof(chunk) + sz) < sz){
197+
throw std::bad_alloc();
198+
}
199+
186200
chunk* empty = static_cast<chunk*>(::malloc(sizeof(chunk) + sz));
187201
if(!empty) {
188202
throw std::bad_alloc();

test/msgpack_c.cpp

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1352,3 +1352,16 @@ TEST(MSGPACKC, unpack_array_uint64)
13521352
EXPECT_EQ(0xFFF0000000000001LL, obj.via.array.ptr[0].via.u64);
13531353
msgpack_zone_destroy(&z);
13541354
}
1355+
1356+
1357+
TEST(MSGPACKC, vreff_buffer_overflow)
1358+
{
1359+
msgpack_vrefbuffer vbuf;
1360+
msgpack_vrefbuffer to;
1361+
size_t ref_size = 0;
1362+
size_t len = 0x1000;
1363+
size_t chunk_size = std::numeric_limits<size_t>::max();
1364+
char *buf = (char *)malloc(len);
1365+
EXPECT_FALSE(msgpack_vrefbuffer_init(&vbuf, ref_size, chunk_size));
1366+
EXPECT_EQ(-1, msgpack_vrefbuffer_migrate(&vbuf, &to));
1367+
}

test/msgpack_vref.cpp

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -264,3 +264,12 @@ TEST(MSGPACK, vrefbuffer_small_int64)
264264
msgpack::vrefbuffer vbuf(0, 0);
265265
GEN_TEST_VREF(int64_t, vbuf);
266266
}
267+
268+
TEST(MSGPACK, vref_buffer_overflow)
269+
{
270+
size_t chunk_size = std::numeric_limits<size_t>::max();
271+
char *buf = (char *)malloc(chunk_size);
272+
ASSERT_THROW(msgpack::vrefbuffer vbuf(0, chunk_size), std::bad_alloc);
273+
msgpack::vrefbuffer vbuf(0,0x1000);
274+
ASSERT_THROW(vbuf.append_copy(buf, chunk_size), std::bad_alloc);
275+
}

0 commit comments

Comments
 (0)