Projects
Mega:24.03:SP1:Everything
expat
_service:tar_scm:backport-CVE-2024-50602-testca...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-CVE-2024-50602-testcase.patch of Package expat
From b3836ff534c7cc78128fe7b935aad3d4353814ed Mon Sep 17 00:00:00 2001 From: Sebastian Pipping <sebastian@pipping.org> Date: Sun, 20 Oct 2024 23:24:27 +0200 Subject: [PATCH 3/3] tests: Cover XML_StopParser's new handling of status XML_INITIALIZED Prior to the fix to XML_StopParser, test test_misc_resumeparser_not_crashing would crash with a NULL pointer dereference in function normal_updatePosition. This was the AddressSanitizer output: > AddressSanitizer:DEADLYSIGNAL > ================================================================= > ==19700==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x5623e07ad85f bp 0x7ffcf40da650 sp 0x7ffcf40da590 T0) > ==19700==The signal is caused by a READ memory access. > ==19700==Hint: address points to the zero page. > #0 0x5623e07ad85f in normal_updatePosition [..]/lib/xmltok_impl.c:1781:13 > #1 0x5623e07a52ff in initUpdatePosition [..]/lib/xmltok.c:1031:3 > #2 0x5623e0762760 in XML_ResumeParser [..]/lib/xmlparse.c:2297:3 > #3 0x5623e074f7c1 in test_misc_resumeparser_not_crashing() misc_tests_cxx.cpp > #4 0x5623e074e228 in srunner_run_all ([..]/build_asan_fuzzers/tests/runtests_cxx+0x136228) > #5 0x5623e0753d2d in main ([..]/build_asan_fuzzers/tests/runtests_cxx+0x13bd2d) > #6 0x7f802a39af79 (/lib64/libc.so.6+0x25f79) > #7 0x7f802a39b034 in __libc_start_main (/lib64/libc.so.6+0x26034) > #8 0x5623e064f340 in _start ([..]/build_asan_fuzzers/tests/runtests_cxx+0x37340) > > AddressSanitizer can not provide additional info. > SUMMARY: AddressSanitizer: SEGV [..]/lib/xmltok_impl.c:1781:13 in normal_updatePosition > ==19700==ABORTING And this the UndefinedBehaviorSanitizer output: > [..]/lib/xmltok_impl.c:1781:13: runtime error: load of null pointer of type 'const char' > SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior [..]/lib/xmltok_impl.c:1781:13 in --- tests/runtests.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/tests/runtests.c b/tests/runtests.c index 4649359..2c88c7f 100644 --- a/tests/runtests.c +++ b/tests/runtests.c @@ -8207,6 +8207,35 @@ START_TEST(test_misc_tag_mismatch_reset_leak) { } END_TEST +START_TEST(test_misc_resumeparser_not_crashing) { + XML_Parser parser = XML_ParserCreate(NULL); + XML_GetBuffer(parser, 1); + XML_StopParser(parser, /*resumable=*/XML_TRUE); + XML_ResumeParser(parser); // could crash here, previously + XML_ParserFree(parser); +} +END_TEST + +START_TEST(test_misc_stopparser_rejects_unstarted_parser) { + const XML_Bool cases[] = {XML_TRUE, XML_FALSE}; + for (size_t i = 0; i < sizeof(cases) / sizeof(cases[0]); i++) { + const XML_Bool resumable = cases[i]; + XML_Parser parser = XML_ParserCreate(NULL); + + if (XML_GetErrorCode(parser) != XML_ERROR_NONE) + fail("There was not supposed to be any initial parse error."); + + if (XML_StopParser(parser, resumable) != XML_STATUS_ERROR) + fail("Attempting to suspend a subordinate parser not faulted."); + + if (XML_GetErrorCode(parser) != XML_ERROR_NOT_STARTED) + fail("parser not started."); + XML_ParserFree(parser); + } +} +END_TEST + + static void alloc_setup(void) { XML_Memory_Handling_Suite memsuite = {duff_allocator, duff_reallocator, free}; @@ -12707,6 +12736,8 @@ make_suite(void) { tcase_add_test__ifdef_xml_dtd( tc_misc, test_misc_deny_internal_entity_closing_doctype_issue_317); tcase_add_test(tc_misc, test_misc_tag_mismatch_reset_leak); + tcase_add_test(tc_misc, test_misc_resumeparser_not_crashing); + tcase_add_test(tc_misc, test_misc_stopparser_rejects_unstarted_parser); suite_add_tcase(s, tc_alloc); tcase_add_checked_fixture(tc_alloc, alloc_setup, alloc_teardown); -- 2.27.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2