On 08/16/2013 06:32 AM, Peter Krempa wrote:
> Previous patch fixed an issue where when parsing a bitmap from the a
> string the bounds of the bitmap weren't checked. That flaw resulted into
> crashes. This test tests that case to avoid it in the future.
> ---
> tests/virbitmaptest.c | 34 ++++++++++++++++++++++++++++++++++
> 1 file changed, 34 insertions(+)
>
> diff --git a/tests/virbitmaptest.c b/tests/virbitmaptest.c
> index 8cfd8b5..c56d6fa 100644
> --- a/tests/virbitmaptest.c
> +++ b/tests/virbitmaptest.c
> @@ -464,6 +464,38 @@ cleanup:
> return ret;
> }
>
(just getting back from PTO :-))
Coverity found 3 RESOURCE_LEAK issues - all related though... Looks
like you're missing a "virBitmapFree(bitmap);"
> +
> +/* test out of bounds conditions on virBitmapParse */
> +static int
> +test9(const void *opaque ATTRIBUTE_UNUSED)
> +{
> + int ret = -1;
> + virBitmapPtr bitmap;
> +
> + if (virBitmapParse("100000000", 0, &bitmap, 20) != -1)
> + goto cleanup;
> +
(1) Event alloc_arg: "virBitmapParse(char const *, char, virBitmapPtr
*, size_t)" allocates memory that is stored into "bitmap". [details]
> + if (bitmap)
> + goto cleanup;
> +
> + if (virBitmapParse("1-1000000000", 0, &bitmap, 20) != -1)
> + goto cleanup;
> +
> + if (bitmap)
> + goto cleanup;
> +
> + if (virBitmapParse("1-10^10000000000", 0, &bitmap, 20) != -1)
> + goto cleanup;
> +
> + if (bitmap)
> + goto cleanup;
> +
> + ret = 0;
> +cleanup:
> + return ret;
> +
494 cleanup:
(5) Event leaked_storage: Variable "bitmap" going out of scope leaks
the storage it points to.
Also see events: [alloc_arg]
495 return ret;
John
> +}
> +
> static int
> mymain(void)
> {
> @@ -485,6 +517,8 @@ mymain(void)
> ret = -1;
> if (virtTestRun("test8", 1, test8, NULL) < 0)
> ret = -1;
> + if (virtTestRun("test9", 1, test9, NULL) < 0)
> + ret = -1;
>
> return ret;
> }
>
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list