[PATCH 2/2] t-prio-queue: check result array bounds

René Scharfe <l.s.r@xxxxxx> · Sat, 16 Mar 2024 22:09:47 +0100

Avoid reading past the end of the "result" array, which could otherwise
happen if the prio-queue were to yield more items than were put into it
due to an implementation bug, or if the array has not enough entries due
to a test bug.

Also check at the end whether all "result" entries were consumed, which
would not be the case if the prio-queue forgot some entries or the test
definition contained too many.

Signed-off-by: René Scharfe <l.s.r@xxxxxx>
---
 t/unit-tests/t-prio-queue.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/t/unit-tests/t-prio-queue.c b/t/unit-tests/t-prio-queue.c
index 616d0fc86f..5358346361 100644
--- a/t/unit-tests/t-prio-queue.c
+++ b/t/unit-tests/t-prio-queue.c
@@ -19,11 +19,13 @@ static int show(int *v)
 	return v ? *v : MISSING;
 }

-static void test_prio_queue(int *input, int *result, size_t input_size)
+static void test_prio_queue(int *input, size_t input_size,
+			    int *result, size_t result_size)
 {
 	struct prio_queue pq = { intcmp };
+	int j = 0;

-	for (int i = 0, j = 0; i < input_size; i++) {
+	for (int i = 0; i < input_size; i++) {
 		void *peek, *get;
 		switch(input[i]) {
 		case GET:
@@ -31,6 +33,8 @@ static void test_prio_queue(int *input, int *result, size_t input_size)
 			get = prio_queue_get(&pq);
 			if (!check(peek == get))
 				return;
+			if (!check_uint(j, <, result_size))
+				break;
 			if (!check_int(result[j], ==, show(get)))
 				test_msg("      j: %d", j);
 			j++;
@@ -40,6 +44,8 @@ static void test_prio_queue(int *input, int *result, size_t input_size)
 				get = prio_queue_get(&pq);
 				if (!check(peek == get))
 					return;
+				if (!check_uint(j, <, result_size))
+					break;
 				if (!check_int(result[j], ==, show(get)))
 					test_msg("      j: %d", j);
 				j++;
@@ -56,6 +62,7 @@ static void test_prio_queue(int *input, int *result, size_t input_size)
 			break;
 		}
 	}
+	check_uint(j, ==, result_size);
 	clear_prio_queue(&pq);
 }

@@ -79,7 +86,8 @@ static void test_prio_queue(int *input, int *result, size_t input_size)
 {								\
 	int input[] = {INPUT};					\
 	int result[] = {RESULT};				\
-	test_prio_queue(input, result, ARRAY_SIZE(input));	\
+	test_prio_queue(input, ARRAY_SIZE(input),		\
+			result, ARRAY_SIZE(result));		\
 }

 TEST_INPUT(BASIC_INPUT, BASIC_RESULT, basic)
--
2.44.0








