From a9416dc62c36079b93b4951c894a0b15e53bb38c Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Fri, 3 Mar 2017 13:32:46 +0100 Subject: [PATCH] tests: Cover input visit beyond end of list When you try to visit beyond the end of a list, the qobject input visitor crashes, and the string visitor screws returns garbage. The generated list visits never go beyond the list end, but manual visits could. Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake Message-Id: <1488544368-30622-27-git-send-email-armbru@redhat.com> --- tests/test-opts-visitor.c | 39 ++++++++++++++++++++++++++++++ tests/test-qobject-input-visitor.c | 10 ++++++++ tests/test-string-input-visitor.c | 16 ++++++++++++ 3 files changed, 65 insertions(+) diff --git a/tests/test-opts-visitor.c b/tests/test-opts-visitor.c index b93fd330a8..2238f8efe5 100644 --- a/tests/test-opts-visitor.c +++ b/tests/test-opts-visitor.c @@ -210,6 +210,43 @@ test_opts_range_unvisited(void) qemu_opts_del(opts); } +static void +test_opts_range_beyond(void) +{ + Error *err = NULL; + intList *list = NULL; + intList *tail; + QemuOpts *opts; + Visitor *v; + int64_t val; + + opts = qemu_opts_parse(qemu_find_opts("userdef"), "ilist=0", false, + &error_abort); + + v = opts_visitor_new(opts); + + visit_start_struct(v, NULL, NULL, 0, &error_abort); + + /* Would be simpler if the visitor genuinely supported virtual walks */ + visit_start_list(v, "ilist", (GenericList **)&list, sizeof(*list), + &error_abort); + tail = list; + visit_type_int(v, NULL, &tail->value, &error_abort); + g_assert_cmpint(tail->value, ==, 0); + tail = (intList *)visit_next_list(v, (GenericList *)tail, sizeof(*tail)); + g_assert(!tail); + visit_type_int(v, NULL, &val, &err); + error_free_or_abort(&err); + visit_end_list(v, (void **)&list); + + visit_check_struct(v, &error_abort); + visit_end_struct(v, NULL); + + qapi_free_intList(list); + visit_free(v); + qemu_opts_del(opts); +} + int main(int argc, char **argv) { @@ -303,6 +340,8 @@ main(int argc, char **argv) g_test_add_func("/visitor/opts/range/unvisited", test_opts_range_unvisited); + g_test_add_func("/visitor/opts/range/beyond", + test_opts_range_beyond); g_test_run(); return 0; diff --git a/tests/test-qobject-input-visitor.c b/tests/test-qobject-input-visitor.c index 87d4a77e4a..8011baaa38 100644 --- a/tests/test-qobject-input-visitor.c +++ b/tests/test-qobject-input-visitor.c @@ -948,6 +948,16 @@ static void test_visitor_in_fail_list(TestInputVisitorData *data, visit_check_list(v, &err); error_free_or_abort(&err); visit_end_list(v, NULL); + + /* Visit beyond end of list */ + v = visitor_input_test_init(data, "[]"); + + visit_start_list(v, NULL, NULL, 0, &error_abort); +#if 0 /* FIXME crash */ + visit_type_int(v, NULL, &i64, &err); + error_free_or_abort(&err); +#endif + visit_end_list(v, NULL); } static void test_visitor_in_fail_list_nested(TestInputVisitorData *data, diff --git a/tests/test-string-input-visitor.c b/tests/test-string-input-visitor.c index fbe380acbe..6db850bc89 100644 --- a/tests/test-string-input-visitor.c +++ b/tests/test-string-input-visitor.c @@ -123,6 +123,7 @@ static void test_visitor_in_intList(TestInputVisitorData *data, int64List *res = NULL; int64List *tail; Visitor *v; + int64_t val; /* Valid lists */ @@ -175,6 +176,21 @@ static void test_visitor_in_intList(TestInputVisitorData *data, visit_end_list(v, (void **)&res); qapi_free_int64List(res); + + /* Visit beyond end of list */ + v = visitor_input_test_init(data, "0"); + + visit_start_list(v, NULL, (GenericList **)&res, sizeof(*res), + &error_abort); + tail = res; + visit_type_int64(v, NULL, &tail->value, &err); + g_assert_cmpint(tail->value, ==, 0); + visit_type_int64(v, NULL, &val, &err); + g_assert_cmpint(val, ==, 1); /* BUG */ + visit_check_list(v, &error_abort); + visit_end_list(v, (void **)&res); + + qapi_free_int64List(res); } static void test_visitor_in_bool(TestInputVisitorData *data, -- 2.39.2