thodg/libgit2/tests/delta/apply.c

• Show log

  Commit

• Hash : 24597812
  Author :
  Date : 2018-06-29T09:11:02
  

  delta: fix out-of-bounds read of delta
  
  When computing the offset and length of the delta base, we repeatedly
  increment the `delta` pointer without checking whether we have advanced
  past its end already, which can thus result in an out-of-bounds read.
  Fix this by repeatedly checking whether we have reached the end. Add a
  test which would cause Valgrind to produce an error.
  
  Reported-by: Riccardo Schirone <rschiron@redhat.com>
  Test-provided-by: Riccardo Schirone <rschiron@redhat.com>
  

Download

• tests/delta/apply.c

• #include "clar_libgit2.h"
  
  #include "delta.h"
  
  void test_delta_apply__read_at_off(void)
  {
  	unsigned char base[16] = { 0 }, delta[] = { 0x10, 0x10, 0xff, 0xff, 0xff, 0xff, 0xff, 0x10, 0x00, 0x00 };
  	void *out;
  	size_t outlen;
  
  	cl_git_fail(git_delta_apply(&out, &outlen, base, sizeof(base), delta, sizeof(delta)));
  }
  
  void test_delta_apply__read_after_limit(void)
  {
  	unsigned char base[16] = { 0 }, delta[] = { 0x10, 0x70, 0xff };
  	void *out;
  	size_t outlen;
  
  	cl_git_fail(git_delta_apply(&out, &outlen, base, sizeof(base), delta, sizeof(delta)));
  }
  

Download