From 5f7fe78d1119fd068e8c932bb0ea321b31088787 Mon Sep 17 00:00:00 2001
From: Michael Drake <tlsa@netsurf-browser.org>
Date: Fri, 28 Mar 2014 08:17:54 +0000
Subject: Add test for memmove beyond buffer length, in
 parserutils_buffer_discard.

---
 test/regression/INDEX            |  1 +
 test/regression/Makefile         |  4 ++-
 test/regression/buffer-discard.c | 67 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 71 insertions(+), 1 deletion(-)
 create mode 100644 test/regression/buffer-discard.c

(limited to 'test')

diff --git a/test/regression/INDEX b/test/regression/INDEX
index f6de6cf..63e1a3b 100644
--- a/test/regression/INDEX
+++ b/test/regression/INDEX
@@ -5,3 +5,4 @@
 filter-segv	Segfault in input filtering
 stream-nomem	Inputstream buffer expansion
 filter-badenc-segv	Segfault on resetting bad encoding in filter
+buffer-discard	Memmove beyond data length
diff --git a/test/regression/Makefile b/test/regression/Makefile
index c83de62..cf6acee 100644
--- a/test/regression/Makefile
+++ b/test/regression/Makefile
@@ -1,6 +1,8 @@
 # Tests
 DIR_TEST_ITEMS := filter-segv:filter-segv.c \
-	stream-nomem:stream-nomem.c filter-badenc-segv:filter-badenc-segv.c
+	stream-nomem:stream-nomem.c \
+	filter-badenc-segv:filter-badenc-segv.c \
+	buffer-discard:buffer-discard.c
 
 CFLAGS := $(CFLAGS) -I$(CURDIR)/test
 
diff --git a/test/regression/buffer-discard.c b/test/regression/buffer-discard.c
new file mode 100644
index 0000000..d3eefb8
--- /dev/null
+++ b/test/regression/buffer-discard.c
@@ -0,0 +1,67 @@
+#include <stdio.h>
+#include <string.h>
+
+#include <parserutils/parserutils.h>
+#include <parserutils/utils/buffer.h>
+
+#include "utils/utils.h"
+
+#include "testutils.h"
+
+#define BUFF_LEN 2000
+
+int main(int argc, char **argv)
+{
+	uint8_t data[BUFF_LEN];
+	parserutils_buffer *buf;
+	int i;
+
+	UNUSED(argc);
+	UNUSED(argv);
+
+	assert(parserutils_buffer_create(&buf) == PARSERUTILS_OK);
+
+	/* Populate the data with '4's */
+	for (i = 0; i < BUFF_LEN; i++)
+		data[i] = '4';
+
+	assert(parserutils_buffer_append(buf, data, BUFF_LEN) ==
+			PARSERUTILS_OK);
+
+	/* Double the size, appending 'c's */
+	for (i = 0; i < BUFF_LEN; i++)
+		data[i] = 'c';
+
+	assert(parserutils_buffer_append(buf, data, BUFF_LEN) ==
+			PARSERUTILS_OK);
+	assert(buf->length == 2 * BUFF_LEN);
+
+	/* Now reduce the length by half */
+	/* Buffer length is all '4's now */
+	buf->length = BUFF_LEN;
+
+	/* Now discard half of the 4s from the middle of the buffer */
+	assert(parserutils_buffer_discard(buf, BUFF_LEN / 4, BUFF_LEN / 2) ==
+			PARSERUTILS_OK);
+
+	/* Now check that the length is what we expect */
+	assert(buf->length == BUFF_LEN / 2);
+
+	/* Now check that the buffer contains what we expect */
+	for (i = 0; i < BUFF_LEN / 2; i++)
+		assert(buf->data[i] == '4');
+
+	/* Now check that the space we allocated beyond the buffer length is
+	 * as we expect, and not overwritten with 'c', which should be beyond
+	 * what the buffer_ code is allowed to move. */
+	for (i = BUFF_LEN / 2; i < BUFF_LEN; i++)
+		assert(buf->data[i] != 'c');
+	
+
+	assert(parserutils_buffer_destroy(buf) == PARSERUTILS_OK);
+
+	printf("PASS\n");
+
+	return 0;
+}
+
-- 
cgit v1.2.3