b2e5d75d17
When the "ab/various-leak-fixes" topic was merged in [1] only t6021 would fail if the tests were run in the "GIT_TEST_PASSING_SANITIZE_LEAK=check" mode, i.e. to check whether we marked all leak-free tests with "TEST_PASSES_SANITIZE_LEAK=true". Since then we've had various tests starting to pass under SANITIZE=leak. Let's mark those as passing, this is when they started to pass, narrowed down with "git bisect": - t5317-pack-objects-filter-objects.sh: Infaebba436e
(list-objects-filter: plug pattern_list leak, 2022-12-01). - t3210-pack-refs.sh, t5613-info-alternate.sh, t7403-submodule-sync.sh: In189e97bc4b
(diff: remove parseopts member from struct diff_options, 2022-12-01). - t1408-packed-refs.sh: Inab91f6b7c4
(Merge branch 'rs/diff-parseopts', 2022-12-19). - t0023-crlf-am.sh, t4152-am-subjects.sh, t4254-am-corrupt.sh, t4256-am-format-flowed.sh, t4257-am-interactive.sh, t5403-post-checkout-hook.sh: Ina658e881c1
(am: don't pass strvec to apply_parse_options(), 2022-12-13) - t1301-shared-repo.sh, t1302-repo-version.sh: Inb07a819c05
(reflog: clear leftovers in reflog_expiry_cleanup(), 2022-12-13). - t1304-default-acl.sh, t1410-reflog.sh, t5330-no-lazy-fetch-with-commit-graph.sh, t5502-quickfetch.sh, t5604-clone-reference.sh, t6014-rev-list-all.sh, t7701-repack-unpack-unreachable.sh: Inb0c61be320
(Merge branch 'rs/reflog-expiry-cleanup', 2022-12-26) - t3800-mktag.sh, t5302-pack-index.sh, t5306-pack-nobase.sh, t5573-pull-verify-signatures.sh, t7612-merge-verify-signatures.sh: In69bbbe484b
(hash-object: use fsck for object checks, 2023-01-18). - t1451-fsck-buffer.sh: In8e4309038f
(fsck: do not assume NUL-termination of buffers, 2023-01-19). - t6501-freshen-objects.sh: Inabf2bb895b
(Merge branch 'jk/hash-object-fsck', 2023-01-30) 1.9ea1378d04
(Merge branch 'ab/various-leak-fixes', 2022-12-14) Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
143 lines
3.9 KiB
Bash
Executable File
143 lines
3.9 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
test_description='fsck on buffers without NUL termination
|
|
|
|
The goal here is to make sure that the various fsck parsers never look
|
|
past the end of the buffer they are given, even when encountering broken
|
|
or truncated objects.
|
|
|
|
We have to use "hash-object" for this because most code paths that read objects
|
|
append an extra NUL for safety after the buffer. But hash-object, since it is
|
|
reading straight from a file (and possibly even mmap-ing it) cannot always do
|
|
so.
|
|
|
|
These tests _might_ catch such overruns in normal use, but should be run with
|
|
ASan or valgrind for more confidence.
|
|
'
|
|
|
|
TEST_PASSES_SANITIZE_LEAK=true
|
|
. ./test-lib.sh
|
|
|
|
# the general idea for tags and commits is to build up the "base" file
|
|
# progressively, and then test new truncations on top of it.
|
|
reset () {
|
|
test_expect_success 'reset input to empty' '
|
|
>base
|
|
'
|
|
}
|
|
|
|
add () {
|
|
content="$1"
|
|
type=${content%% *}
|
|
test_expect_success "add $type line" '
|
|
echo "$content" >>base
|
|
'
|
|
}
|
|
|
|
check () {
|
|
type=$1
|
|
fsck=$2
|
|
content=$3
|
|
test_expect_success "truncated $type ($fsck, \"$content\")" '
|
|
# do not pipe into hash-object here; we want to increase
|
|
# the chance that it uses a fixed-size buffer or mmap,
|
|
# and a pipe would be read into a strbuf.
|
|
{
|
|
cat base &&
|
|
echo "$content"
|
|
} >input &&
|
|
test_must_fail git hash-object -t "$type" input 2>err &&
|
|
grep "$fsck" err
|
|
'
|
|
}
|
|
|
|
test_expect_success 'create valid objects' '
|
|
git commit --allow-empty -m foo &&
|
|
commit=$(git rev-parse --verify HEAD) &&
|
|
tree=$(git rev-parse --verify HEAD^{tree})
|
|
'
|
|
|
|
reset
|
|
check commit missingTree ""
|
|
check commit missingTree "tr"
|
|
check commit missingTree "tree"
|
|
check commit badTreeSha1 "tree "
|
|
check commit badTreeSha1 "tree 1234"
|
|
add "tree $tree"
|
|
|
|
# these expect missingAuthor because "parent" is optional
|
|
check commit missingAuthor ""
|
|
check commit missingAuthor "par"
|
|
check commit missingAuthor "parent"
|
|
check commit badParentSha1 "parent "
|
|
check commit badParentSha1 "parent 1234"
|
|
add "parent $commit"
|
|
|
|
check commit missingAuthor ""
|
|
check commit missingAuthor "au"
|
|
check commit missingAuthor "author"
|
|
ident_checks () {
|
|
check $1 missingEmail "$2 "
|
|
check $1 missingEmail "$2 name"
|
|
check $1 badEmail "$2 name <"
|
|
check $1 badEmail "$2 name <email"
|
|
check $1 missingSpaceBeforeDate "$2 name <email>"
|
|
check $1 badDate "$2 name <email> "
|
|
check $1 badDate "$2 name <email> 1234"
|
|
check $1 badTimezone "$2 name <email> 1234 "
|
|
check $1 badTimezone "$2 name <email> 1234 +"
|
|
}
|
|
ident_checks commit author
|
|
add "author name <email> 1234 +0000"
|
|
|
|
check commit missingCommitter ""
|
|
check commit missingCommitter "co"
|
|
check commit missingCommitter "committer"
|
|
ident_checks commit committer
|
|
add "committer name <email> 1234 +0000"
|
|
|
|
reset
|
|
check tag missingObject ""
|
|
check tag missingObject "obj"
|
|
check tag missingObject "object"
|
|
check tag badObjectSha1 "object "
|
|
check tag badObjectSha1 "object 1234"
|
|
add "object $commit"
|
|
|
|
check tag missingType ""
|
|
check tag missingType "ty"
|
|
check tag missingType "type"
|
|
check tag badType "type "
|
|
check tag badType "type com"
|
|
add "type commit"
|
|
|
|
check tag missingTagEntry ""
|
|
check tag missingTagEntry "ta"
|
|
check tag missingTagEntry "tag"
|
|
check tag badTagName "tag "
|
|
add "tag foo"
|
|
|
|
check tag missingTagger ""
|
|
check tag missingTagger "ta"
|
|
check tag missingTagger "tagger"
|
|
ident_checks tag tagger
|
|
|
|
# trees are a binary format and can't use our earlier helpers
|
|
test_expect_success 'truncated tree (short hash)' '
|
|
printf "100644 foo\0\1\1\1\1" >input &&
|
|
test_must_fail git hash-object -t tree input 2>err &&
|
|
grep badTree err
|
|
'
|
|
|
|
test_expect_success 'truncated tree (missing nul)' '
|
|
# these two things are indistinguishable to the parser. The important
|
|
# thing about this is example is that there are enough bytes to
|
|
# make up a hash, and that there is no NUL (and we confirm that the
|
|
# parser does not walk past the end of the buffer).
|
|
printf "100644 a long filename, or a hash with missing nul?" >input &&
|
|
test_must_fail git hash-object -t tree input 2>err &&
|
|
grep badTree err
|
|
'
|
|
|
|
test_done
|