diff options
author | Ryan Lortie <desrt@desrt.ca> | 2014-02-21 20:16:13 -0500 |
---|---|---|
committer | Ryan Lortie <desrt@desrt.ca> | 2014-02-21 20:16:13 -0500 |
commit | 7cff7ca10aa28d4b681fb8a1736a4bb2f48484f0 (patch) | |
tree | 8e8ffff233cc1e2f2d0ed17e005cd51f9e65a1b2 | |
parent | 54a490e4d9b5a788fa63011fb6ff73ad1c1ebf80 (diff) | |
download | dconf-7cff7ca10aa28d4b681fb8a1736a4bb2f48484f0.tar.gz |
gvdb test: avoid infinite recursion
/gvdb/reader/corrupted/7% was failing when run with random seed
R02S2a7b9704dbb5ea704b0d724329af0fbf.
This is a fuzz test, and it turns out that this particular seed ended up
producing a file that was valid, but contained a self-referential table.
The testcase happily recursed though this table's subtable (itself) and
so on, until it ran out of stack space, causing a crash.
This bug would not impact realworld users of gvdb: these users only ever
recurse through tables a finite number of times. For dconf, subtables
are not used at all. For GSettings, each schema is a subtable, but from
within that subtable we only lookup values.
-rw-r--r-- | tests/gvdb.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/tests/gvdb.c b/tests/gvdb.c index 084b422..d054067 100644 --- a/tests/gvdb.c +++ b/tests/gvdb.c @@ -267,7 +267,8 @@ test_nested (void) * values returned by the API). */ static void -inspect_carefully (GvdbTable *table) +inspect_carefully (GvdbTable *table, + gint level) { const gchar * key_names[] = { "/", "/values/", "/int32", "values/int32", @@ -279,6 +280,9 @@ inspect_carefully (GvdbTable *table) gint n_names; gint i; + if (level > 100) + return; + found_items = 0; for (i = 0; key_names[i]; i++) { @@ -323,7 +327,7 @@ inspect_carefully (GvdbTable *table) g_assert (!has || subtable == NULL); if (subtable) { - inspect_carefully (subtable); + inspect_carefully (subtable, level + 1); gvdb_table_free (subtable); found_items++; } @@ -380,7 +384,7 @@ test_corrupted (gconstpointer user_data) /* If we damaged the header, it may not open */ if (table) { - inspect_carefully (table); + inspect_carefully (table, 0); gvdb_table_free (table); } else @@ -404,7 +408,7 @@ test_corrupted (gconstpointer user_data) g_assert_no_error (error); g_assert (table); - inspect_carefully (table); + inspect_carefully (table, 0); gvdb_table_free (table); } |