From 7cff7ca10aa28d4b681fb8a1736a4bb2f48484f0 Mon Sep 17 00:00:00 2001
From: Ryan Lortie <desrt@desrt.ca>
Date: Fri, 21 Feb 2014 20:16:13 -0500
Subject: gvdb test: avoid infinite recursion

/gvdb/reader/corrupted/7% was failing when run with random seed
R02S2a7b9704dbb5ea704b0d724329af0fbf.

This is a fuzz test, and it turns out that this particular seed ended up
producing a file that was valid, but contained a self-referential table.

The testcase happily recursed though this table's subtable (itself) and
so on, until it ran out of stack space, causing a crash.

This bug would not impact realworld users of gvdb: these users only ever
recurse through tables a finite number of times.  For dconf, subtables
are not used at all.  For GSettings, each schema is a subtable, but from
within that subtable we only lookup values.
---
 tests/gvdb.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/tests/gvdb.c b/tests/gvdb.c
index 084b422..d054067 100644
--- a/tests/gvdb.c
+++ b/tests/gvdb.c
@@ -267,7 +267,8 @@ test_nested (void)
  * values returned by the API).
  */
 static void
-inspect_carefully (GvdbTable *table)
+inspect_carefully (GvdbTable *table,
+                   gint       level)
 {
   const gchar * key_names[] = {
     "/", "/values/", "/int32", "values/int32",
@@ -279,6 +280,9 @@ inspect_carefully (GvdbTable *table)
   gint n_names;
   gint i;
 
+  if (level > 100)
+    return;
+
   found_items = 0;
   for (i = 0; key_names[i]; i++)
     {
@@ -323,7 +327,7 @@ inspect_carefully (GvdbTable *table)
       g_assert (!has || subtable == NULL);
       if (subtable)
         {
-          inspect_carefully (subtable);
+          inspect_carefully (subtable, level + 1);
           gvdb_table_free (subtable);
           found_items++;
         }
@@ -380,7 +384,7 @@ test_corrupted (gconstpointer user_data)
           /* If we damaged the header, it may not open */
           if (table)
             {
-              inspect_carefully (table);
+              inspect_carefully (table, 0);
               gvdb_table_free (table);
             }
           else
@@ -404,7 +408,7 @@ test_corrupted (gconstpointer user_data)
       g_assert_no_error (error);
       g_assert (table);
 
-      inspect_carefully (table);
+      inspect_carefully (table, 0);
       gvdb_table_free (table);
     }
 
-- 
cgit v1.2.1