diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/fuzztest/fuzztest.c | 1 | ||||
-rw-r--r-- | tests/regression/issue_205/SConscript | 14 | ||||
-rw-r--r-- | tests/regression/issue_205/size_corruption.c | 12 | ||||
-rw-r--r-- | tests/regression/issue_205/size_corruption.proto | 11 |
4 files changed, 38 insertions, 0 deletions
diff --git a/tests/fuzztest/fuzztest.c b/tests/fuzztest/fuzztest.c index d3701724..ee851ec0 100644 --- a/tests/fuzztest/fuzztest.c +++ b/tests/fuzztest/fuzztest.c @@ -192,6 +192,7 @@ static bool do_static_encode(uint8_t *buffer, size_t *msglen) assert(stream.bytes_written <= alltypes_static_AllTypes_size); *msglen = stream.bytes_written; + pb_release(alltypes_static_AllTypes_fields, msg); free_with_check(msg); return status; diff --git a/tests/regression/issue_205/SConscript b/tests/regression/issue_205/SConscript new file mode 100644 index 00000000..ed8899dd --- /dev/null +++ b/tests/regression/issue_205/SConscript @@ -0,0 +1,14 @@ +# Check that pb_release() correctly handles corrupted size fields of +# static arrays. + +Import('env', 'malloc_env') + +env.NanopbProto('size_corruption') + +p = malloc_env.Program(["size_corruption.c", + "size_corruption.pb.c", + "$COMMON/pb_decode_with_malloc.o", + "$COMMON/pb_common_with_malloc.o", + "$COMMON/malloc_wrappers.o"]) +env.RunTest(p) + diff --git a/tests/regression/issue_205/size_corruption.c b/tests/regression/issue_205/size_corruption.c new file mode 100644 index 00000000..08cef457 --- /dev/null +++ b/tests/regression/issue_205/size_corruption.c @@ -0,0 +1,12 @@ +#include "size_corruption.pb.h" +#include <pb_decode.h> + +int main() +{ + MainMessage msg = MainMessage_init_zero; + msg.bar_count = (pb_size_t)-1; + pb_release(MainMessage_fields, &msg); + + return 0; +} + diff --git a/tests/regression/issue_205/size_corruption.proto b/tests/regression/issue_205/size_corruption.proto new file mode 100644 index 00000000..6c9c2453 --- /dev/null +++ b/tests/regression/issue_205/size_corruption.proto @@ -0,0 +1,11 @@ +syntax = "proto2"; +import 'nanopb.proto'; + +message SubMessage { + repeated int32 foo = 1 [(nanopb).type = FT_POINTER]; +} + +message MainMessage { + repeated SubMessage bar = 1 [(nanopb).max_count = 5]; +} + |