diff options
author | Petteri Aimonen <jpa@git.mail.kapsi.fi> | 2016-06-06 21:00:59 +0300 |
---|---|---|
committer | Petteri Aimonen <jpa@git.mail.kapsi.fi> | 2016-06-06 21:00:59 +0300 |
commit | 3af7d0910b9660a270aa3279716596c7d7711671 (patch) | |
tree | 626f7b882fdfbedcdde2505d9afdb7f7d5fc8357 | |
parent | de938076da92b659a4bdac286f0daa0a2f393989 (diff) |
Add testcase for issue #205
-rw-r--r-- | tests/fuzztest/fuzztest.c | 1 | ||||
-rw-r--r-- | tests/regression/issue_205/SConscript | 14 | ||||
-rw-r--r-- | tests/regression/issue_205/size_corruption.c | 12 | ||||
-rw-r--r-- | tests/regression/issue_205/size_corruption.proto | 11 |
4 files changed, 38 insertions, 0 deletions
diff --git a/tests/fuzztest/fuzztest.c b/tests/fuzztest/fuzztest.c index d370172..ee851ec 100644 --- a/tests/fuzztest/fuzztest.c +++ b/tests/fuzztest/fuzztest.c @@ -192,6 +192,7 @@ static bool do_static_encode(uint8_t *buffer, size_t *msglen) assert(stream.bytes_written <= alltypes_static_AllTypes_size); *msglen = stream.bytes_written; + pb_release(alltypes_static_AllTypes_fields, msg); free_with_check(msg); return status; diff --git a/tests/regression/issue_205/SConscript b/tests/regression/issue_205/SConscript new file mode 100644 index 0000000..ed8899d --- /dev/null +++ b/tests/regression/issue_205/SConscript @@ -0,0 +1,14 @@ +# Check that pb_release() correctly handles corrupted size fields of +# static arrays. + +Import('env', 'malloc_env') + +env.NanopbProto('size_corruption') + +p = malloc_env.Program(["size_corruption.c", + "size_corruption.pb.c", + "$COMMON/pb_decode_with_malloc.o", + "$COMMON/pb_common_with_malloc.o", + "$COMMON/malloc_wrappers.o"]) +env.RunTest(p) + diff --git a/tests/regression/issue_205/size_corruption.c b/tests/regression/issue_205/size_corruption.c new file mode 100644 index 0000000..08cef45 --- /dev/null +++ b/tests/regression/issue_205/size_corruption.c @@ -0,0 +1,12 @@ +#include "size_corruption.pb.h" +#include <pb_decode.h> + +int main() +{ + MainMessage msg = MainMessage_init_zero; + msg.bar_count = (pb_size_t)-1; + pb_release(MainMessage_fields, &msg); + + return 0; +} + diff --git a/tests/regression/issue_205/size_corruption.proto b/tests/regression/issue_205/size_corruption.proto new file mode 100644 index 0000000..6c9c245 --- /dev/null +++ b/tests/regression/issue_205/size_corruption.proto @@ -0,0 +1,11 @@ +syntax = "proto2"; +import 'nanopb.proto'; + +message SubMessage { + repeated int32 foo = 1 [(nanopb).type = FT_POINTER]; +} + +message MainMessage { + repeated SubMessage bar = 1 [(nanopb).max_count = 5]; +} + |