Commit a0a8b6b5 authored by Hanspeter Portner's avatar Hanspeter Portner

cov: api_forge.c buffer overflows.

parent 33ab17e3
Pipeline #8175562 passed with stages
in 5 minutes and 47 seconds
......@@ -344,6 +344,7 @@ if(BUILD_TESTING)
install(FILES ${PROJECT_BINARY_DIR}/manual.html DESTINATION ${PLUGIN_DEST})
add_test(NAME API-Test COMMAND ${WINE} ${QEMU} moony_test ${PROJECT_SOURCE_DIR}/test/moony_test.lua)
add_test(NAME Overflow-Test COMMAND ${WINE} ${QEMU} moony_test ${PROJECT_SOURCE_DIR}/test/moony_overflow.lua 0)
add_test(NAME Manual-Test COMMAND ${WINE} ${QEMU} moony_test ${PROJECT_SOURCE_DIR}/test/moony_manual.lua)
add_test(NAME Presets-Test COMMAND ${WINE} ${QEMU} moony_test ${PROJECT_SOURCE_DIR}/test/moony_presets.lua)
endif()
#!/bin/sh
rm -f *.profraw *.profdata
LLVM_PROFILE_FILE=moony_test.profraw ./moony_test ../test/moony_test.lua
LLVM_PROFILE_FILE=moony_overflow.profraw ./moony_test ../test/moony_overflow.lua 0
LLVM_PROFILE_FILE=moony_manual.profraw ./moony_test ../test/moony_manual.lua
LLVM_PROFILE_FILE=moony_presets.profraw ./moony_test ../test/moony_presets.lua
llvm-profdata merge -sparse *.profraw -o moony.profdata
for file in ../api/api_*.c;
do
llvm-cov $1 ./moony_test -instr-profile=moony.profdata $file;
done
llvm-cov $1 ./moony_test -instr-profile=moony.profdata
-- Overflow
print('[test] Overflow')
do
local catches = {
function(forge)
forge:int(0)
end,
function(forge)
forge:long(0)
end,
function(forge)
forge:bool(false)
end,
function(forge)
forge:float(0.0)
end,
function(forge)
forge:double(0.0)
end,
function(forge)
forge:string('')
end,
function(forge)
forge:uri('')
end,
function(forge)
forge:path('')
end,
function(forge)
forge:literal('')
end,
function(forge)
forge:chunk(0x1)
end,
function(forge)
forge:midi(0x1)
end,
function(forge)
forge:raw(1, '')
end,
function(forge)
local io = Stash():read()
forge:atom(io)
end,
function(forge)
forge:urid(1, Param.sampleRate)
end,
function(forge)
forge:timetag(0.1)
end,
function(forge)
forge:char(0)
end,
function(forge)
forge:impulse()
end,
function(forge)
forge:rgba(0)
end,
function(forge)
forge:time('hello')
end,
function(forge)
forge:time(0.1)
end,
function(forge)
forge:time(0)
end,
function(forge)
forge:vector(Atom.Int):int(1):pop()
end,
function(forge)
forge:vector(Atom.Int, 1, 2)
end,
function(forge)
forge:vector(Atom.Int, {1, 2})
end,
function(forge)
forge:vector(Atom.String)
end,
function(forge)
forge:object():pop()
end,
function(forge)
forge:key(1)
end,
function(forge)
forge:tuple():pop()
end,
function(forge)
forge:sequence():pop()
end,
function(forge)
forge:message('/hello', '')
end,
function(forge)
forge:bundle()
end,
function(forge)
forge:get()
end,
function(forge)
forge:set(Param.sampleRate):pop()
end,
function(forge)
forge:put():pop()
end,
function(forge)
forge:patch():pop()
end,
function(forge)
forge:add():pop()
end,
function(forge)
forge:remove():pop()
end,
function(forge)
forge:ack(1):pop()
end,
function(forge)
forge:error(1):pop()
end,
function(forge)
forge:delete(1)
end,
function(forge)
forge:copy(1, 2)
end,
function(forge)
forge:move(1, 2)
end,
function(forge)
forge:insert(1):pop()
end,
function(forge)
forge:graph():pop()
end,
function(forge)
forge:beginPath()
end,
function(forge)
forge:closePath()
end,
function(forge)
forge:arc(0, 0, 0, 0, 0)
end,
function(forge)
forge:curveTo(0, 0, 0, 0, 0, 0)
end,
function(forge)
forge:lineTo(0, 0)
end,
function(forge)
forge:moveTo(0, 0)
end,
function(forge)
forge:rectangle(0, 0, 0, 0)
end,
function(forge)
forge:style(0)
end,
function(forge)
forge:lineWidth(0)
end,
function(forge)
forge:lineDash(0, 0)
end,
function(forge)
forge:lineCap(0, 0)
end,
function(forge)
forge:lineJoin(0, 0)
end,
function(forge)
forge:miterLimit(0)
end,
function(forge)
forge:stroke()
end,
function(forge)
forge:fill()
end,
function(forge)
forge:clip()
end,
function(forge)
forge:save()
end,
function(forge)
forge:restore()
end,
function(forge)
forge:translate(0, 0)
end,
function(forge)
forge:scale(0, 0)
end,
function(forge)
forge:rotate(0)
end,
function(forge)
forge:reset()
end,
function(forge)
forge:fontSize(0)
end,
function(forge)
forge:fillText('hello')
end,
function(forge)
forge:read()
end,
function(forge)
forge:write()
end,
}
local function producer(forge)
for i, v in ipairs(catches) do
print(i, v)
local stat, err = pcall(v, forge)
assert(stat == false)
end
end
local function consumer(seq)
-- nothing
end
test(producer, consumer)
end
......@@ -50,6 +50,7 @@ __non_realtime static int
_test(lua_State *L)
{
handle_t *handle = lua_touserdata(L, lua_upvalueindex(1));
const size_t buf_size = lua_tointeger(L, lua_upvalueindex(2));
if(!lua_isfunction(L, 1) || !lua_isfunction(L, 2))
{
......@@ -61,7 +62,7 @@ _test(lua_State *L)
LV2_Atom_Forge_Frame frame;
// produce events
lv2_atom_forge_set_buffer(forge, handle->buf, BUF_SIZE);
lv2_atom_forge_set_buffer(forge, handle->buf, buf_size);
lv2_atom_forge_sequence_head(forge, &frame, 0);
{
lua_pushvalue(L, 1); // producer
......@@ -79,7 +80,7 @@ _test(lua_State *L)
lv2_atom_forge_pop(forge, &frame);
// consume events
lv2_atom_forge_set_buffer(forge, handle->buf2, BUF_SIZE);
lv2_atom_forge_set_buffer(forge, handle->buf2, buf_size);
lv2_atom_forge_sequence_head(forge, &frame, 0);
{
lua_pushvalue(L, 2); // consumer
......@@ -295,9 +296,14 @@ main(int argc, char **argv)
lv2_atom_forge_init(&handle.forge, &map);
const size_t buf_size = argc > 2
? atoi(argv[2])
: BUF_SIZE;
// register test function
lua_pushlightuserdata(L, &handle);
lua_pushcclosure(L, _test, 1);
lua_pushinteger(L, buf_size);
lua_pushcclosure(L, _test, 2);
lua_setglobal(L, "test");
const int ret = luaL_dofile(L, argv[1]); // wraps around lua_pcall
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment