X-Git-Url: https://git.ozlabs.org/?p=ccan;a=blobdiff_plain;f=ccan%2Ftal%2Ftalloc%2Ftest%2Frun-overflow.c;fp=ccan%2Ftal%2Ftalloc%2Ftest%2Frun-overflow.c;h=c7f9c18f8ea06c8e7f8366b93802f6cbda7457df;hp=0000000000000000000000000000000000000000;hb=3c164cd21a13bd3904117f6a33e06945f0f1850c;hpb=d3cbb4cbbc38c96c3a20a7e4e602be7327f25202

diff --git a/ccan/tal/talloc/test/run-overflow.c b/ccan/tal/talloc/test/run-overflow.c
new file mode 100644
index 00000000..c7f9c18f
--- /dev/null
+++ b/ccan/tal/talloc/test/run-overflow.c
@@ -0,0 +1,100 @@
+#include <ccan/tal/talloc/talloc.h>
+#include <ccan/tal/talloc/talloc.c>
+#include <ccan/tap/tap.h>
+
+static int error_count;
+
+static void my_error(const char *msg)
+{
+	error_count++;
+}
+
+int main(void)
+{
+	void *p;
+	int *pi, *origpi;
+	char *cp;
+
+	plan_tests(30);
+
+	tal_set_backend(NULL, NULL, NULL, my_error);
+	talloc_enable_null_tracking_no_autofree();
+
+	p = tal_arr(NULL, int, (size_t)-1);
+	ok1(!p);
+	ok1(error_count == 1);
+
+	p = tal_arr(NULL, char, (size_t)-2);
+	ok1(!p);
+	ok1(error_count == 2);
+
+	/* Now try overflow cases for tal_dup. */
+	error_count = 0;
+	origpi = tal_arr(NULL, int, 100);
+	ok1(origpi);
+	ok1(error_count == 0);
+	pi = tal_dup(NULL, int, origpi, (size_t)-1, 0);
+	ok1(!pi);
+	ok1(error_count == 1);
+	pi = tal_dup(NULL, int, origpi, 0, (size_t)-1);
+	ok1(!pi);
+	ok1(error_count == 2);
+
+	pi = tal_dup(NULL, int, origpi, (size_t)-1UL / sizeof(int),
+		     (size_t)-1UL / sizeof(int));
+	ok1(!pi);
+	ok1(error_count == 3);
+	/* This will still overflow when tal_hdr is added. */
+	pi = tal_dup(NULL, int, origpi, (size_t)-1UL / sizeof(int) / 2,
+		     (size_t)-1UL / sizeof(int) / 2);
+	ok1(!pi);
+	ok1(error_count == 4);
+	ok1(talloc_total_blocks(NULL) == 2);
+	tal_free(origpi);
+
+	/* Now, check that with taltk() we free old one on failure. */
+	origpi = tal_arr(NULL, int, 100);
+	error_count = 0;
+	pi = tal_dup(NULL, int, take(origpi), (size_t)-1, 0);
+	ok1(!pi);
+	ok1(error_count == 1);
+
+	origpi = tal_arr(NULL, int, 100);
+	error_count = 0;
+	pi = tal_dup(NULL, int, take(origpi), 0, (size_t)-1);
+	ok1(!pi);
+	ok1(error_count == 1);
+	ok1(talloc_total_blocks(NULL) == 1);
+
+	origpi = tal_arr(NULL, int, 100);
+	error_count = 0;
+	pi = tal_dup(NULL, int, take(origpi), (size_t)-1UL / sizeof(int),
+		     (size_t)-1UL / sizeof(int));
+	ok1(!pi);
+	ok1(error_count == 1);
+	ok1(talloc_total_blocks(NULL) == 1);
+
+	origpi = tal_arr(NULL, int, 100);
+	error_count = 0;
+	/* This will still overflow when tal_hdr is added. */
+	pi = tal_dup(NULL, int, take(origpi), (size_t)-1UL / sizeof(int) / 2,
+		     (size_t)-1UL / sizeof(int) / 2);
+	ok1(!pi);
+	ok1(error_count == 1);
+	ok1(talloc_total_blocks(NULL) == 1);
+
+	/* Overflow on expand addition. */
+	cp = tal_arr(p, char, 100);
+	ok1(!tal_expand(&cp, NULL, (size_t)-99UL));
+	ok1(error_count == 2);
+	tal_free(cp);
+
+	/* Overflow when multiplied by size */
+	origpi = tal_arr(NULL, int, 100);
+	ok1(!tal_expand(&origpi, NULL, (size_t)-1UL / sizeof(int)));
+	ok1(error_count == 3);
+	tal_free(origpi);
+
+	talloc_disable_null_tracking();
+	return exit_status();
+}