Merge branch 'bug40076_042' into bug40076_043

2024-11-10 13:13:44 +01:00 · 2020-07-30 14:27:29 -04:00 · 2020-07-30 14:27:29 -04:00 · 69d7752937
commit 69d7752937
parent 3b8bf743ae c2d5ec5e43
3 changed files with 71 additions and 0 deletions
--- a/changes/bug40076
+++ b/changes/bug40076
@ -0,0 +1,5 @@
+  o Minor bugfixes (correctness, buffers):
+    - Fix a correctness bug that could cause an assertion failure if we ever
+      tried using the buf_move_all() function with an empty input.
+      As far as we know, no released versions of Tor do this.
+      Fixes bug 40076; bugfix on 0.3.3.1-alpha.
--- a/src/lib/buf/buffers.c
+++ b/src/lib/buf/buffers.c
@ -692,6 +692,8 @@ buf_move_all(buf_t *buf_out, buf_t *buf_in)
  tor_assert(buf_out);
  if (!buf_in)
    return;
+  if (buf_datalen(buf_in) == 0)
+    return;
  if (BUG(buf_out->datalen >= INT_MAX || buf_in->datalen >= INT_MAX))
    return;
  if (BUG(buf_out->datalen >= INT_MAX - buf_in->datalen))
--- a/src/test/test_buffers.c
+++ b/src/test/test_buffers.c
@ -302,6 +302,69 @@ test_buffer_pullup(void *arg)
  tor_free(tmp);
 }

+static void
+test_buffers_move_all(void *arg)
+{
+  (void)arg;
+  buf_t *input = buf_new();
+  buf_t *output = buf_new();
+  char *s = NULL;
+
+  /* Move from empty buffer to nonempty buffer. (This is a regression test for
+   * #40076) */
+  buf_add(output, "abc", 3);
+  buf_assert_ok(input);
+  buf_assert_ok(output);
+  buf_move_all(output, input);
+  buf_assert_ok(input);
+  buf_assert_ok(output);
+  tt_int_op(buf_datalen(output), OP_EQ, 3);
+  s = buf_extract(output, NULL);
+  tt_str_op(s, OP_EQ, "abc");
+  buf_free(output);
+  buf_free(input);
+  tor_free(s);
+
+  /* Move from empty to empty. */
+  output = buf_new();
+  input = buf_new();
+  buf_move_all(output, input);
+  buf_assert_ok(input);
+  buf_assert_ok(output);
+  tt_int_op(buf_datalen(output), OP_EQ, 0);
+  buf_free(output);
+  buf_free(input);
+
+  /* Move from nonempty to empty. */
+  output = buf_new();
+  input = buf_new();
+  buf_add(input, "longstanding bugs", 17);
+  buf_move_all(output, input);
+  buf_assert_ok(input);
+  buf_assert_ok(output);
+  s = buf_extract(output, NULL);
+  tt_str_op(s, OP_EQ, "longstanding bugs");
+  buf_free(output);
+  buf_free(input);
+  tor_free(s);
+
+  /* Move from nonempty to nonempty. */
+  output = buf_new();
+  input = buf_new();
+  buf_add(output, "the start of", 12);
+  buf_add(input, " a string", 9);
+  buf_move_all(output, input);
+  buf_assert_ok(input);
+  buf_assert_ok(output);
+  s = buf_extract(output, NULL);
+  tt_str_op(s, OP_EQ, "the start of a string");
+
+ done:
+  buf_free(output);
+  buf_free(input);
+  tor_free(s);
+}
+
 static void
 test_buffer_copy(void *arg)
 {
@ -799,6 +862,7 @@ struct testcase_t buffer_tests[] = {
  { "basic", test_buffers_basic, TT_FORK, NULL, NULL },
  { "copy", test_buffer_copy, TT_FORK, NULL, NULL },
  { "pullup", test_buffer_pullup, TT_FORK, NULL, NULL },
+  { "move_all", test_buffers_move_all, 0, NULL, NULL },
  { "startswith", test_buffer_peek_startswith, 0, NULL, NULL },
  { "allocation_tracking", test_buffer_allocation_tracking, TT_FORK,
    NULL, NULL },