From 3c75d2790b0eece7e4bb29c4b2ea9ee60a2065b1 Mon Sep 17 00:00:00 2001 From: Ingo Schwarze Date: Mon, 30 May 2016 12:05:57 +0000 Subject: Fix two rare edge cases: 1. If vasprintf() returns < 0, do not access a NULL pointer in snmprintf(), and do not free() the pointer returned from vasprintf() because on some systems other than OpenBSD, it might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and "" rather than -1 and NULL. Besides, free(dst) is pointless after failure (not a bug). One half OK martijn@, the other half OK deraadt@; committing quickly before people get hurt. --- regress/usr.bin/ssh/unittests/utf8/tests.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'regress/usr.bin/ssh') diff --git a/regress/usr.bin/ssh/unittests/utf8/tests.c b/regress/usr.bin/ssh/unittests/utf8/tests.c index d18cadc5d52..fad2ec27944 100644 --- a/regress/usr.bin/ssh/unittests/utf8/tests.c +++ b/regress/usr.bin/ssh/unittests/utf8/tests.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tests.c,v 1.1 2016/05/26 19:14:25 schwarze Exp $ */ +/* $OpenBSD: tests.c,v 1.2 2016/05/30 12:05:56 schwarze Exp $ */ /* * Regress test for the utf8.h *mprintf() API * @@ -13,8 +13,24 @@ #include "utf8.h" +void badarg(void); void one(const char *, const char *, int, int, int, const char *); +void +badarg(void) +{ + char buf[16]; + int len, width; + + width = 1; + TEST_START("utf8_badarg"); + len = snmprintf(buf, sizeof(buf), &width, "\377"); + ASSERT_INT_EQ(len, -1); + ASSERT_STRING_EQ(buf, ""); + ASSERT_INT_EQ(width, 0); + TEST_DONE(); +} + void one(const char *name, const char *mbs, int width, int wantwidth, int wantlen, const char *wants) @@ -46,6 +62,9 @@ tests(void) ASSERT_PTR_NE(loc, NULL); TEST_DONE(); + badarg(); + one("null", NULL, 8, 6, 6, "(null)"); + one("empty", "", 2, 0, 0, ""); one("ascii", "x", -2, -2, -2, "x"); one("newline", "a\nb", -2, -2, -2, "a\nb"); one("cr", "a\rb", -2, -2, -2, "a\rb"); -- cgit v1.2.3