mirror of
https://git.proxmox.com/git/libgit2
synced 2025-05-03 06:17:02 +00:00
a17777d161
- remove() would read one-past array bounds. - resize() would fail if the initial size was 1, because it multiplied by 1.75 and truncated the resulting value. The buffer would always remain at size 1, but elements would repeatedly be appended (via insert()) causing a crash.
28 lines
736 B
C
28 lines
736 B
C
#include "test_lib.h"
|
|
#include "common.h"
|
|
#include "vector.h"
|
|
|
|
/* Initial size of 1 will cause writing past array bounds prior to fix */
|
|
BEGIN_TEST(initial_size_one)
|
|
git_vector x;
|
|
int i;
|
|
git_vector_init(&x, 1, NULL, NULL);
|
|
for (i = 0; i < 10; ++i) {
|
|
git_vector_insert(&x, (void*) 0xabc);
|
|
}
|
|
git_vector_free(&x);
|
|
END_TEST
|
|
|
|
/* vector used to read past array bounds on remove() */
|
|
BEGIN_TEST(remove)
|
|
git_vector x;
|
|
// make initial capacity exact for our insertions.
|
|
git_vector_init(&x, 3, NULL, NULL);
|
|
git_vector_insert(&x, (void*) 0xabc);
|
|
git_vector_insert(&x, (void*) 0xdef);
|
|
git_vector_insert(&x, (void*) 0x123);
|
|
|
|
git_vector_remove(&x, 0); // used to read past array bounds.
|
|
git_vector_free(&x);
|
|
END_TEST
|