Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
expat.35320
expat-CVE-2023-52425-fix-tests.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File expat-CVE-2023-52425-fix-tests.patch of Package expat.35320
From: Simon Lees <sflees@suse.de> Date: Fri, Mar 1 10:42:13 Subject: CVE-2023-52425 Tests and Test suite fixes This adds the Tests for CVE-2023-52425 to the testsuite and addresses other changes required for the other tests to pass with the other internal changes. --- Index: expat-2.4.4/tests/runtests.c =================================================================== --- expat-2.4.4.orig/tests/runtests.c +++ expat-2.4.4/tests/runtests.c @@ -52,8 +52,42 @@ # endif /* XML_UNICODE */ #endif /* XML_UNICODE_WCHAR_T */ +struct handler_record_entry { + const char *name; + int arg; +}; +struct handler_record_list { + int count; + struct handler_record_entry entries[50]; // arbitrary big-enough max count +}; + +extern const struct handler_record_entry * +_handler_record_get(const struct handler_record_list *storage, int index, + const char *file, int line); + +# define handler_record_get(storage, index) \ + _handler_record_get((storage), (index), __FILE__, __LINE__) + +# define assert_record_handler_called(storage, index, expected_name, \ + expected_arg) \ + do { \ + const struct handler_record_entry *e \ + = handler_record_get(storage, index); \ + assert_true(strcmp(e->name, expected_name) == 0); \ + assert_true(e->arg == (expected_arg)); \ + } while (0) + +const struct handler_record_entry * +_handler_record_get(const struct handler_record_list *storage, int index, + const char *file, int line) { + if (storage->count <= index) { + _fail(file, line, "too few handler calls"); + } + return &storage->entries[index]; +} static XML_Parser parser; +static int g_chunkSize = 1; static void tcase_add_test__ifdef_xml_dtd(TCase *tc, tcase_test_function test) { @@ -100,6 +134,27 @@ _xml_failure(XML_Parser parser, const ch file, line); _fail_unless(0, file, line, buffer); } + +static enum XML_Status +_XML_Parse_SINGLE_BYTES(XML_Parser parser, const char *s, int len, + int isFinal) { + // This ensures that tests have to run pathological parse cases + // (e.g. when `s` is NULL) against plain XML_Parse rather than + // chunking _XML_Parse_SINGLE_BYTES. + assert((parser != NULL) && (s != NULL) && (len >= 0)); + const int chunksize = g_chunkSize; + if (chunksize > 0) { + // parse in chunks of `chunksize` bytes as long as not exhausting + for (; len > chunksize; len -= chunksize, s += chunksize) { + enum XML_Status res = XML_Parse(parser, s, chunksize, XML_FALSE); + if (res != XML_STATUS_OK) { + return res; + } + } + } + // parse the final chunk, the size of which will be <= chunksize + return XML_Parse(parser, s, len, isFinal); +} #define xml_failure(parser) _xml_failure((parser), __FILE__, __LINE__) @@ -551,7 +606,8 @@ START_TEST(test_line_number_after_parse) "\n</tag>"; XML_Size lineno; - if (XML_Parse(parser, text, strlen(text), XML_FALSE) == XML_STATUS_ERROR) + if (_XML_Parse_SINGLE_BYTES(parser, text, (int)strlen(text), XML_TRUE) + == XML_STATUS_ERROR) xml_failure(parser); lineno = XML_GetCurrentLineNumber(parser); if (lineno != 4) { @@ -569,7 +625,8 @@ START_TEST(test_column_number_after_pars char *text = "<tag></tag>"; XML_Size colno; - if (XML_Parse(parser, text, strlen(text), XML_FALSE) == XML_STATUS_ERROR) + if (_XML_Parse_SINGLE_BYTES(parser, text, (int)strlen(text), XML_TRUE) + == XML_STATUS_ERROR) xml_failure(parser); colno = XML_GetCurrentColumnNumber(parser); if (colno != 11) { @@ -654,7 +711,8 @@ START_TEST(test_line_number_after_error) " <b>\n" " </a>"; /* missing </b> */ XML_Size lineno; - if (XML_Parse(parser, text, strlen(text), XML_FALSE) != XML_STATUS_ERROR) + if (_XML_Parse_SINGLE_BYTES(parser, text, (int)strlen(text), XML_TRUE) + != XML_STATUS_ERROR) fail("Expected a parse error"); lineno = XML_GetCurrentLineNumber(parser); @@ -674,7 +732,8 @@ START_TEST(test_column_number_after_erro " <b>\n" " </a>"; /* missing </b> */ XML_Size colno; - if (XML_Parse(parser, text, strlen(text), XML_FALSE) != XML_STATUS_ERROR) + if (_XML_Parse_SINGLE_BYTES(parser, text, (int)strlen(text), XML_TRUE) + != XML_STATUS_ERROR) fail("Expected a parse error"); colno = XML_GetCurrentColumnNumber(parser);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor