git/t/t1451-fsck-buffer.sh
Ævar Arnfjörð Bjarmason b2e5d75d17 tests: mark tests as passing with SANITIZE=leak
When the "ab/various-leak-fixes" topic was merged in [1] only t6021
would fail if the tests were run in the
"GIT_TEST_PASSING_SANITIZE_LEAK=check" mode, i.e. to check whether we
marked all leak-free tests with "TEST_PASSES_SANITIZE_LEAK=true".

Since then we've had various tests starting to pass under
SANITIZE=leak. Let's mark those as passing, this is when they started
to pass, narrowed down with "git bisect":

- t5317-pack-objects-filter-objects.sh: In
  faebba436e (list-objects-filter: plug pattern_list leak, 2022-12-01).

- t3210-pack-refs.sh, t5613-info-alternate.sh,
  t7403-submodule-sync.sh: In 189e97bc4b (diff: remove parseopts member
  from struct diff_options, 2022-12-01).

- t1408-packed-refs.sh: In ab91f6b7c4 (Merge branch
  'rs/diff-parseopts', 2022-12-19).

- t0023-crlf-am.sh, t4152-am-subjects.sh, t4254-am-corrupt.sh,
  t4256-am-format-flowed.sh, t4257-am-interactive.sh,
  t5403-post-checkout-hook.sh: In a658e881c1 (am: don't pass strvec to
  apply_parse_options(), 2022-12-13)

- t1301-shared-repo.sh, t1302-repo-version.sh: In b07a819c05 (reflog:
  clear leftovers in reflog_expiry_cleanup(), 2022-12-13).

- t1304-default-acl.sh, t1410-reflog.sh,
  t5330-no-lazy-fetch-with-commit-graph.sh, t5502-quickfetch.sh,
  t5604-clone-reference.sh, t6014-rev-list-all.sh,
  t7701-repack-unpack-unreachable.sh: In b0c61be320 (Merge branch
  'rs/reflog-expiry-cleanup', 2022-12-26)

- t3800-mktag.sh, t5302-pack-index.sh, t5306-pack-nobase.sh,
  t5573-pull-verify-signatures.sh, t7612-merge-verify-signatures.sh: In
  69bbbe484b (hash-object: use fsck for object checks, 2023-01-18).

- t1451-fsck-buffer.sh: In 8e4309038f (fsck: do not assume
  NUL-termination of buffers, 2023-01-19).

- t6501-freshen-objects.sh: In abf2bb895b (Merge branch
  'jk/hash-object-fsck', 2023-01-30)

1. 9ea1378d04 (Merge branch 'ab/various-leak-fixes', 2022-12-14)

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2023-02-06 15:34:36 -08:00

142 lines
3.9 KiB
Bash
Executable file

#!/bin/sh
test_description='fsck on buffers without NUL termination
The goal here is to make sure that the various fsck parsers never look
past the end of the buffer they are given, even when encountering broken
or truncated objects.
We have to use "hash-object" for this because most code paths that read objects
append an extra NUL for safety after the buffer. But hash-object, since it is
reading straight from a file (and possibly even mmap-ing it) cannot always do
so.
These tests _might_ catch such overruns in normal use, but should be run with
ASan or valgrind for more confidence.
'
TEST_PASSES_SANITIZE_LEAK=true
. ./test-lib.sh
# the general idea for tags and commits is to build up the "base" file
# progressively, and then test new truncations on top of it.
reset () {
test_expect_success 'reset input to empty' '
>base
'
}
add () {
content="$1"
type=${content%% *}
test_expect_success "add $type line" '
echo "$content" >>base
'
}
check () {
type=$1
fsck=$2
content=$3
test_expect_success "truncated $type ($fsck, \"$content\")" '
# do not pipe into hash-object here; we want to increase
# the chance that it uses a fixed-size buffer or mmap,
# and a pipe would be read into a strbuf.
{
cat base &&
echo "$content"
} >input &&
test_must_fail git hash-object -t "$type" input 2>err &&
grep "$fsck" err
'
}
test_expect_success 'create valid objects' '
git commit --allow-empty -m foo &&
commit=$(git rev-parse --verify HEAD) &&
tree=$(git rev-parse --verify HEAD^{tree})
'
reset
check commit missingTree ""
check commit missingTree "tr"
check commit missingTree "tree"
check commit badTreeSha1 "tree "
check commit badTreeSha1 "tree 1234"
add "tree $tree"
# these expect missingAuthor because "parent" is optional
check commit missingAuthor ""
check commit missingAuthor "par"
check commit missingAuthor "parent"
check commit badParentSha1 "parent "
check commit badParentSha1 "parent 1234"
add "parent $commit"
check commit missingAuthor ""
check commit missingAuthor "au"
check commit missingAuthor "author"
ident_checks () {
check $1 missingEmail "$2 "
check $1 missingEmail "$2 name"
check $1 badEmail "$2 name <"
check $1 badEmail "$2 name <email"
check $1 missingSpaceBeforeDate "$2 name <email>"
check $1 badDate "$2 name <email> "
check $1 badDate "$2 name <email> 1234"
check $1 badTimezone "$2 name <email> 1234 "
check $1 badTimezone "$2 name <email> 1234 +"
}
ident_checks commit author
add "author name <email> 1234 +0000"
check commit missingCommitter ""
check commit missingCommitter "co"
check commit missingCommitter "committer"
ident_checks commit committer
add "committer name <email> 1234 +0000"
reset
check tag missingObject ""
check tag missingObject "obj"
check tag missingObject "object"
check tag badObjectSha1 "object "
check tag badObjectSha1 "object 1234"
add "object $commit"
check tag missingType ""
check tag missingType "ty"
check tag missingType "type"
check tag badType "type "
check tag badType "type com"
add "type commit"
check tag missingTagEntry ""
check tag missingTagEntry "ta"
check tag missingTagEntry "tag"
check tag badTagName "tag "
add "tag foo"
check tag missingTagger ""
check tag missingTagger "ta"
check tag missingTagger "tagger"
ident_checks tag tagger
# trees are a binary format and can't use our earlier helpers
test_expect_success 'truncated tree (short hash)' '
printf "100644 foo\0\1\1\1\1" >input &&
test_must_fail git hash-object -t tree input 2>err &&
grep badTree err
'
test_expect_success 'truncated tree (missing nul)' '
# these two things are indistinguishable to the parser. The important
# thing about this is example is that there are enough bytes to
# make up a hash, and that there is no NUL (and we confirm that the
# parser does not walk past the end of the buffer).
printf "100644 a long filename, or a hash with missing nul?" >input &&
test_must_fail git hash-object -t tree input 2>err &&
grep badTree err
'
test_done