From 008195924ca9b68d9d52ba562ad979fef76fa0ef Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue, 8 Jun 2021 13:43:57 +1000
Subject: [PATCH] test: add a test for the properties stack overflow

See #1249
---
 test/test-properties.c | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/test/test-properties.c b/test/test-properties.c
index 85d6611fa..d6168efdf 100644
--- a/test/test-properties.c
+++ b/test/test-properties.c
@@ -238,6 +238,40 @@ PWTEST(properties_update_string)
 	return PWTEST_PASS;
 }
 
+PWTEST(properties_serialize_dict_stack_overflow)
+{
+	char *long_value = NULL;
+	struct spa_dict_item items[2];
+	struct spa_dict dict;
+	const int sz = 8 * 1024 * 1024;
+	char tmpfile[PATH_MAX];
+	FILE *fp;
+	int r;
+
+	/* Alloc a property value long enough to trigger a stack overflow
+	 * in any variadic arrays (see * e994949d576e93f8c22)
+	 */
+	long_value = calloc(1, sz);
+	if (long_value == 0)
+		return PWTEST_SKIP;
+
+	memset(long_value, 'a', sz - 1);
+	items[0] = SPA_DICT_ITEM_INIT("longval", long_value);
+	items[1] = SPA_DICT_ITEM_INIT(long_value, "longval");
+	dict = SPA_DICT_INIT(items, 2);
+
+	pwtest_mkstemp(tmpfile);
+	fp = fopen(tmpfile, "w");
+	pwtest_ptr_notnull(fp);
+	r = pw_properties_serialize_dict(fp, &dict, 0);
+	pwtest_int_eq(r, 2);
+
+	fclose(fp);
+	free(long_value);
+
+	return PWTEST_PASS;
+}
+
 PWTEST_SUITE(properties)
 {
 	pwtest_add(properties_new, PWTEST_NOARG);
@@ -248,6 +282,7 @@ PWTEST_SUITE(properties)
 	pwtest_add(properties_parse_int, PWTEST_NOARG);
 	pwtest_add(properties_copy, PWTEST_NOARG);
 	pwtest_add(properties_update_string, PWTEST_NOARG);
+	pwtest_add(properties_serialize_dict_stack_overflow, PWTEST_NOARG);
 
 	return PWTEST_PASS;
 }