t/t1451-fsck-buffer.sh

   1 #!/bin/sh
   2
   3 test_description='fsck on buffers without NUL termination
   4
   5 The goal here is to make sure that the various fsck parsers never look
   6 past the end of the buffer they are given, even when encountering broken
   7 or truncated objects.
   8
   9 We have to use "hash-object" for this because most code paths that read objects
  10 append an extra NUL for safety after the buffer. But hash-object, since it is
  11 reading straight from a file (and possibly even mmap-ing it) cannot always do
  12 so.
  13
  14 These tests _might_ catch such overruns in normal use, but should be run with
  15 ASan or valgrind for more confidence.
  16 '
  17 . ./test-lib.sh
  18
  19 # the general idea for tags and commits is to build up the "base" file
  20 # progressively, and then test new truncations on top of it.
  21 reset () {
  22         test_expect_success 'reset input to empty' '
  23                 >base
  24         '
  25 }
  26
  27 add () {
  28         content="$1"
  29         type=${content%% *}
  30         test_expect_success "add $type line" '
  31                 echo "$content" >>base
  32         '
  33 }
  34
  35 check () {
  36         type=$1
  37         fsck=$2
  38         content=$3
  39         test_expect_success "truncated $type ($fsck, \"$content\")" '
  40                 # do not pipe into hash-object here; we want to increase
  41                 # the chance that it uses a fixed-size buffer or mmap,
  42                 # and a pipe would be read into a strbuf.
  43                 {
  44                         cat base &&
  45                         echo "$content"
  46                 } >input &&
  47                 test_must_fail git hash-object -t "$type" input 2>err &&
  48                 grep "$fsck" err
  49         '
  50 }
  51
  52 test_expect_success 'create valid objects' '
  53         git commit --allow-empty -m foo &&
  54         commit=$(git rev-parse --verify HEAD) &&
  55         tree=$(git rev-parse --verify HEAD^{tree})
  56 '
  57
  58 reset
  59 check commit missingTree ""
  60 check commit missingTree "tr"
  61 check commit missingTree "tree"
  62 check commit badTreeSha1 "tree "
  63 check commit badTreeSha1 "tree 1234"
  64 add "tree $tree"
  65
  66 # these expect missingAuthor because "parent" is optional
  67 check commit missingAuthor ""
  68 check commit missingAuthor "par"
  69 check commit missingAuthor "parent"
  70 check commit badParentSha1 "parent "
  71 check commit badParentSha1 "parent 1234"
  72 add "parent $commit"
  73
  74 check commit missingAuthor ""
  75 check commit missingAuthor "au"
  76 check commit missingAuthor "author"
  77 ident_checks () {
  78         check $1 missingEmail "$2 "
  79         check $1 missingEmail "$2 name"
  80         check $1 badEmail "$2 name <"
  81         check $1 badEmail "$2 name <email"
  82         check $1 missingSpaceBeforeDate "$2 name <email>"
  83         check $1 badDate "$2 name <email> "
  84         check $1 badDate "$2 name <email> 1234"
  85         check $1 badTimezone "$2 name <email> 1234 "
  86         check $1 badTimezone "$2 name <email> 1234 +"
  87 }
  88 ident_checks commit author
  89 add "author name <email> 1234 +0000"
  90
  91 check commit missingCommitter ""
  92 check commit missingCommitter "co"
  93 check commit missingCommitter "committer"
  94 ident_checks commit committer
  95 add "committer name <email> 1234 +0000"
  96
  97 reset
  98 check tag missingObject ""
  99 check tag missingObject "obj"
 100 check tag missingObject "object"
 101 check tag badObjectSha1 "object "
 102 check tag badObjectSha1 "object 1234"
 103 add "object $commit"
 104
 105 check tag missingType ""
 106 check tag missingType "ty"
 107 check tag missingType "type"
 108 check tag badType "type "
 109 check tag badType "type com"
 110 add "type commit"
 111
 112 check tag missingTagEntry ""
 113 check tag missingTagEntry "ta"
 114 check tag missingTagEntry "tag"
 115 check tag badTagName "tag "
 116 add "tag foo"
 117
 118 check tag missingTagger ""
 119 check tag missingTagger "ta"
 120 check tag missingTagger "tagger"
 121 ident_checks tag tagger
 122
 123 # trees are a binary format and can't use our earlier helpers
 124 test_expect_success 'truncated tree (short hash)' '
 125         printf "100644 foo\0\1\1\1\1" >input &&
 126         test_must_fail git hash-object -t tree input 2>err &&
 127         grep badTree err
 128 '
 129
 130 test_expect_success 'truncated tree (missing nul)' '
 131         # these two things are indistinguishable to the parser. The important
 132         # thing about this is example is that there are enough bytes to
 133         # make up a hash, and that there is no NUL (and we confirm that the
 134         # parser does not walk past the end of the buffer).
 135         printf "100644 a long filename, or a hash with missing nul?" >input &&
 136         test_must_fail git hash-object -t tree input 2>err &&
 137         grep badTree err
 138 '
 139
 140 test_done