3 test_description
='fsck on buffers without NUL termination
5 The goal here is to make sure that the various fsck parsers never look
6 past the end of the buffer they are given, even when encountering broken
9 We have to use "hash-object" for this because most code paths that read objects
10 append an extra NUL for safety after the buffer. But hash-object, since it is
11 reading straight from a file (and possibly even mmap-ing it) cannot always do
14 These tests _might_ catch such overruns in normal use, but should be run with
15 ASan or valgrind for more confidence.
19 # the general idea for tags and commits is to build up the "base" file
20 # progressively, and then test new truncations on top of it.
22 test_expect_success
'reset input to empty' '
30 test_expect_success
"add $type line" '
31 echo "$content" >>base
39 test_expect_success
"truncated $type ($fsck, \"$content\")" '
40 # do not pipe into hash-object here; we want to increase
41 # the chance that it uses a fixed-size buffer or mmap,
42 # and a pipe would be read into a strbuf.
47 test_must_fail git hash-object -t "$type" input 2>err &&
52 test_expect_success
'create valid objects' '
53 git commit --allow-empty -m foo &&
54 commit=$(git rev-parse --verify HEAD) &&
55 tree=$(git rev-parse --verify HEAD^{tree})
59 check commit missingTree
""
60 check commit missingTree
"tr"
61 check commit missingTree
"tree"
62 check commit badTreeSha1
"tree "
63 check commit badTreeSha1
"tree 1234"
66 # these expect missingAuthor because "parent" is optional
67 check commit missingAuthor
""
68 check commit missingAuthor
"par"
69 check commit missingAuthor
"parent"
70 check commit badParentSha1
"parent "
71 check commit badParentSha1
"parent 1234"
74 check commit missingAuthor
""
75 check commit missingAuthor
"au"
76 check commit missingAuthor
"author"
78 check
$1 missingEmail
"$2 "
79 check
$1 missingEmail
"$2 name"
80 check
$1 badEmail
"$2 name <"
81 check
$1 badEmail
"$2 name <email"
82 check
$1 missingSpaceBeforeDate
"$2 name <email>"
83 check
$1 badDate
"$2 name <email> "
84 check
$1 badDate
"$2 name <email> 1234"
85 check
$1 badTimezone
"$2 name <email> 1234 "
86 check
$1 badTimezone
"$2 name <email> 1234 +"
88 ident_checks commit author
89 add
"author name <email> 1234 +0000"
91 check commit missingCommitter
""
92 check commit missingCommitter
"co"
93 check commit missingCommitter
"committer"
94 ident_checks commit committer
95 add
"committer name <email> 1234 +0000"
98 check tag missingObject
""
99 check tag missingObject
"obj"
100 check tag missingObject
"object"
101 check tag badObjectSha1
"object "
102 check tag badObjectSha1
"object 1234"
105 check tag missingType
""
106 check tag missingType
"ty"
107 check tag missingType
"type"
108 check tag badType
"type "
109 check tag badType
"type com"
112 check tag missingTagEntry
""
113 check tag missingTagEntry
"ta"
114 check tag missingTagEntry
"tag"
115 check tag badTagName
"tag "
118 check tag missingTagger
""
119 check tag missingTagger
"ta"
120 check tag missingTagger
"tagger"
121 ident_checks tag tagger
123 # trees are a binary format and can't use our earlier helpers
124 test_expect_success
'truncated tree (short hash)' '
125 printf "100644 foo\0\1\1\1\1" >input &&
126 test_must_fail git hash-object -t tree input 2>err &&
130 test_expect_success
'truncated tree (missing nul)' '
131 # these two things are indistinguishable to the parser. The important
132 # thing about this is example is that there are enough bytes to
133 # make up a hash, and that there is no NUL (and we confirm that the
134 # parser does not walk past the end of the buffer).
135 printf "100644 a long filename, or a hash with missing nul?" >input &&
136 test_must_fail git hash-object -t tree input 2>err &&