fusefs: fix a buffer overflow in the tests
The actual overflow occured in the ReadAhead.readahead test. Surprisingly it has never segfaulted or resulted in any bad behavior. MFC after: 1 week Sponsored by: Axcient Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D38718
This commit is contained in:
parent
ce7db385f5
commit
0c9df4afc2
@ -210,6 +210,8 @@ TEST_P(BmapEof, eof)
|
||||
_)
|
||||
).WillOnce(Invoke(ReturnImmediate([=](auto in, auto& out) {
|
||||
size_t osize = in.body.read.size;
|
||||
|
||||
assert(osize < sizeof(out.body.bytes));
|
||||
out.header.len = sizeof(struct fuse_out_header) + osize;
|
||||
bzero(out.body.bytes, osize);
|
||||
})));
|
||||
|
@ -70,6 +70,7 @@ void expect_vop_stddeallocate(uint64_t ino, uint64_t off, uint64_t length)
|
||||
}, Eq(true)),
|
||||
_)
|
||||
).WillOnce(Invoke(ReturnImmediate([=](auto in, auto& out) {
|
||||
assert(in.body.read.size <= sizeof(out.body.bytes));
|
||||
out.header.len = sizeof(struct fuse_out_header) +
|
||||
in.body.read.size;
|
||||
memset(out.body.bytes, 'X', in.body.read.size);
|
||||
@ -79,6 +80,8 @@ void expect_vop_stddeallocate(uint64_t ino, uint64_t off, uint64_t length)
|
||||
const char *buf = (const char*)in.body.bytes +
|
||||
sizeof(struct fuse_write_in);
|
||||
|
||||
assert(length <= sizeof(in.body.bytes) -
|
||||
sizeof(struct fuse_write_in));
|
||||
return (in.header.opcode == FUSE_WRITE &&
|
||||
in.header.nodeid == ino &&
|
||||
in.body.write.offset == off &&
|
||||
|
@ -141,6 +141,8 @@ void SetUp()
|
||||
ssize_t isize = in.body.write.size;
|
||||
off_t iofs = in.body.write.offset;
|
||||
|
||||
assert((size_t)isize <= sizeof(in.body.bytes) -
|
||||
sizeof(struct fuse_write_in));
|
||||
ASSERT_EQ(isize, pwrite(m_backing_fd, buf, isize, iofs))
|
||||
<< strerror(errno);
|
||||
SET_OUT_HEADER_LEN(out, write);
|
||||
@ -158,6 +160,7 @@ void SetUp()
|
||||
void *buf = out.body.bytes;
|
||||
ssize_t osize;
|
||||
|
||||
assert((size_t)isize <= sizeof(out.body.bytes));
|
||||
osize = pread(m_backing_fd, buf, isize, iofs);
|
||||
ASSERT_LE(0, osize) << strerror(errno);
|
||||
out.header.len = sizeof(struct fuse_out_header) + osize;
|
||||
|
@ -206,7 +206,7 @@ union fuse_payloads_out {
|
||||
* The protocol places no limits on the size of bytes. Choose
|
||||
* a size big enough for anything we'll test.
|
||||
*/
|
||||
uint8_t bytes[0x20000];
|
||||
uint8_t bytes[0x40000];
|
||||
fuse_entry_out entry;
|
||||
fuse_entry_out_7_8 entry_7_8;
|
||||
fuse_lk_out getlk;
|
||||
|
@ -530,6 +530,7 @@ TEST_F(Setattr, truncate_discards_cached_data) {
|
||||
auto osize = std::min(
|
||||
static_cast<uint64_t>(cur_size) - in.body.read.offset,
|
||||
static_cast<uint64_t>(in.body.read.size));
|
||||
assert(osize <= sizeof(out.body.bytes));
|
||||
out.header.len = sizeof(struct fuse_out_header) + osize;
|
||||
if (should_have_data)
|
||||
memset(out.body.bytes, 'X', osize);
|
||||
|
@ -400,6 +400,7 @@ void FuseTest::expect_read(uint64_t ino, uint64_t offset, uint64_t isize,
|
||||
}, Eq(true)),
|
||||
_)
|
||||
).WillOnce(Invoke(ReturnImmediate([=](auto in __unused, auto& out) {
|
||||
assert(osize <= sizeof(out.body.bytes));
|
||||
out.header.len = sizeof(struct fuse_out_header) + osize;
|
||||
memmove(out.body.bytes, contents, osize);
|
||||
}))).RetiresOnSaturation();
|
||||
@ -502,6 +503,8 @@ void FuseTest::expect_write(uint64_t ino, uint64_t offset, uint64_t isize,
|
||||
bool pid_ok;
|
||||
uint32_t wf = in.body.write.write_flags;
|
||||
|
||||
assert(isize <= sizeof(in.body.bytes) -
|
||||
sizeof(struct fuse_write_in));
|
||||
if (wf & FUSE_WRITE_CACHE)
|
||||
pid_ok = true;
|
||||
else
|
||||
@ -534,6 +537,9 @@ void FuseTest::expect_write_7_8(uint64_t ino, uint64_t offset, uint64_t isize,
|
||||
const char *buf = (const char*)in.body.bytes +
|
||||
FUSE_COMPAT_WRITE_IN_SIZE;
|
||||
bool pid_ok = (pid_t)in.header.pid == getpid();
|
||||
|
||||
assert(isize <= sizeof(in.body.bytes) -
|
||||
FUSE_COMPAT_WRITE_IN_SIZE);
|
||||
return (in.header.opcode == FUSE_WRITE &&
|
||||
in.header.nodeid == ino &&
|
||||
in.body.write.fh == FH &&
|
||||
|
@ -97,6 +97,8 @@ void maybe_expect_write(uint64_t ino, uint64_t offset, uint64_t size,
|
||||
const char *buf = (const char*)in.body.bytes +
|
||||
sizeof(struct fuse_write_in);
|
||||
|
||||
assert(size <= sizeof(in.body.bytes) -
|
||||
sizeof(struct fuse_write_in));
|
||||
return (in.header.opcode == FUSE_WRITE &&
|
||||
in.header.nodeid == ino &&
|
||||
in.body.write.offset == offset &&
|
||||
|
Loading…
Reference in New Issue
Block a user