[patch] A couple of break-loader fixes

Havoc Pennington hp at redhat.com
Fri Apr 23 14:12:44 EST 2004


Hi,

On Thu, 2004-04-22 at 17:55, John (J5) Palmieri wrote:
> The first fix adds a DBusMessageValidity expected_validity parameter so
> that we test to see if we get what we are expecting from the test. 
> Before it would just pass _DBUS_MESSAGE_UNKNOWN which would return TRUE
> every time (test passed).

Ah, I was confused when we discussed this in person. The break-loader
test is just testing whether the loader segfaults on mangled data. Once
we randomly modify a message, we have no idea whether it's still valid
or not so we can't check that. But we want to see if we can crash the
message loader, which would be a security bug. That's why the fork() is
in there, so that the child process crashes and the parent can stay
alive and record the problem.

So this part of the patch is not needed.

The invalid messages issue in TODO is referring to
data/invalid-messages/* which is loaded by dbus/dbus-message.c (OK, you
probably already found that)

> The second bug involved a buffer overflow which had the effect of
> dropping the first character off of the failure directory string.  It
> was cause by not incrementing the times_we_did_each_thing counter array
> to reflect the number of random mutation functions we have.

Good catch, please apply.

Havoc





More information about the dbus mailing list