From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/260 Path: news.gmane.org!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Simple testing task - string functions Date: Sun, 10 Apr 2011 00:45:15 -0400 Message-ID: <20110410044515.GB13185@brightrain.aerifal.cx> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: dough.gmane.org 1312595691 11317 80.91.229.12 (6 Aug 2011 01:54:51 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sat, 6 Aug 2011 01:54:51 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: envelope-from@hidden Sun Apr 10 08:50:05 2011 Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) Xref: news.gmane.org gmane.linux.lib.musl.general:260 Archived-At: Here's a testing task (particularly for Luka who's applied for SoC) I'd like to see written. It's based on a recent bug that turned up in strchr. The interfaces to be tested are strlen, strchr, strcspn, strspn, memchr, etc. - any string/memory function that scans a range of memory and needs to stop when it hits a byte matching certain conditions. We're looking to detect invalid memory access past the end of the object, and tests should go something like: 1. Allocate two pages of memory with mmap and make the second one unreadable and unwritable using mprotect. 2. Arrange for the byte that stops the scan to be either the last byte of the first page, or one of the previous 7 bytes (try them all). Note that for some interfaces, there are more than one way the scan can be terminated (e.g. either a matching character of a null terminator) in which case you want to test both. 3. For each choice of terminator location and type in 2, you want to test every possible length and alignment leading up to it. You should test starting the scan exactly at the terminator, one byte before it, 2 bytes before it, ... all the way back to the beginning of the page. 4. Make sure you test both with high and low bytes (8th bit on or off) as both the non-terminating and terminating bytes, in order to also catch any errors due to signedness of char. A signal handler for SIGSEGV, along with siglongjmp to exit the signal handler, may be convenient for allowing the tests to continue in the event of a failure or at least reporting which test the failure occurred in. Please don't spend time developing any fancy framework for this. It should take just a few hours to get something working, and most of the code can be in main() for all I care as long as it works. Part of the criterion for working is that it should detect the strchr misaligned read bug in 0.7.6 that was fixed in 0.7.7, and the signedness bug in 0.7.5 that was fixed in 0.7.6. Rich