RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 22:27:44 +00:00
Code Issues Activity Actions

AK: Fix OOB access in DuplexMemoryStream::offset_of()

Browse source 
This fixes an OOB access when the last read/written chunk is empty (as we _just_
started on a new chunk).
Also adds a test case to TestMemoryStream.
Found via human fuzzing in the shell:
```sh
for $(cat /dev/urandom) {
    clear
    match $it {
        ?* as (x) {
            echo $x
            sleep 1
        }
    }
}
```
would assert at some point.
This commit is contained in:
AnotherTest 2020-11-16 20:54:49 +03:30 committed by Andreas Kling
parent b1fb8e3741
commit 4c343c5f26
2 changed files with 21 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

14
AK/Tests/TestMemoryStream.cpp
View file

@ -194,4 +194,18 @@ TEST_CASE(new_output_memory_stream)
EXPECT_EQ(stream.bytes().size(), 2u);
}
TEST_CASE(offset_of_out_of_bounds)
{
Array<u8, 4> target { 0xff, 0xff, 0xff, 0xff };
Array<u8, DuplexMemoryStream::chunk_size> whole_chunk;
whole_chunk.span().fill(0);
DuplexMemoryStream stream;
stream << whole_chunk;
EXPECT(!stream.offset_of(target).has_value());
}
TEST_MAIN(MemoryStream)