Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
test_vTCPWindowDestroy_list_length_not_zero(): Fix buffer overflow du…
…e to struct interposing
The test was crashing due to what AddressSanitizer calls a buffer overflow,
or really, interposing a TCPSegment_t on top of a TCPWindow_t::xRxSegments
member and accessing an interposed struct member that fell outside the
underlying TCPWindow_t struct.
The naive fix - not doing that - works:
void test_vTCPWindowDestroy_list_length_not_zero( void )
{
TCPWindow_t xWindow = { 0 };
- List_t * pxSegments = &( xWindow.xRxSegments );
+ TCPSegment_t xSegment = { 0 };
listLIST_IS_INITIALISED_ExpectAnyArgsAndReturn( pdFALSE );
listLIST_IS_INITIALISED_ExpectAnyArgsAndReturn( pdTRUE );
listCURRENT_LIST_LENGTH_ExpectAnyArgsAndReturn( 1 );
- listGET_OWNER_OF_HEAD_ENTRY_ExpectAnyArgsAndReturn( pxSegments );
+ listGET_OWNER_OF_HEAD_ENTRY_ExpectAnyArgsAndReturn( &xSegment );
/* ->vTCPWindowFree */
- uxListRemove_ExpectAnyArgsAndReturn( pdTRUE );
- uxListRemove_ExpectAnyArgsAndReturn( pdTRUE );
listCURRENT_LIST_LENGTH_ExpectAnyArgsAndReturn( 0 );
vTCPWindowDestroy( &xWindow );
}
However, this became a different test, as evidenced by the less than 100%
line coverage, that two function call expectations had to go, and that it
functionally became an exact copy of the next test.
To reach the holes in the test coverage opened by the naive fix,
the two list items' container pointers also needed and sufficed to be set.- Loading branch information
