Message ID | 20231220155256.407974-1-rf@opensource.cirrus.com (mailing list archive) |
---|---|
State | Accepted |
Commit | 7ece381aa72d430ee117958abb5bb23e21d72f1d |
Delegated to: | Brendan Higgins |
Headers | show |
Series | kunit: Protect string comparisons against NULL | expand |
On Wed, 20 Dec 2023 at 23:52, Richard Fitzgerald <rf@opensource.cirrus.com> wrote: > > Add NULL checks to KUNIT_BINARY_STR_ASSERTION() so that it will fail > cleanly if either pointer is NULL, instead of causing a NULL pointer > dereference in the strcmp(). > > A test failure could be that a string is unexpectedly NULL. This could > be trapped by KUNIT_ASSERT_NOT_NULL() but that would terminate the test > at that point. It's preferable that the KUNIT_EXPECT_STR*() macros can > handle NULL pointers as a failure. > > Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com> > --- I think this is the right thing to do. There's possibly an argument that this should succeed if both are NULL, but I prefer it this way. Reviewed-by: David Gow <davidgow@google.com> Cheers, -- David
On 12/20/23 8:52 PM, Richard Fitzgerald wrote: > Add NULL checks to KUNIT_BINARY_STR_ASSERTION() so that it will fail > cleanly if either pointer is NULL, instead of causing a NULL pointer > dereference in the strcmp(). > > A test failure could be that a string is unexpectedly NULL. This could > be trapped by KUNIT_ASSERT_NOT_NULL() but that would terminate the test > at that point. It's preferable that the KUNIT_EXPECT_STR*() macros can > handle NULL pointers as a failure. > > Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com> Reviewed-by: Muhammad Usama Anjum <usama.anjum@collabora.com> > --- > include/kunit/test.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/kunit/test.h b/include/kunit/test.h > index b163b9984b33..c2ce379c329b 100644 > --- a/include/kunit/test.h > +++ b/include/kunit/test.h > @@ -758,7 +758,7 @@ do { \ > .right_text = #right, \ > }; \ > \ > - if (likely(strcmp(__left, __right) op 0)) \ > + if (likely((__left) && (__right) && (strcmp(__left, __right) op 0))) \ > break; \ > \ > \
On 22/12/23 08:39, David Gow wrote: > On Wed, 20 Dec 2023 at 23:52, Richard Fitzgerald > <rf@opensource.cirrus.com> wrote: >> >> Add NULL checks to KUNIT_BINARY_STR_ASSERTION() so that it will fail >> cleanly if either pointer is NULL, instead of causing a NULL pointer >> dereference in the strcmp(). >> >> A test failure could be that a string is unexpectedly NULL. This could >> be trapped by KUNIT_ASSERT_NOT_NULL() but that would terminate the test >> at that point. It's preferable that the KUNIT_EXPECT_STR*() macros can >> handle NULL pointers as a failure. >> >> Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com> >> --- > > I think this is the right thing to do. There's possibly an argument > that this should succeed if both are NULL, but I prefer it this way. > Maybe an _OR_NULL() variant of the string test macros would be better to be explicit that NULL is acceptable. > Reviewed-by: David Gow <davidgow@google.com> > > Cheers, > -- David
diff --git a/include/kunit/test.h b/include/kunit/test.h index b163b9984b33..c2ce379c329b 100644 --- a/include/kunit/test.h +++ b/include/kunit/test.h @@ -758,7 +758,7 @@ do { \ .right_text = #right, \ }; \ \ - if (likely(strcmp(__left, __right) op 0)) \ + if (likely((__left) && (__right) && (strcmp(__left, __right) op 0))) \ break; \ \ \
Add NULL checks to KUNIT_BINARY_STR_ASSERTION() so that it will fail cleanly if either pointer is NULL, instead of causing a NULL pointer dereference in the strcmp(). A test failure could be that a string is unexpectedly NULL. This could be trapped by KUNIT_ASSERT_NOT_NULL() but that would terminate the test at that point. It's preferable that the KUNIT_EXPECT_STR*() macros can handle NULL pointers as a failure. Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com> --- include/kunit/test.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)