leginee opened a new pull request, #486:
URL: https://github.com/apache/openoffice/pull/486
This PR is the first out of 3 fixes from test migration. The original test
did not make sense to me. I added the test for NULL pointers in the code itself
as guards. And turned the tests into boundry tests.
The code is ai generated. best is to have more eyes to check it.
# commit message for conveniance
Error case 1 of the test migration: ~40 *_000 cases in the rtl string qa
suites passed NULL into C string functions that dereference it (e.g.
rtl_str_compare(NULL, NULL)), causing 0xC0000005 AVs. These were dormant under
the old dmake build and only surface now that the tests actually run. NULL
violates the functions' documented contract ("must be null-terminated"), so the
defect was in the tests, not the (correct, unchanged) source. Fixed both sides
for defense in depth.
Tests (qa/rtl/ostring/rtl_str.cxx, rtl_string.cxx,
qa/rtl/oustring/rtl_ustr.cxx):
- Rewrote the UB NULL-deref cases as contract-respecting boundary tests
(empty string, prefix/ordering-sign < 0 / > 0), which also closes a
previously-untested coverage gap (result sign was never asserted).
- Added real assertions to the safe NULL-with-length-0 cases, which document
the length-bounded functions' tolerance as a regression guard.
Source (rtl/source/strtmpl.c, ustring.c):
- Added entry-point NULL guards: OSL_PRECOND (diagnoses misuse loudly in
non-product builds, compiles out in product builds) plus a defined empty-string
fallback so the library never dereferences NULL. Guards sit at function entry,
outside the per-character loops, so string-processing throughput is unchanged.
- strtmpl.c: one edit covers both the sal_Char and sal_Unicode
instantiations. getLength is the choke point (guarding it transitively protects
hashCode, lastIndexOf*, indexOfStr, trim);
compare/compareIgnoreAsciiCase/indexOfChar/replaceChar/
toAscii{Lower,Upper}Case/valueOfChar guarded directly.
- ustring.c: guarded the 6 mixed UTF-16/ASCII comparison helpers;
length-bounded args clamp the length to 0 to avoid NULL+0 pointer arithmetic.
BUILD.bazel: rtl_str/rtl_ustr/rtl_string removed from the "known upstream
failures" notes; they now pass.
Verified: sal3.dll rebuilds (both template instantiations) and rtl_str /
rtl_ustr / rtl_string all pass.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
