DGNum/libubox
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
libubox/tests/cram/test_runqueue.t

37 lines
1.2 KiB
Perl
Raw Normal View History

add cram based unit tests For improved QA etc. For the start with initial test cases for avl, base64, jshn and list components. Moved runqueue and blobmsg from examples to tests. Converted just a few first test cases from json-script example into the new cram based unit test, more to come. Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-19 14:31:44 +01:00
check that runqueue is producing expected results:
$ [ -n "$TEST_BIN_DIR" ] && export PATH="$TEST_BIN_DIR:$PATH"
$ valgrind --quiet --leak-check=full test-runqueue
libubox: runqueue: fix use-after-free bug Fixes a use-after-free bug in runqueue_task_kill(): Invalid read of size 8 at runqueue_task_kill (runqueue.c:200) by uloop_process_timeouts (uloop.c:505) by uloop_run_timeout (uloop.c:542) by uloop_run (uloop.h:111) by main (tests/test-runqueue.c:126) Address 0x5a4b058 is 24 bytes inside a block of size 208 free'd at free by runqueue_task_complete (runqueue.c:234) by runqueue_task_kill (runqueue.c:199) by uloop_process_timeouts (uloop.c:505) by uloop_run_timeout (uloop.c:542) by uloop_run (uloop.h:111) by main (tests/test-runqueue.c:126) Block was alloc'd at at calloc by add_sleeper (tests/test-runqueue.c:101) by main (tests/test-runqueue.c:123) Since commit 11e8afea (runqueue should call the complete handler from more places) the call to the complete() callback has been moved to runqueue_task_complete(). However in runqueue_task_kill() runqueue_task_complete() is called before the kill() callback. This will result in a use after free if the complete() callback frees the task struct. Furthermore runqueue_start_next() is already called at the end of runqueue_task_complete(), so there is no need to call it again in runqueue_task_kill(). The issue was that the _complete() callback frees the memory used by the task struct, which is then read after the _complete() callback returns. Ref: FS#3016 Signed-off-by: Alban Bedel <albeu@free.fr> [initial test case, kill cb comment fix] Signed-off-by: Chris Nisbet <nischris@gmail.com> [testcase improvements and commit subject/description tweaks] Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-23 05:35:23 +02:00
[1/1] start 'sleep 1' (killer)
[1/1] killing process (killer)
[0/1] finish 'sleep 1' (killer)
[0/1] finish 'sleep 1' (killer)
[0/1] finish 'sleep 1' (killer)
[1/1] start 'sleep 1' (sleeper)
[1/1] cancel 'sleep 1' (sleeper)
[0/1] finish 'sleep 1' (sleeper)
[1/1] start 'sleep 1' (sleeper)
[1/1] cancel 'sleep 1' (sleeper)
[0/1] finish 'sleep 1' (sleeper)
[1/1] start 'sleep 1' (sleeper)
[1/1] cancel 'sleep 1' (sleeper)
[0/1] finish 'sleep 1' (sleeper)
add cram based unit tests For improved QA etc. For the start with initial test cases for avl, base64, jshn and list components. Moved runqueue and blobmsg from examples to tests. Converted just a few first test cases from json-script example into the new cram based unit test, more to come. Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-19 14:31:44 +01:00
All done!
tests: add unit tests covered with Clang sanitizers Currently we run all tests via Valgrind. This patch adds 2nd batch of tests which are compiled with Clang AddressSanitizer[1], LeakSanitizer[2] and UndefinedBehaviorSanitizer[3] in order to catch more issues during QA on CI. AddressSanitizer is a fast memory error detector. The tool can detect the following types of bugs: * Out-of-bounds accesses to heap, stack and globals * Use-after-free, use-after-return, use-after-scope * Double-free, invalid free LeakSanitizer is a run-time memory leak detector. It can be combined with AddressSanitizer to get both memory error and leak detection, or used in a stand-alone mode. UndefinedBehaviorSanitizer (UBSan) is a fast undefined behavior detector. UBSan modifies the program at compile-time to catch various kinds of undefined behavior during program execution, for example: * Using misaligned or null pointer * Signed integer overflow * Conversion to, from, or between floating-point types which would overflow the destination 1. http://clang.llvm.org/docs/AddressSanitizer.html 2. http://http://clang.llvm.org/docs/LeakSanitizer.html 3. http://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-08 13:12:47 +01:00
$ test-runqueue-san
libubox: runqueue: fix use-after-free bug Fixes a use-after-free bug in runqueue_task_kill(): Invalid read of size 8 at runqueue_task_kill (runqueue.c:200) by uloop_process_timeouts (uloop.c:505) by uloop_run_timeout (uloop.c:542) by uloop_run (uloop.h:111) by main (tests/test-runqueue.c:126) Address 0x5a4b058 is 24 bytes inside a block of size 208 free'd at free by runqueue_task_complete (runqueue.c:234) by runqueue_task_kill (runqueue.c:199) by uloop_process_timeouts (uloop.c:505) by uloop_run_timeout (uloop.c:542) by uloop_run (uloop.h:111) by main (tests/test-runqueue.c:126) Block was alloc'd at at calloc by add_sleeper (tests/test-runqueue.c:101) by main (tests/test-runqueue.c:123) Since commit 11e8afea (runqueue should call the complete handler from more places) the call to the complete() callback has been moved to runqueue_task_complete(). However in runqueue_task_kill() runqueue_task_complete() is called before the kill() callback. This will result in a use after free if the complete() callback frees the task struct. Furthermore runqueue_start_next() is already called at the end of runqueue_task_complete(), so there is no need to call it again in runqueue_task_kill(). The issue was that the _complete() callback frees the memory used by the task struct, which is then read after the _complete() callback returns. Ref: FS#3016 Signed-off-by: Alban Bedel <albeu@free.fr> [initial test case, kill cb comment fix] Signed-off-by: Chris Nisbet <nischris@gmail.com> [testcase improvements and commit subject/description tweaks] Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-23 05:35:23 +02:00
[1/1] start 'sleep 1' (killer)
[1/1] killing process (killer)
[0/1] finish 'sleep 1' (killer)
[0/1] finish 'sleep 1' (killer)
[0/1] finish 'sleep 1' (killer)
[1/1] start 'sleep 1' (sleeper)
[1/1] cancel 'sleep 1' (sleeper)
[0/1] finish 'sleep 1' (sleeper)
[1/1] start 'sleep 1' (sleeper)
[1/1] cancel 'sleep 1' (sleeper)
[0/1] finish 'sleep 1' (sleeper)
[1/1] start 'sleep 1' (sleeper)
[1/1] cancel 'sleep 1' (sleeper)
[0/1] finish 'sleep 1' (sleeper)
tests: add unit tests covered with Clang sanitizers Currently we run all tests via Valgrind. This patch adds 2nd batch of tests which are compiled with Clang AddressSanitizer[1], LeakSanitizer[2] and UndefinedBehaviorSanitizer[3] in order to catch more issues during QA on CI. AddressSanitizer is a fast memory error detector. The tool can detect the following types of bugs: * Out-of-bounds accesses to heap, stack and globals * Use-after-free, use-after-return, use-after-scope * Double-free, invalid free LeakSanitizer is a run-time memory leak detector. It can be combined with AddressSanitizer to get both memory error and leak detection, or used in a stand-alone mode. UndefinedBehaviorSanitizer (UBSan) is a fast undefined behavior detector. UBSan modifies the program at compile-time to catch various kinds of undefined behavior during program execution, for example: * Using misaligned or null pointer * Signed integer overflow * Conversion to, from, or between floating-point types which would overflow the destination 1. http://clang.llvm.org/docs/AddressSanitizer.html 2. http://http://clang.llvm.org/docs/LeakSanitizer.html 3. http://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-08 13:12:47 +01:00
All done!
Reference in a new issue Copy permalink