tests: Cover XML_StopParser's new handling of status XML_INITIALIZED

Prior to the fix to XML_StopParser, test test_misc_resumeparser_not_crashing would crash with a NULL pointer dereference in function normal_updatePosition. This was the AddressSanitizer output: > AddressSanitizer:DEADLYSIGNAL > ================================================================= > ==19700==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x5623e07ad85f bp 0x7ffcf40da650 sp 0x7ffcf40da590 T0) > ==19700==The signal is caused by a READ memory access. > ==19700==Hint: address points to the zero page. > #0 0x5623e07ad85f in normal_updatePosition [..]/lib/xmltok_impl.c:1781:13 > wxWidgets#1 0x5623e07a52ff in initUpdatePosition [..]/lib/xmltok.c:1031:3 > wxWidgets#2 0x5623e0762760 in XML_ResumeParser [..]/lib/xmlparse.c:2297:3 > wxWidgets#3 0x5623e074f7c1 in test_misc_resumeparser_not_crashing() misc_tests_cxx.cpp > wxWidgets#4 0x5623e074e228 in srunner_run_all ([..]/build_asan_fuzzers/tests/runtests_cxx+0x136228) > wxWidgets#5 0x5623e0753d2d in main ([..]/build_asan_fuzzers/tests/runtests_cxx+0x13bd2d) > wxWidgets#6 0x7f802a39af79 (/lib64/libc.so.6+0x25f79) > wxWidgets#7 0x7f802a39b034 in __libc_start_main (/lib64/libc.so.6+0x26034) > wxWidgets#8 0x5623e064f340 in _start ([..]/build_asan_fuzzers/tests/runtests_cxx+0x37340) > > AddressSanitizer can not provide additional info. > SUMMARY: AddressSanitizer: SEGV [..]/lib/xmltok_impl.c:1781:13 in normal_updatePosition > ==19700==ABORTING And this the UndefinedBehaviorSanitizer output: > [..]/lib/xmltok_impl.c:1781:13: runtime error: load of null pointer of type 'const char' > SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior [..]/lib/xmltok_impl.c:1781:13 in
MaartenBent · Oct 21, 2024 · b3836ff · b3836ff
1 parent 5fb89e7
commit b3836ff
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/expat/tests/misc_tests.c b/expat/tests/misc_tests.c
@@ -496,6 +496,28 @@ START_TEST(test_misc_char_handler_stop_without_leak) {
 }
 END_TEST
 
+START_TEST(test_misc_resumeparser_not_crashing) {
+  XML_Parser parser = XML_ParserCreate(NULL);
+  XML_GetBuffer(parser, 1);
+  XML_StopParser(parser, /*resumable=*/XML_TRUE);
+  XML_ResumeParser(parser); // could crash here, previously
+  XML_ParserFree(parser);
+}
+END_TEST
+
+START_TEST(test_misc_stopparser_rejects_unstarted_parser) {
+  const XML_Bool cases[] = {XML_TRUE, XML_FALSE};
+  for (size_t i = 0; i < sizeof(cases) / sizeof(cases[0]); i++) {
+    const XML_Bool resumable = cases[i];
+    XML_Parser parser = XML_ParserCreate(NULL);
+    assert_true(XML_GetErrorCode(parser) == XML_ERROR_NONE);
+    assert_true(XML_StopParser(parser, resumable) == XML_STATUS_ERROR);
+    assert_true(XML_GetErrorCode(parser) == XML_ERROR_NOT_STARTED);
+    XML_ParserFree(parser);
+  }
+}
+END_TEST
+
 void
 make_miscellaneous_test_case(Suite *s) {
   TCase *tc_misc = tcase_create("miscellaneous tests");
@@ -520,4 +542,6 @@ make_miscellaneous_test_case(Suite *s) {
                  test_misc_create_external_entity_parser_with_null_context);
   tcase_add_test(tc_misc, test_misc_general_entities_support);
   tcase_add_test(tc_misc, test_misc_char_handler_stop_without_leak);
+  tcase_add_test(tc_misc, test_misc_resumeparser_not_crashing);
+  tcase_add_test(tc_misc, test_misc_stopparser_rejects_unstarted_parser);
 }