{
buffer_t *buffer;
- buffer = buffer_create_dynamic(pool, init_count * element_size);
+ buffer = buffer_create_dynamic_max(pool, init_count * element_size,
+ SIZE_MAX / element_size < UINT_MAX ? SIZE_MAX :
+ UINT_MAX * element_size);
array_create_from_buffer_i(array, buffer, element_size);
}
#define array_create(array, pool, element_size, init_count) \
array_copy(&ad.arr, 1, &as.arr, 0, 4);
return FATAL_TEST_FAILURE;
}
+ case 3: {
+ ARRAY(uint8_t) arr;
+ uint8_t value = 0;
+
+ t_array_init(&arr, 2);
+ array_push_back(&arr, &value);
+ test_expect_fatal_string("Buffer write out of range");
+ /* this is supposed to assert-crash before it even attempts to
+ access value */
+ array_append(&arr, &value, UINT_MAX);
+ return FATAL_TEST_FAILURE;
+ }
+ case 4: {
+ ARRAY(uint32_t) arr;
+ uint32_t value = 0;
+
+ t_array_init(&arr, 2);
+ array_push_back(&arr, &value);
+ test_expect_fatal_string("Buffer write out of range");
+ /* this is supposed to assert-crash before it even attempts to
+ access value */
+ array_append(&arr, &value, UINT_MAX);
+ return FATAL_TEST_FAILURE;
+ }
}
test_end();
/* Forces the compiler to check the value of useless_ptr, so that it
projects / thirdparty / dovecot / core.git / commitdiff
