From: Ben Pfaff <blp@cs.stanford.edu>
Date: Tue, 4 Jul 2017 17:13:15 +0000 (-0400)
Subject: tests: Add tests against regression for two previously fixed bugs.
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e24d171d4ca100fa55c5390916e3e97eb31a29e8;p=pspp

tests: Add tests against regression for two previously fixed bugs.
---

diff --git a/tests/automake.mk b/tests/automake.mk
index 0f297f7ca0..58d4621762 100644
--- a/tests/automake.mk
+++ b/tests/automake.mk
@@ -245,6 +245,8 @@ tests_ui_syntax_gen_test_LDADD = \
 
 EXTRA_DIST += \
 	tests/coverage.sh \
+	tests/data/CVE-2017-10791.sav \
+	tests/data/CVE-2017-10792.sav \
 	tests/data/bcd-in.expected.cmp.gz \
 	tests/data/binhex-in.expected.cmp.gz \
 	tests/data/binhex-out.expected.gz \
diff --git a/tests/data/CVE-2017-10791.sav b/tests/data/CVE-2017-10791.sav
new file mode 100644
index 0000000000..6462081f32
Binary files /dev/null and b/tests/data/CVE-2017-10791.sav differ
diff --git a/tests/data/CVE-2017-10792.sav b/tests/data/CVE-2017-10792.sav
new file mode 100644
index 0000000000..e36df43756
Binary files /dev/null and b/tests/data/CVE-2017-10792.sav differ
diff --git a/tests/data/sys-file-reader.at b/tests/data/sys-file-reader.at
index a00ef2b46c..254de181ec 100644
--- a/tests/data/sys-file-reader.at
+++ b/tests/data/sys-file-reader.at
@@ -3873,3 +3873,29 @@ for variant in be le; do
 ])
 done
 AT_CLEANUP
+
+# CVE-2017-10791.
+# See also https://bugzilla.redhat.com/show_bug.cgi?id=1467004.
+# See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866890.
+# See also https://security-tracker.debian.org/tracker/CVE-2017-10791.
+# Found by team OWL337, using the collAFL fuzzer.
+AT_SETUP([integer overflows in long string missing values])
+cp $top_srcdir/tests/data/CVE-2017-10791.sav .
+AT_CHECK([pspp-convert -O csv CVE-2017-10791.sav -], [0], [], [dnl
+`CVE-2017-10791.sav': This system file does not indicate its own character encoding.  Using default encoding ANSI_X3.4-1968.  For best results, specify an encoding explicitly.  Use SYSFILE INFO with ENCODING="DETECT" to analyze the possible encodings.
+`CVE-2017-10791.sav' near offset 0x217: Extension record subtype 21 ends unexpectedly.
+])
+AT_CLEANUP
+
+# CVE-2017-10792.
+# See also https://bugzilla.redhat.com/show_bug.cgi?id=1467005.
+# See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866890.
+# See also https://security-tracker.debian.org/tracker/CVE-2017-10792.
+# Reported by team OWL337, with fuzzer collAFL.
+AT_SETUP([null dereference skipping bad extension record 18])
+cp $top_srcdir/tests/data/CVE-2017-10792.sav .
+AT_CHECK([pspp-convert -O csv CVE-2017-10792.sav -], [0], [], [dnl
+`CVE-2017-10792.sav' near offset 0x1c0: Record type 7, subtype 18 has bad size 4 (expected 1).
+`CVE-2017-10792.sav': This system file does not indicate its own character encoding.  Using default encoding ANSI_X3.4-1968.  For best results, specify an encoding explicitly.  Use SYSFILE INFO with ENCODING="DETECT" to analyze the possible encodings.
+])
+AT_CLEANUP