walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Multi process check: Sanitize error messages for illegal characters 

before sending them across the pipe.

The deserializer died while deserializing
a string containing a binary zero.
This commit is contained in:
Thomas Jarosch 2015-01-17 15:58:36 +01:00
parent 36bcefc39d
commit e6f042dadc
2 changed files with 27 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/errorlogger.cpp
View File

@ -29,6 +29,8 @@
#include <sstream>
#include <vector>
static std::string fixInvalidChars(const std::string& raw);
InternalError::InternalError(const Token *tok, const std::string &errorMsg, Type type) :
token(tok), errorMessage(errorMsg)
{
@ -107,8 +109,12 @@ std::string ErrorLogger::ErrorMessage::serialize() const
const std::string inconclusive("inconclusive");
oss << inconclusive.length() << " " << inconclusive;
}
oss << _shortMessage.length() << " " << _shortMessage;
oss << _verboseMessage.length() << " " << _verboseMessage;
const std::string saneShortMessage = fixInvalidChars(_shortMessage);
const std::string saneVerboseMessage = fixInvalidChars(_verboseMessage);
oss << saneShortMessage.length() << " " << saneShortMessage;
oss << saneVerboseMessage.length() << " " << saneVerboseMessage;
oss << _callStack.size() << " ";
for (std::list<ErrorLogger::ErrorMessage::FileLocation>::const_iterator tok = _callStack.begin(); tok != _callStack.end(); ++tok) {

19
test/testerrorlogger.cpp
View File

@ -54,6 +54,7 @@ private:
// Serialize / Deserialize inconclusive message
TEST_CASE(SerializeInconclusiveMessage);
TEST_CASE(DeserializeInvalidInput);
TEST_CASE(SerializeSanitize);
TEST_CASE(suppressUnmatchedSuppressions);
}
@ -266,6 +267,24 @@ private:
ASSERT_THROW(msg.deserialize("500foobar"), InternalError);
}
void SerializeSanitize() const {
std::list<ErrorLogger::ErrorMessage::FileLocation> locs;
ErrorMessage msg(locs, Severity::error, std::string("Illegal character in \"foo\001bar\""), "errorId", false);
ASSERT_EQUALS(std::string("7 errorId") +
std::string("5 error") +
std::string("33 Illegal character in \"foo\\001bar\"") +
std::string("33 Illegal character in \"foo\\001bar\"") +
std::string("0 "), msg.serialize());
ErrorMessage msg2;
msg2.deserialize(msg.serialize());
ASSERT_EQUALS("errorId", msg2._id);
ASSERT_EQUALS(Severity::error, msg2._severity);
ASSERT_EQUALS("Illegal character in \"foo\\001bar\"", msg2.shortMessage());
ASSERT_EQUALS("Illegal character in \"foo\\001bar\"", msg2.verboseMessage());
}
void suppressUnmatchedSuppressions() {
std::list<Suppressions::SuppressionEntry> suppressions;