[PATCH] kunit: Protect string comparisons against NULL

[PATCH] kunit: Protect string comparisons against NULL

[Richard Fitzgerald]

Add NULL checks to KUNIT_BINARY_STR_ASSERTION() so that it will fail
cleanly if either pointer is NULL, instead of causing a NULL pointer
dereference in the strcmp().

A test failure could be that a string is unexpectedly NULL. This could
be trapped by KUNIT_ASSERT_NOT_NULL() but that would terminate the test
at that point. It's preferable that the KUNIT_EXPECT_STR*() macros can
handle NULL pointers as a failure.

Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
---
 include/kunit/test.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/kunit/test.h b/include/kunit/test.h
index b163b9984b33..c2ce379c329b 100644
--- a/include/kunit/test.h
+++ b/include/kunit/test.h
@@ -758,7 +758,7 @@ do {									       \
 		.right_text = #right,					       \
 	};								       \
 									       \
-	if (likely(strcmp(__left, __right) op 0))			       \
+	if (likely((__left) && (__right) && (strcmp(__left, __right) op 0)))   \
 		break;							       \
 									       \
 									       \
-- 
2.30.2

Re: [PATCH] kunit: Protect string comparisons against NULL

[David Gow]

[-- Attachment #1: Type: text/plain, Size: 790 bytes --]

On Wed, 20 Dec 2023 at 23:52, Richard Fitzgerald
<rf@opensource.cirrus.com> wrote:
>
> Add NULL checks to KUNIT_BINARY_STR_ASSERTION() so that it will fail
> cleanly if either pointer is NULL, instead of causing a NULL pointer
> dereference in the strcmp().
>
> A test failure could be that a string is unexpectedly NULL. This could
> be trapped by KUNIT_ASSERT_NOT_NULL() but that would terminate the test
> at that point. It's preferable that the KUNIT_EXPECT_STR*() macros can
> handle NULL pointers as a failure.
>
> Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
> ---

I think this is the right thing to do. There's possibly an argument
that this should succeed if both are NULL, but I prefer it this way.

Reviewed-by: David Gow <davidgow@google.com>

Cheers,
-- David

[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4003 bytes --]

Re: [PATCH] kunit: Protect string comparisons against NULL

[Muhammad Usama Anjum]

On 12/20/23 8:52 PM, Richard Fitzgerald wrote:
> Add NULL checks to KUNIT_BINARY_STR_ASSERTION() so that it will fail
> cleanly if either pointer is NULL, instead of causing a NULL pointer
> dereference in the strcmp().
> 
> A test failure could be that a string is unexpectedly NULL. This could
> be trapped by KUNIT_ASSERT_NOT_NULL() but that would terminate the test
> at that point. It's preferable that the KUNIT_EXPECT_STR*() macros can
> handle NULL pointers as a failure.
> 
> Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
Reviewed-by: Muhammad Usama Anjum <usama.anjum@collabora.com>

> ---
>  include/kunit/test.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/include/kunit/test.h b/include/kunit/test.h
> index b163b9984b33..c2ce379c329b 100644
> --- a/include/kunit/test.h
> +++ b/include/kunit/test.h
> @@ -758,7 +758,7 @@ do {									       \
>  		.right_text = #right,					       \
>  	};								       \
>  									       \
> -	if (likely(strcmp(__left, __right) op 0))			       \
> +	if (likely((__left) && (__right) && (strcmp(__left, __right) op 0)))   \
>  		break;							       \
>  									       \
>  									       \

-- 
BR,
Muhammad Usama Anjum

Re: [PATCH] kunit: Protect string comparisons against NULL

[Richard Fitzgerald]

On 22/12/23 08:39, David Gow wrote:
> On Wed, 20 Dec 2023 at 23:52, Richard Fitzgerald
> <rf@opensource.cirrus.com> wrote:
>>
>> Add NULL checks to KUNIT_BINARY_STR_ASSERTION() so that it will fail
>> cleanly if either pointer is NULL, instead of causing a NULL pointer
>> dereference in the strcmp().
>>
>> A test failure could be that a string is unexpectedly NULL. This could
>> be trapped by KUNIT_ASSERT_NOT_NULL() but that would terminate the test
>> at that point. It's preferable that the KUNIT_EXPECT_STR*() macros can
>> handle NULL pointers as a failure.
>>
>> Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
>> ---
> 
> I think this is the right thing to do. There's possibly an argument
> that this should succeed if both are NULL, but I prefer it this way.
> 

Maybe an _OR_NULL() variant of the string test macros would be better to
be explicit that NULL is acceptable.

> Reviewed-by: David Gow <davidgow@google.com>
> 
> Cheers,
> -- David