Add a test for a possible overflow in *printf.

It turns out we don't have any bugs here, but glibc does. Found while
chasing down a toybox failure I saw on the host, but we may as well
add the test in case we ever screw up here in future.

Change-Id: Ib8dd227ed3b742dc4dab8c09dc08e6ea9a35c807

diff --git a/tests/stdio_test.cpp b/tests/stdio_test.cpp
index 79a86ad..7e82612 100644 (file)
--- a/tests/stdio_test.cpp
+++ b/tests/stdio_test.cpp
@@ -553,6 +553,21 @@ TEST(STDIO_TEST, snprintf_small_stack) {
   ASSERT_EQ(0, pthread_join(t, nullptr));
 }
 
+TEST(STDIO_TEST, snprintf_asterisk_overflow) {
+  char buf[128];
+  ASSERT_EQ(5, snprintf(buf, sizeof(buf), "%.*s%c", 4, "hello world", '!'));
+  ASSERT_EQ(12, snprintf(buf, sizeof(buf), "%.*s%c", INT_MAX/2, "hello world", '!'));
+  ASSERT_EQ(12, snprintf(buf, sizeof(buf), "%.*s%c", INT_MAX-1, "hello world", '!'));
+  ASSERT_EQ(12, snprintf(buf, sizeof(buf), "%.*s%c", INT_MAX, "hello world", '!'));
+  ASSERT_EQ(12, snprintf(buf, sizeof(buf), "%.*s%c", -1, "hello world", '!'));
+
+  // INT_MAX-1, INT_MAX, INT_MAX+1.
+  ASSERT_EQ(12, snprintf(buf, sizeof(buf), "%.2147483646s%c", "hello world", '!'));
+  ASSERT_EQ(12, snprintf(buf, sizeof(buf), "%.2147483647s%c", "hello world", '!'));
+  ASSERT_EQ(-1, snprintf(buf, sizeof(buf), "%.2147483648s%c", "hello world", '!'));
+  ASSERT_EQ(ENOMEM, errno);
+}
+
 TEST(STDIO_TEST, fprintf_failures_7229520) {
   // http://b/7229520
   FILE* fp;