From 9f764c1ead2749cd0815b1918c7bf3334960872a Mon Sep 17 00:00:00 2001 From: Gert Wollny Date: Mon, 13 Jan 2020 10:06:36 +0100 Subject: [PATCH] tests/fuzzer: Add test that triggers a double free Related #154 Signed-off-by: Gert Wollny Reviewed-by: Gurchetan Singh --- tests/test_fuzzer_formats.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tests/test_fuzzer_formats.c b/tests/test_fuzzer_formats.c index 09fd113..ad80b42 100644 --- a/tests/test_fuzzer_formats.c +++ b/tests/test_fuzzer_formats.c @@ -146,6 +146,28 @@ static void test_format_wrong_size() virgl_renderer_submit_cmd((void *) cmd, ctx_id, VIRGL_CMD_BLIT_SIZE + 1); } +static void test_format_fail_and_double_free() +{ + struct virgl_renderer_resource_create_args args; + + args.handle = 1; + args.target = 3; + args.format = 191; + args.bind = 10; + args.width = 49; + args.height = 0; + args.depth = 0; + args.array_size = 0; + args.last_level = 0; + args.nr_samples = 0; + args.flags = 0; + + virgl_renderer_resource_create(&args, NULL, 0); + virgl_renderer_ctx_attach_resource(ctx_id, args.handle); +} + + + /* Issue #141 */ static void test_blit_info_format_check() @@ -659,6 +681,7 @@ int main() initialize_environment(); test_format_wrong_size(); + test_format_fail_and_double_free(); test_blit_info_format_check(); test_blit_info_format_check_null_format(); test_format_is_plain_nullptr_deref_trigger();