...

Source file src/github.com/vbatts/tar-split/tar/asm/disassemble_test.go

Documentation: github.com/vbatts/tar-split/tar/asm 

     1  package asm
     2  
     3  import (
     4  	"archive/tar"
     5  	"fmt"
     6  	"io"
     7  	"os"
     8  	"testing"
     9  
    10  	"github.com/vbatts/tar-split/tar/storage"
    11  )
    12  
    13  // This test failing causes the binary to crash due to memory overcommitment.
    14  func TestLargeJunkPadding(t *testing.T) {
    15  	pR, pW := io.Pipe()
    16  
    17  	// Write a normal tar file into the pipe and then load it full of junk
    18  	// bytes as padding. We have to do this in a goroutine because we can't
    19  	// store 20GB of junk in-memory.
    20  	go func() {
    21  		// Empty archive.
    22  		tw := tar.NewWriter(pW)
    23  		if err := tw.Close(); err != nil {
    24  			pW.CloseWithError(err)
    25  			return
    26  		}
    27  
    28  		// Write junk.
    29  		const (
    30  			junkChunkSize = 64 * 1024 * 1024
    31  			junkChunkNum  = 20 * 16
    32  		)
    33  		devZero, err := os.Open("/dev/zero")
    34  		if err != nil {
    35  			pW.CloseWithError(err)
    36  			return
    37  		}
    38  		defer devZero.Close()
    39  		for i := 0; i < junkChunkNum; i++ {
    40  			if i%32 == 0 {
    41  				fmt.Fprintf(os.Stderr, "[TestLargeJunkPadding] junk chunk #%d/#%d\n", i, junkChunkNum)
    42  			}
    43  			if _, err := io.CopyN(pW, devZero, junkChunkSize); err != nil {
    44  				pW.CloseWithError(err)
    45  				return
    46  			}
    47  		}
    48  
    49  		fmt.Fprintln(os.Stderr, "[TestLargeJunkPadding] junk chunk finished")
    50  		pW.Close()
    51  	}()
    52  
    53  	// Disassemble our junk file.
    54  	nilPacker := storage.NewJSONPacker(io.Discard)
    55  	rdr, err := NewInputTarStream(pR, nilPacker, nil)
    56  	if err != nil {
    57  		t.Fatal(err)
    58  	}
    59  
    60  	// Copy the entire rdr.
    61  	_, err = io.Copy(io.Discard, rdr)
    62  	if err != nil {
    63  		t.Fatal(err)
    64  	}
    65  
    66  	// At this point, if we haven't crashed then we are not vulnerable to
    67  	// CVE-2017-14992.
    68  }
    69  

View as plain text