From 7684686a1f75a90a3754bacc82ee50fb7b20d7c9 Mon Sep 17 00:00:00 2001 From: Andres Noetzli Date: Fri, 4 Jan 2019 13:26:08 -0800 Subject: [PATCH] C++ API: Fix OOB read in unit test (#2774) There were two typos in the unit tests that caused OOB accesses. Instead of doing `d_solver.mkConst(CONST_BITVECTOR, std::string("101"), 6)`, the closing parenthesis was in the wrong place resulting in `std::string("101", 6)`. The second argument to `std::string(const char*, size_t)` says how many characters to copy and results in undefined behavior if the number is greater than the length of the string, thus the OOB access. The commit fixes the typo and removes one of the tests because it should not actually fail (16 is an accepted base). --- test/unit/api/solver_black.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/test/unit/api/solver_black.h b/test/unit/api/solver_black.h index 76388d48f..40f641cbd 100644 --- a/test/unit/api/solver_black.h +++ b/test/unit/api/solver_black.h @@ -347,9 +347,7 @@ void SolverBlack::testMkConst() CVC4ApiException&); TS_ASSERT_THROWS(d_solver.mkConst(CONST_BITVECTOR, std::string("")), CVC4ApiException&); - TS_ASSERT_THROWS(d_solver.mkConst(CONST_BITVECTOR, std::string("101", 6)), - CVC4ApiException&); - TS_ASSERT_THROWS(d_solver.mkConst(CONST_BITVECTOR, std::string("102", 16)), + TS_ASSERT_THROWS(d_solver.mkConst(CONST_BITVECTOR, std::string("101"), 6), CVC4ApiException&); // mkConst(Kind kind, int32_t arg) const -- 2.30.2