Merge pull request #426 from dwrensha/fix-get-pointer-type

fix bug where PointerBuilder::getPointerType() can corrupt PointerBuilder::segment

Merge pull request #426 from dwrensha/fix-get-pointer-type
fix bug where PointerBuilder::getPointerType() can corrupt PointerBuilder::segment
175fa1aa · Kenton Varda · GitHub · 28e118d9 · d1058e78 · 175fa1aa
Commit 175fa1aa authored Mar 11, 2017 by Kenton Varda Committed by GitHub Mar 11, 2017
Show whitespace changes
Inline Side-by-side

Showing with 25 additions and 4 deletions

any-test.c++ c++/src/capnp/any-test.c++ +21 -1

layout.c++ c++/src/capnp/layout.c++ +3 -2

layout.h c++/src/capnp/layout.h +1 -1

No files found.
--- a/c++/src/capnp/any-test.c++
+++ b/c++/src/capnp/any-test.c++
@@ -264,7 +264,27 @@ TEST(Any, AnyStructListCapInSchema) {
  #endif
 }
+KJ_TEST("Builder::isStruct() does not corrupt segment pointer") {
+  MallocMessageBuilder builder(1); // small first segment
+  auto root = builder.getRoot<AnyPointer>();
+  // Do a lot of allocations so that there is likely a segment with a decent
+  // amount of free space.
+  initTestMessage(root.initAs<test::TestAllTypes>());
+  // This will probably get allocated in a segment that still has room for the
+  // Data allocation below.
+  root.initAs<test::TestAllTypes>();
+  // At one point, this caused root.builder.segment to point to the segment
+  // where the struct is allocated, rather than segment where the root pointer
+  // lives, i.e. segment zero.
+  EXPECT_TRUE(root.isStruct());
+  // If root.builder.segment points to the wrong segment and that segment has free
+  // space, then this triggers a DREQUIRE failure in WirePointer::setKindAndTarget().
+  root.initAs<Data>(1);
+}
 TEST(Any, Equals) {
  MallocMessageBuilder builderA;

--- a/c++/src/capnp/layout.c++
+++ b/c++/src/capnp/layout.c++
@@ -2423,12 +2423,13 @@ void PointerBuilder::clear() {
  memset(pointer, 0, sizeof(WirePointer));
 }
-PointerType PointerBuilder::getPointerType() {
+PointerType PointerBuilder::getPointerType() const {
  if(pointer->isNull()) {
    return PointerType::NULL_;
  } else {
    WirePointer* ptr = pointer;
-    WireHelpers::followFars(ptr, ptr->target(), segment);
+    SegmentBuilder* sgmt = segment;
+    WireHelpers::followFars(ptr, ptr->target(), sgmt);
    switch(ptr->kind()) {
      case WirePointer::FAR:
        KJ_FAIL_ASSERT("far pointer not followed?");

--- a/c++/src/capnp/layout.h
+++ b/c++/src/capnp/layout.h
@@ -318,7 +318,7 @@ public:
  // location.
  inline bool isNull() { return getPointerType() == PointerType::NULL_; }
-  PointerType getPointerType();
+  PointerType getPointerType() const;
  StructBuilder getStruct(StructSize size, const word* defaultValue);
  ListBuilder getList(ElementSize elementSize, const word* defaultValue);