Don't parse \x and \0 past the end in DeEscapeString

This has no attack surface though as the loop is to end very soon anyhow and the method only used while reading CD-ROM mountpoints which seems like a very unlikely attack vector…
author: David Kalnischkies <david@kalnischkies.de> 2020-12-03 10:44:27 +0100
committer: David Kalnischkies <david@kalnischkies.de> 2021-02-03 17:36:45 +0100
commit: ed192f410da36aedf5e54bb3f967e6613ab4bb51 (patch)
tree: 80478809e37250997e2c72d5686ac81c0b97260b /test
parent: 10f13938bbf1474451fadcd62e1c31c4b5f5b3d7 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/test/libapt/strutil_test.cc b/test/libapt/strutil_test.cc
index f101d72cf..d477e953c 100644
--- a/test/libapt/strutil_test.cc
+++ b/test/libapt/strutil_test.cc
@@ -21,6 +21,12 @@ TEST(StrUtilTest,DeEscapeString)
    // double slashes
    EXPECT_EQ("foo\\ x", DeEscapeString("foo\\\\ x"));
    EXPECT_EQ("\\foo\\", DeEscapeString("\\\\foo\\\\"));
+
+   // FIXME: the input is bad, the output as well, but we have no indicator for it
+   EXPECT_EQ("aa", DeEscapeString("aa\\x"));
+   EXPECT_EQ("aa0", DeEscapeString("aa\\x0"));
+   EXPECT_EQ("aa", DeEscapeString("aa\\0"));
+   EXPECT_EQ("aaa", DeEscapeString("aa\\0a"));
 }
 TEST(StrUtilTest,StringStrip)
 {
author	David Kalnischkies <david@kalnischkies.de>	2020-12-03 10:44:27 +0100
committer	David Kalnischkies <david@kalnischkies.de>	2021-02-03 17:36:45 +0100
commit	ed192f410da36aedf5e54bb3f967e6613ab4bb51 (patch)
tree	80478809e37250997e2c72d5686ac81c0b97260b /test
parent	10f13938bbf1474451fadcd62e1c31c4b5f5b3d7 (diff)