diff options
author | Henning Baldersheim <balder@yahoo-inc.com> | 2017-08-04 11:35:00 +0200 |
---|---|---|
committer | Henning Baldersheim <balder@yahoo-inc.com> | 2017-08-04 11:35:00 +0200 |
commit | 25dfe90ee8ee851f2c692829550e6f12502cf0b7 (patch) | |
tree | 6bea1622808d25d9c77451417f2457fb602302cb /searchlib/src/tests/query/query-old.cpp | |
parent | 591874352bf642b861a6ca461e5ca6427eaa9829 (diff) |
- Input is always dangerous.
- Add test that provokes stack overwrite.
- Prevent stack overwrite.
Diffstat (limited to 'searchlib/src/tests/query/query-old.cpp')
-rw-r--r-- | searchlib/src/tests/query/query-old.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/searchlib/src/tests/query/query-old.cpp b/searchlib/src/tests/query/query-old.cpp index e8e0614f51a..204289ccf61 100644 --- a/searchlib/src/tests/query/query-old.cpp +++ b/searchlib/src/tests/query/query-old.cpp @@ -648,4 +648,9 @@ TEST("require that incorrectly specified diversity can be parsed") { EXPECT_FALSE(descending_query.isValid()); } +TEST("require that we do not f.. up the stack on bad query") { + QueryTermSimple term("<form><iframe+	 +src=\\\"javascript:alert(1)\\\" 	;>", QueryTerm::WORD); + EXPECT_FALSE(term.isValid()); +} + TEST_MAIN() { TEST_RUN_ALL(); } |