Add regression test for #923: ValidateScript OOB read with large invalid scripts

facontidavide · claude · facontidavide · commit 7e29b15d7d08 · 2026-02-01T18:28:40.000+01:00
The bug (fixed in cb6c751) was that ValidateScript used a fixed char[2048] buffer for error messages, causing out-of-bounds reads when error output exceeded the buffer. The current code uses std::string with std::back_inserter. This adds a regression test using the original reproducer to ensure the fix holds. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
diff --git a/tests/script_parser_test.cpp b/tests/script_parser_test.cpp
@@ -424,6 +424,29 @@ TEST(ParserTest, Issue595)
   ASSERT_EQ(0, counters[0]);
 }
 
+// https://github.com/BehaviorTree/BehaviorTree.CPP/issues/923
+// Regression test: ValidateScript must not crash on large invalid scripts
+// that produce error messages exceeding any fixed-size buffer.
+TEST(ParserTest, ValidateScriptLargeError_Issue923)
+{
+  // Build an invalid script large enough to overflow the old 2048-byte buffer
+  std::string script;
+  for(int i = 0; i < 10; i++)
+  {
+    script += "+6e66>6666.6+66\r6>6;6e62=6+6e66>66666'; en';o';o'; en'; ";
+    script += "\x7f"
+              "n"
+              "\x7f"
+              "r;6.6+66.H>6+6"
+              "\x80"
+              "6"
+              "\x1e"
+              ";@e66";
+  }
+  // Must not crash (old code used a fixed char[2048] buffer causing OOB read)
+  auto result = BT::ValidateScript(script);
+  EXPECT_FALSE(result);  // invalid script, but no crash
+}
 TEST(ParserTest, NewLine)
 {
   BT::BehaviorTreeFactory factory;
