Skip to content

Commit 7e29b15

Browse files
facontidavideclaude
andcommitted
Add regression test for #923: ValidateScript OOB read with large invalid scripts
The bug (fixed in cb6c751) was that ValidateScript used a fixed char[2048] buffer for error messages, causing out-of-bounds reads when error output exceeded the buffer. The current code uses std::string with std::back_inserter. This adds a regression test using the original reproducer to ensure the fix holds. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1 parent b3dbe30 commit 7e29b15

1 file changed

Lines changed: 23 additions & 0 deletions

File tree

tests/script_parser_test.cpp

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -424,6 +424,29 @@ TEST(ParserTest, Issue595)
424424
ASSERT_EQ(0, counters[0]);
425425
}
426426

427+
// https://github.com/BehaviorTree/BehaviorTree.CPP/issues/923
428+
// Regression test: ValidateScript must not crash on large invalid scripts
429+
// that produce error messages exceeding any fixed-size buffer.
430+
TEST(ParserTest, ValidateScriptLargeError_Issue923)
431+
{
432+
// Build an invalid script large enough to overflow the old 2048-byte buffer
433+
std::string script;
434+
for(int i = 0; i < 10; i++)
435+
{
436+
script += "+6e66>6666.6+66\r6>6;6e62=6+6e66>66666'; en';o';o'; en'; ";
437+
script += "\x7f"
438+
"n"
439+
"\x7f"
440+
"r;6.6+66.H>6+6"
441+
"\x80"
442+
"6"
443+
"\x1e"
444+
";@e66";
445+
}
446+
// Must not crash (old code used a fixed char[2048] buffer causing OOB read)
447+
auto result = BT::ValidateScript(script);
448+
EXPECT_FALSE(result); // invalid script, but no crash
449+
}
427450
TEST(ParserTest, NewLine)
428451
{
429452
BT::BehaviorTreeFactory factory;

0 commit comments

Comments
 (0)