Skip to content

Commit 96bc71e

Browse files
facontidavideclaude
andcommitted
Add regression test for #923: ValidateScript OOB read with large invalid scripts
The bug (fixed in cb6c751) was that ValidateScript used a fixed char[2048] buffer for error messages, causing out-of-bounds reads when error output exceeded the buffer. The current code uses std::string with std::back_inserter. This adds a regression test using the original reproducer to ensure the fix holds. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1 parent 223b3ed commit 96bc71e

File tree

1 file changed

+23
-0
lines changed

1 file changed

+23
-0
lines changed

tests/script_parser_test.cpp

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -460,6 +460,29 @@ TEST(ParserTest, OperatorAssociativity_Issue1029)
460460
EXPECT_EQ(GetResult("A .. ' ' .. B").cast<std::string>(), "hello world");
461461
}
462462

463+
// https://github.com/BehaviorTree/BehaviorTree.CPP/issues/923
464+
// Regression test: ValidateScript must not crash on large invalid scripts
465+
// that produce error messages exceeding any fixed-size buffer.
466+
TEST(ParserTest, ValidateScriptLargeError_Issue923)
467+
{
468+
// Build an invalid script large enough to overflow the old 2048-byte buffer
469+
std::string script;
470+
for(int i = 0; i < 10; i++)
471+
{
472+
script += "+6e66>6666.6+66\r6>6;6e62=6+6e66>66666'; en';o';o'; en'; ";
473+
script += "\x7f"
474+
"n"
475+
"\x7f"
476+
"r;6.6+66.H>6+6"
477+
"\x80"
478+
"6"
479+
"\x1e"
480+
";@e66";
481+
}
482+
// Must not crash (old code used a fixed char[2048] buffer causing OOB read)
483+
auto result = BT::ValidateScript(script);
484+
EXPECT_FALSE(result); // invalid script, but no crash
485+
}
463486
TEST(ParserTest, NewLine)
464487
{
465488
BT::BehaviorTreeFactory factory;

0 commit comments

Comments
 (0)