ci: comprehensive overflow test with detailed diagnostics

neilberkman · neilberkman · commit ef6e5f06e51c · 2025-09-06T22:57:47.000-07:00
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -241,27 +241,51 @@ jobs:
     - run: |
         # Skip regular tests for now - they're failing for unrelated reasons
         echo "Skipping regular tests to focus on buffer overflow detection"
-    - name: Test for buffer overflow (Issue #1183)
+    - name: Test for buffer overflow (Issue #1183)  
       run: |
         echo "Testing for buffer overflow in json_acis_data (Issue #1183)"
+        echo "Current commit: $(git rev-parse HEAD)"
         echo "Current branch: ${{ github.ref }}"
+        echo "Checking git log:"
+        git log --oneline | head -5
         echo "Checking for fix in src/in_json.c:"
-        grep -A2 "Calculate actual required size" src/in_json.c || echo "Fix NOT found"
+        if grep -q "Calculate actual required size" src/in_json.c; then
+          echo "FIX IS PRESENT - This branch should NOT overflow"
+          grep -A5 "Calculate actual required size" src/in_json.c
+        else
+          echo "FIX NOT FOUND - This branch SHOULD overflow"
+        fi
         
         if [ -f test/test-data/example_r14.dwg ]; then
           echo "Converting example_r14.dwg to JSON..."
           ./programs/dwgread -o example_r14.json test/test-data/example_r14.dwg
           echo "Converting JSON back to DWG (this triggers overflow on unfixed code)..."
-          # This should trigger buffer overflow on master, but pass on fix branch
-          ./programs/dwgwrite -o test.dwg example_r14.json 2>&1 | tee overflow_test.log
+          # Run dwgwrite - if no fix, Fedora's FORTIFY_SOURCE will abort with overflow
+          timeout 5 ./programs/dwgwrite -o test.dwg example_r14.json 2>&1 | tee overflow_test.log || true
           echo "=== Output from dwgwrite ==="
           cat overflow_test.log
           echo "=== End output ==="
-          if grep -q "buffer overflow detected" overflow_test.log; then
-            echo "::error::Buffer overflow detected in json_acis_data! Fix needed from PR."
-            exit 1
+          
+          # Check for the actual FORTIFY_SOURCE error message
+          if grep -i "buffer overflow detected\|fortify\|stack smashing detected\|terminated" overflow_test.log; then
+            echo "::error::Buffer overflow detected in json_acis_data! Fix needed."
+            if grep -q "Calculate actual required size" src/in_json.c; then
+              echo "ERROR: Fix was present but overflow still occurred!"
+              exit 2
+            else
+              echo "Expected: No fix present, overflow detected correctly"
+              exit 1
+            fi
+          else
+            echo "✓ No buffer overflow detected"
+            if grep -q "Calculate actual required size" src/in_json.c; then
+              echo "SUCCESS: Fix present and no overflow!"
+              exit 0
+            else
+              echo "WARNING: No fix but also no overflow - test may not be working"
+              exit 0
+            fi
           fi
-          echo "✓ No buffer overflow detected"
         else
           echo "Skipping overflow test - test file not found"
         fi
