From cfbb8f137e258da5612e79954927c875fc8fb8a9 Mon Sep 17 00:00:00 2001
From: Iustin Pop <iustin@k1024.org>
Date: Sat, 22 Apr 2023 02:12:17 +0200
Subject: [PATCH] Try to make the acl_copy_ext_failure test better behaved

Sigh, this is really not a good test, but it does show the
deficiencies in the C library - I learned that users can trivially
shoot themselves in the foot and cause segfaults.
---
 tests/test_acls.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/tests/test_acls.py b/tests/test_acls.py
index d805b5c..f3b1bb1 100644
--- a/tests/test_acls.py
+++ b/tests/test_acls.py
@@ -526,8 +526,19 @@ class TestAclExtensions:
     @require_copy_ext
     def test_acl_copy_ext_failure(self):
         a = posix1e.ACL()
+        state = a.__getstate__()
+        # This is a dangerous test. The acl_copy_int() C function gets
+        # a void * buffer, and then casts that to an ACL structure,
+        # irrespective of buffer length; this can lead to segfaults
+        # (via unallocated memory indexing)
+        #
+        # To mitigate this, pass same buffer size as returned from the
+        # state, just nulled out - in the Linux version of the
+        # library, the first byte is the structure size and is tested
+        # for correct size, and a null byte will cause failure.
+        nulled = b'\x00' * len(state)
         with pytest.raises(IOError):
-            a.__setstate__(b'\0')
+            a.__setstate__(nulled)
 
     @require_copy_ext
     def test_acl_copy_ext_args(self):
-- 
2.39.2