From 1eb2c32df7bea40faef6dd4e774f9c02c114ae87 Mon Sep 17 00:00:00 2001 From: Tim Ruffing Date: Fri, 19 Mar 2021 11:16:06 +0100 Subject: [PATCH] Manually test that panicking from C will abort the process Panicking from C is not UB in newer rust versions and will reliably trigger an abort (without unwinding). In older rust versions, it is technically UB but empirically it seems to "just work" (and what should it realistically do except crashing, which is what we intent). Since there's potentially no unwinding, we can't test this behavior using [should_panic]. This PR will instead check the libtest output explicitly in our CI tests. Fixes #228. --- contrib/test.sh | 3 +++ src/lib.rs | 10 ++++------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/contrib/test.sh b/contrib/test.sh index d76b90f..7869499 100755 --- a/contrib/test.sh +++ b/contrib/test.sh @@ -78,6 +78,9 @@ if [ "$DO_ASAN" = true ]; then cargo run --release --manifest-path=./no_std_test/Cargo.toml | grep -q "Verified Successfully" fi +# Test if panic in C code aborts the process (either with a real panic or with SIGILL) +cargo test -- --ignored --exact 'tests::test_panic_raw_ctx_should_terminate_abnormally' 2>&1 | tee /dev/stderr | grep "SIGILL\\|panicked at '\[libsecp256k1\]" + # Bench if [ "$DO_BENCH" = true ]; then cargo bench --all --features="unstable" diff --git a/src/lib.rs b/src/lib.rs index 7b66a72..8d6e609 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -938,14 +938,12 @@ mod tests { #[cfg(not(target_arch = "wasm32"))] #[test] - #[should_panic] - fn test_panic_raw_ctx() { + #[ignore] // Panicking from C may trap (SIGILL) intentionally, so we test this manually. + fn test_panic_raw_ctx_should_terminate_abnormally() { let ctx_vrfy = Secp256k1::verification_only(); let raw_ctx_verify_as_full = unsafe {Secp256k1::from_raw_all(ctx_vrfy.ctx)}; - let (sk, _) = raw_ctx_verify_as_full.generate_keypair(&mut thread_rng()); - let msg = Message::from_slice(&[2u8; 32]).unwrap(); - // Try signing - raw_ctx_verify_as_full.sign(&msg, &sk); + // Generating a key pair in verify context will panic (ARG_CHECK). + raw_ctx_verify_as_full.generate_keypair(&mut thread_rng()); } #[test]