tests: add regression test for billion-laughs

otherwise a buffer overflow occurs.
this has been a bug in pkgconf since the beginning, it seems.
instead of disclosing the bug correctly, a "hotshot" developer
decided to blog about it instead.  sigh.

https://nullprogram.com/blog/2023/01/18/

Makefile.am

@@ -22,6 +22,7 @@ EXTRA_DIST =	pkg.m4 \
 		libpkgconf/win-dirent.h \
 		tests/lib-relocatable/lib/pkgconfig/foo.pc \
 		tests/lib1/argv-parse-2.pc \
+		tests/lib1/billion-laughs.pc \
 		tests/lib1/dos-lineendings.pc \
 		tests/lib1/paren-quoting.pc \
 		tests/lib1/argv-parse-3.pc \

libpkgconf/tuple.c

@@ -357,12 +357,21 @@ pkgconf_tuple_parse(const pkgconf_client_t *client, pkgconf_list_t *vars, const
 
 			PKGCONF_TRACE(client, "lookup tuple %s", varname);
 
+			size_t remain = PKGCONF_BUFSIZE - (bptr - buf);
 			ptr += (pptr - ptr);
 			kv = pkgconf_tuple_find_global(client, varname);
 			if (kv != NULL)
 			{
-				strncpy(bptr, kv, PKGCONF_BUFSIZE - (bptr - buf));
-				bptr += strlen(kv);
+				size_t nlen = pkgconf_strlcpy(bptr, kv, remain);
+				if (nlen > remain)
+				{
+					pkgconf_warn(client, "warning: truncating very long variable to 64KB\n");
+
+					bptr = buf + (PKGCONF_BUFSIZE - 1);
+					break;
+				}
+
+				bptr += nlen;
 			}
 			else
 			{
@@ -370,12 +379,21 @@ pkgconf_tuple_parse(const pkgconf_client_t *client, pkgconf_list_t *vars, const
 
 				if (kv != NULL)
 				{
+					size_t nlen;
+
 					parsekv = pkgconf_tuple_parse(client, vars, kv, flags);
-
-					strncpy(bptr, parsekv, PKGCONF_BUFSIZE - (bptr - buf));
-					bptr += strlen(parsekv);
-
+					nlen = pkgconf_strlcpy(bptr, parsekv, remain);
 					free(parsekv);
+
+					if (nlen > remain)
+					{
+						pkgconf_warn(client, "warning: truncating very long variable to 64KB\n");
+
+						bptr = buf + (PKGCONF_BUFSIZE - 1);
+						break;
+					}
+
+					bptr += nlen;
 				}
 			}
 		}

tests/lib1/billion-laughs.pc

@@ -0,0 +1,13 @@
+v9=lol
+v8=${v9}${v9}${v9}${v9}${v9}${v9}${v9}${v9}${v9}${v9}
+v7=${v8}${v8}${v8}${v8}${v8}${v8}${v8}${v8}${v8}${v8}
+v6=${v7}${v7}${v7}${v7}${v7}${v7}${v7}${v7}${v7}${v7}
+v5=${v6}${v6}${v6}${v6}${v6}${v6}${v6}${v6}${v6}${v6}
+v4=${v5}${v5}${v5}${v5}${v5}${v5}${v5}${v5}${v5}${v5}
+v3=${v4}${v4}${v4}${v4}${v4}${v4}${v4}${v4}${v4}${v4}
+v2=${v3}${v3}${v3}${v3}${v3}${v3}${v3}${v3}${v3}${v3}
+v1=${v2}${v2}${v2}${v2}${v2}${v2}${v2}${v2}${v2}${v2}
+v0=${v1}${v1}${v1}${v1}${v1}${v1}${v1}${v1}${v1}${v1}
+Name: One Billion Laughs
+Version: ${v0}
+Description: Don't install this!

tests/regress.sh

@@ -30,7 +30,8 @@ tests_init \
 	malformed_quoting \
 	explicit_sysroot \
 	empty_tuple \
-	solver_requires_private_debounce
+	solver_requires_private_debounce \
+	billion_laughs
 
 #	sysroot_munge \
 
@@ -266,3 +267,9 @@ solver_requires_private_debounce_body()
 	atf_check -o inline:"-I/metapackage-1 -I/metapackage-2 -lmetapackage-1 -lmetapackage-2 \n" \
 		pkgconf --with-path="${selfdir}/lib1" --cflags --libs metapackage
 }
+
+billion_laughs_body()
+{
+	atf_check -o inline:"warning: truncating very long variable to 64KB\nwarning: truncating very long variable to 64KB\nwarning: truncating very long variable to 64KB\nwarning: truncating very long variable to 64KB\nwarning: truncating very long variable to 64KB\n" \
+		pkgconf --with-path="${selfdir}/lib1" --validate billion-laughs
+}