From: Dan Fandrich <dan@co...> - 2012-07-13 20:43:56
For those who are interested, I've added some tests to the
libexif-testsuite that can be used to reproduce some of the security
issues fixed in yesterday's release. Most of the new tests only show
problems in 64-bit environments, and many will only actually show
problems if run with valgrind or another memory sanitization framework.
You can use valgrind by manually editing tests/check-vars.sh once the
test suite is configured to change EXIFEXE to something like:
EXIFEXE="valgrind --leak-check=full --log-file=exif --error-exitcode=127 \
This will cause check-exif-executable.sh to fail, but will run
valgrind on the rest and fail the tests (most of the tests, anyway) if
something suspicious happens.
And in case you're not aware, both the libexif and exif packages include
small self-contained test suites. Just run 'make check' after a build
and it will run some quick sanity checks without having to install the
full test suite and all its dependencies.