cfgtest example fails with test.conf and simple.conf

[busykai]

Running cgftest (with default test.conf and simple.conf) on the current master, cfg_parse returns CFG_PARSE_ERROR here.

It could be by design. However, both test.conf and simple.conf are cited as good examples.

For example, running ./cfgtest test.conf produces:

Using libConfuse 3.2.2 by Martin Hedenfalk <martin@bzero.se>

cb_func() called with 4 parameters:
parameter 0: 'one'
parameter 1: 'two'
parameter 2: 'three'
parameter 3: 'four'
cb_func() called with 2 parameters:
parameter 0: '1'
parameter 1: '2'
test.conf:58: no such option '//delays'
ret == 1
parse error

[troglobit]

Good catch! It seems we have a regression in parsing // comments. It works if you add a space after the leading // on line 55 in test.conf

[busykai]

Some background to this: CVE-2018-19760 was published against libconfuse, based on this bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1649152 . Out of curiosity, I went to see what the problem was. The bug report is apparently incorrect and the ASAN output looks like premature exit without clean up on an error in the caller, not the library. I was slightly surprised that cfgtest behaved the same way on and found the regression.

[troglobit]

Ah, thanks for following up on this! Yeah, the POC was unreadable so quite difficult to do postmortem with. Not cleaning up would definitely cause loss of memory so yeah

We've "recently" introduced support for returning comment data and that's causing cfgtest to fail atm. I'll look into it later on, unless someone else beats me to it.