Add an assertion to read_file_to_str_until_eof

The clangalyzer doesn't believe our math here.  I'm pretty sure our
math is right.  Also, add some unit tests.

2 files changed, 26 insertions, 0 deletions

diff --git a/src/common/util.c b/src/common/util.c
index 3f298cd9c4..a7a7fcbea3 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -2357,6 +2357,7 @@ read_file_to_str_until_eof(int fd, size_t max_bytes_to_read, size_t *sz_out)
     pos += r;
   } while (r > 0 && pos < max_bytes_to_read);
 
+  tor_assert(pos < string_max);
   *sz_out = pos;
   string[pos] = '\0';
   return string;
diff --git a/src/test/test_util.c b/src/test/test_util.c
index c32fadd119..1b7c936fd7 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -87,6 +87,20 @@ test_util_read_file_eof_tiny_limit(void *arg)
 }
 
 static void
+test_util_read_file_eof_one_loop_a(void *arg)
+{
+  (void)arg;
+  test_util_read_until_eof_impl("tor_test_fifo_1ka", 1024, 1023);
+}
+
+static void
+test_util_read_file_eof_one_loop_b(void *arg)
+{
+  (void)arg;
+  test_util_read_until_eof_impl("tor_test_fifo_1kb", 1024, 1024);
+}
+
+static void
 test_util_read_file_eof_two_loops(void *arg)
 {
   (void)arg;
@@ -98,6 +112,14 @@ test_util_read_file_eof_two_loops(void *arg)
 }
 
 static void
+test_util_read_file_eof_two_loops_b(void *arg)
+{
+  (void)arg;
+
+  test_util_read_until_eof_impl("tor_test_fifo_2kb", 2048, 2048);
+}
+
+static void
 test_util_read_file_eof_zero_bytes(void *arg)
 {
   (void)arg;
@@ -3870,7 +3892,10 @@ struct testcase_t util_tests[] = {
   UTIL_TEST(make_environment, 0),
   UTIL_TEST(set_env_var_in_sl, 0),
   UTIL_TEST(read_file_eof_tiny_limit, 0),
+  UTIL_TEST(read_file_eof_one_loop_a, 0),
+  UTIL_TEST(read_file_eof_one_loop_b, 0),
   UTIL_TEST(read_file_eof_two_loops, 0),
+  UTIL_TEST(read_file_eof_two_loops_b, 0),
   UTIL_TEST(read_file_eof_zero_bytes, 0),
   UTIL_TEST(write_chunks_to_file, 0),
   UTIL_TEST(mathlog, 0),