GDBusMessage: do not align for grandchildren of empty arrays.

D-Bus arrays are serialized as follows: 1. align to a 4-byte boundary (for the length) 2. uint32: the length of the serialized body in bytes 3. padding for the alignment of the body type (not included in the length) 4. the body. Note that 3. is a no-op unless the body type is an 8-byte aligned type (uint64, int64, double, struct, dict_entry), since you are always on a 4-byte boundary from aligning and writing the length. So, an empty aax (that is, an array containing zero arrays of int64) is serialized as follows: 1. align to a 4-byte boundary 2. length of the contents of this (empty) array, in bytes (0) 3. align to a 4-byte boundary (the child array's alignment requirement) 4. there is no body. But previously, GDBus would recurse in step three to align not just for the type of the child array, but for the nonexistent child array's contents. This only affects the algorithm when the grandchild type has 8-byte alignment and the reader happened to not already be on an 8-byte boundary, in which case 4 bytes were spuriously skipped. https://bugzilla.gnome.org/show_bug.cgi?id=673612 Signed-off-by: David Zeuthen <davidz@redhat.com>
2025-02-02 17:26:17 +01:00 · 2012-04-10 13:20:09 +01:00 · 2012-04-10 13:20:09 +01:00 · 113f4abb67
commit 113f4abb67
parent e28d3ef921
1 changed files with 72 additions and 79 deletions
--- a/gio/gdbusmessage.c
+++ b/gio/gdbusmessage.c
@ -1289,6 +1289,16 @@ parse_value_from_blob (GMemoryInputStream    *mis,
      break;

    case 'a': /* G_VARIANT_TYPE_ARRAY */
+      if (!ensure_input_padding (mis, 4, &local_error))
+        goto fail;
+
+      /* If we are only aligning for this array type, it is the child type of
+       * another array, which is empty. So, we do not need to add padding for
+       * this nonexistent array's elements: we only need to align for this
+       * array itself (4 bytes). See
+       * <https://bugzilla.gnome.org/show_bug.cgi?id=673612>.
+       */
+      if (!just_align)
        {
          guint32 array_len;
          goffset offset;
@ -1296,15 +1306,6 @@ parse_value_from_blob (GMemoryInputStream    *mis,
          const GVariantType *element_type;
          GVariantBuilder builder;

-        if (!ensure_input_padding (mis, 4, &local_error))
-          goto fail;
-
-        if (just_align)
-          {
-            array_len = 0;
-          }
-        else
-          {
          array_len = g_data_input_stream_read_uint32 (dis, NULL, &local_error);
          if (local_error != NULL)
            goto fail;
@ -1327,7 +1328,6 @@ parse_value_from_blob (GMemoryInputStream    *mis,
                           array_len);
              goto fail;
            }
-          }

          g_variant_builder_init (&builder, type);
          element_type = g_variant_type_element (type);
@ -1368,15 +1368,8 @@ parse_value_from_blob (GMemoryInputStream    *mis,
                }
            }

-        if (!just_align)
-          {
          ret = g_variant_builder_end (&builder);
        }
-        else
-          {
-            g_variant_builder_clear (&builder);
-          }
-      }
      break;

    default: