From a149bf2f9030168051942124536e303af8ba6176 Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" Date: Sun, 7 Feb 2021 23:32:40 +0100 Subject: [PATCH 1/3] giochannel: Fix length_size bounds check The inverted condition is an obvious error introduced by ecdf91400e9a. Fixes https://gitlab.gnome.org/GNOME/glib/-/issues/2323 --- glib/giochannel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glib/giochannel.c b/glib/giochannel.c index 4c5e081ed..8516c0b5e 100644 --- a/glib/giochannel.c +++ b/glib/giochannel.c @@ -899,7 +899,7 @@ g_io_channel_set_line_term (GIOChannel *channel, { /* FIXME: We’re constrained by line_term_len being a guint here */ gsize length_size = strlen (line_term); - g_return_if_fail (length_size > G_MAXUINT); + g_return_if_fail (length_size <= G_MAXUINT); length_unsigned = (guint) length_size; } From 5dc8b0014c03e7491d93b90275ab442e888a9628 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 8 Feb 2021 10:34:50 +0000 Subject: [PATCH 2/3] giochannel: Don't store negative line_term_len in GIOChannel struct Adding test coverage indicated that this was another bug in 0cc11f74. Fixes: 0cc11f74 "giochannel: Forbid very long line terminator strings" Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/2323 Signed-off-by: Simon McVittie --- glib/giochannel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glib/giochannel.c b/glib/giochannel.c index 8516c0b5e..e93c4b458 100644 --- a/glib/giochannel.c +++ b/glib/giochannel.c @@ -905,7 +905,7 @@ g_io_channel_set_line_term (GIOChannel *channel, g_free (channel->line_term); channel->line_term = line_term ? g_memdup2 (line_term, length_unsigned) : NULL; - channel->line_term_len = length; + channel->line_term_len = length_unsigned; } /** From 63f37f8c3ba4d523cb39f03ce05abb8adde5b0c7 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 8 Feb 2021 10:28:25 +0000 Subject: [PATCH 3/3] io-channel test: Add coverage for g_io_channel_set_line_term(., ., -1) Signed-off-by: Simon McVittie --- glib/tests/io-channel.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/glib/tests/io-channel.c b/glib/tests/io-channel.c index ff53fcef7..4a1b10876 100644 --- a/glib/tests/io-channel.c +++ b/glib/tests/io-channel.c @@ -49,8 +49,10 @@ test_read_line_embedded_nuls (void) channel = g_io_channel_new_file (filename, "r", &local_error); g_assert_no_error (local_error); - /* Only break on newline characters, not nuls. */ - g_io_channel_set_line_term (channel, "\n", 1); + /* Only break on newline characters, not nuls. + * Use length -1 here to exercise glib#2323; the case where length > 0 + * is covered in glib/tests/protocol.c. */ + g_io_channel_set_line_term (channel, "\n", -1); g_io_channel_set_encoding (channel, NULL, &local_error); g_assert_no_error (local_error);