From 20dd22da4234c565423f62d2cc03e5d78b2c34da Mon Sep 17 00:00:00 2001 From: Tim Janik Date: Wed, 7 Aug 2002 15:46:37 +0000 Subject: [PATCH] keep entity name in a newly alocated buffer to prevent segfaulting on Wed Aug 7 17:38:16 2002 Tim Janik * glib/gmarkup.c (unescape_text): keep entity name in a newly alocated buffer to prevent segfaulting on entity names which are longer than 5 characters. --- ChangeLog | 6 ++++++ ChangeLog.pre-2-10 | 6 ++++++ ChangeLog.pre-2-12 | 6 ++++++ ChangeLog.pre-2-2 | 6 ++++++ ChangeLog.pre-2-4 | 6 ++++++ ChangeLog.pre-2-6 | 6 ++++++ ChangeLog.pre-2-8 | 6 ++++++ glib/gmarkup.c | 32 ++++++++------------------------ 8 files changed, 50 insertions(+), 24 deletions(-) diff --git a/ChangeLog b/ChangeLog index dd460647a..2d67139a8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +Wed Aug 7 17:38:16 2002 Tim Janik + + * glib/gmarkup.c (unescape_text): keep entity name in + a newly alocated buffer to prevent segfaulting on entity + names which are longer than 5 characters. + 2002-08-06 Sebastian Wilhelmi * glib/gmain.c: Factor out g_main_context_init_pipe from diff --git a/ChangeLog.pre-2-10 b/ChangeLog.pre-2-10 index dd460647a..2d67139a8 100644 --- a/ChangeLog.pre-2-10 +++ b/ChangeLog.pre-2-10 @@ -1,3 +1,9 @@ +Wed Aug 7 17:38:16 2002 Tim Janik + + * glib/gmarkup.c (unescape_text): keep entity name in + a newly alocated buffer to prevent segfaulting on entity + names which are longer than 5 characters. + 2002-08-06 Sebastian Wilhelmi * glib/gmain.c: Factor out g_main_context_init_pipe from diff --git a/ChangeLog.pre-2-12 b/ChangeLog.pre-2-12 index dd460647a..2d67139a8 100644 --- a/ChangeLog.pre-2-12 +++ b/ChangeLog.pre-2-12 @@ -1,3 +1,9 @@ +Wed Aug 7 17:38:16 2002 Tim Janik + + * glib/gmarkup.c (unescape_text): keep entity name in + a newly alocated buffer to prevent segfaulting on entity + names which are longer than 5 characters. + 2002-08-06 Sebastian Wilhelmi * glib/gmain.c: Factor out g_main_context_init_pipe from diff --git a/ChangeLog.pre-2-2 b/ChangeLog.pre-2-2 index dd460647a..2d67139a8 100644 --- a/ChangeLog.pre-2-2 +++ b/ChangeLog.pre-2-2 @@ -1,3 +1,9 @@ +Wed Aug 7 17:38:16 2002 Tim Janik + + * glib/gmarkup.c (unescape_text): keep entity name in + a newly alocated buffer to prevent segfaulting on entity + names which are longer than 5 characters. + 2002-08-06 Sebastian Wilhelmi * glib/gmain.c: Factor out g_main_context_init_pipe from diff --git a/ChangeLog.pre-2-4 b/ChangeLog.pre-2-4 index dd460647a..2d67139a8 100644 --- a/ChangeLog.pre-2-4 +++ b/ChangeLog.pre-2-4 @@ -1,3 +1,9 @@ +Wed Aug 7 17:38:16 2002 Tim Janik + + * glib/gmarkup.c (unescape_text): keep entity name in + a newly alocated buffer to prevent segfaulting on entity + names which are longer than 5 characters. + 2002-08-06 Sebastian Wilhelmi * glib/gmain.c: Factor out g_main_context_init_pipe from diff --git a/ChangeLog.pre-2-6 b/ChangeLog.pre-2-6 index dd460647a..2d67139a8 100644 --- a/ChangeLog.pre-2-6 +++ b/ChangeLog.pre-2-6 @@ -1,3 +1,9 @@ +Wed Aug 7 17:38:16 2002 Tim Janik + + * glib/gmarkup.c (unescape_text): keep entity name in + a newly alocated buffer to prevent segfaulting on entity + names which are longer than 5 characters. + 2002-08-06 Sebastian Wilhelmi * glib/gmain.c: Factor out g_main_context_init_pipe from diff --git a/ChangeLog.pre-2-8 b/ChangeLog.pre-2-8 index dd460647a..2d67139a8 100644 --- a/ChangeLog.pre-2-8 +++ b/ChangeLog.pre-2-8 @@ -1,3 +1,9 @@ +Wed Aug 7 17:38:16 2002 Tim Janik + + * glib/gmarkup.c (unescape_text): keep entity name in + a newly alocated buffer to prevent segfaulting on entity + names which are longer than 5 characters. + 2002-08-06 Sebastian Wilhelmi * glib/gmain.c: Factor out g_main_context_init_pipe from diff --git a/glib/gmarkup.c b/glib/gmarkup.c index 5130166af..ab5d1ec7b 100644 --- a/glib/gmarkup.c +++ b/glib/gmarkup.c @@ -367,7 +367,6 @@ unescape_text (GMarkupParseContext *context, gchar **unescaped, GError **error) { -#define MAX_ENT_LEN 5 GString *str; const gchar *p; UnescapeState state; @@ -450,11 +449,6 @@ unescape_text (GMarkupParseContext *context, case USTATE_INSIDE_ENTITY_NAME: { - gchar buf[MAX_ENT_LEN+1] = { - '\0', '\0', '\0', '\0', '\0', '\0' - }; - gchar *dest; - while (p != text_end) { if (*p == ';') @@ -479,31 +473,22 @@ unescape_text (GMarkupParseContext *context, { if (p != text_end) { - const gchar *src; - - src = start; - dest = buf; - while (src != p) - { - *dest = *src; - ++dest; - ++src; - } + gchar *ent = g_strndup (start, p - start); /* move to after semicolon */ p = g_utf8_next_char (p); start = p; state = USTATE_INSIDE_TEXT; - if (strcmp (buf, "lt") == 0) + if (strcmp (ent, "lt") == 0) g_string_append_c (str, '<'); - else if (strcmp (buf, "gt") == 0) + else if (strcmp (ent, "gt") == 0) g_string_append_c (str, '>'); - else if (strcmp (buf, "amp") == 0) + else if (strcmp (ent, "amp") == 0) g_string_append_c (str, '&'); - else if (strcmp (buf, "quot") == 0) + else if (strcmp (ent, "quot") == 0) g_string_append_c (str, '"'); - else if (strcmp (buf, "apos") == 0) + else if (strcmp (ent, "apos") == 0) g_string_append_c (str, '\''); else { @@ -511,8 +496,9 @@ unescape_text (GMarkupParseContext *context, p, text_end, G_MARKUP_ERROR_PARSE, _("Entity name '%s' is not known"), - buf); + ent); } + g_free (ent); } else { @@ -666,8 +652,6 @@ unescape_text (GMarkupParseContext *context, *unescaped = g_string_free (str, FALSE); return TRUE; } - -#undef MAX_ENT_LEN } static gboolean