Add a test with a long entity name.

2005-01-24 Matthias Clasen <mclasen@redhat.com> * tests/markups/fail-40.gmarkup: Add a test with a long entity name. * glib/gmarkup.c (unescape_text_state_inside_entity_name): Don't copy the entity name into a short buffer of fixed length. Instead, compare it in place with strncmp(), and do a full strdup() in the error path. (#165100, Simon Budig)
2024-09-20 01:06:15 +02:00 · 2005-01-24 17:25:37 +00:00 · 2005-01-24 17:25:37 +00:00 · 39a681995c
commit 39a681995c
parent 76d763485b
6 changed files with 52 additions and 22 deletions
--- a/10
+++ b/10
@ -1,3 +1,13 @@
+2005-01-24  Matthias Clasen  <mclasen@redhat.com>
+
+	* tests/markups/fail-40.gmarkup: Add a test with a long entity
+	name.
+
+	* glib/gmarkup.c (unescape_text_state_inside_entity_name): Don't
+	copy the entity name into a short buffer of fixed length. Instead,
+	compare it in place with strncmp(), and do a full strdup() in the
+	error path.  (#165100, Simon Budig)
+
 2005-01-22  Tor Lillqvist  <tml@novell.com>

 	* glib/gdate.c (g_date_set_time): Don't g_assert that localtime()
--- a/ChangeLog.pre-2-10
+++ b/ChangeLog.pre-2-10
@ -1,3 +1,13 @@
+2005-01-24  Matthias Clasen  <mclasen@redhat.com>
+
+	* tests/markups/fail-40.gmarkup: Add a test with a long entity
+	name.
+
+	* glib/gmarkup.c (unescape_text_state_inside_entity_name): Don't
+	copy the entity name into a short buffer of fixed length. Instead,
+	compare it in place with strncmp(), and do a full strdup() in the
+	error path.  (#165100, Simon Budig)
+
 2005-01-22  Tor Lillqvist  <tml@novell.com>

 	* glib/gdate.c (g_date_set_time): Don't g_assert that localtime()
--- a/ChangeLog.pre-2-12
+++ b/ChangeLog.pre-2-12
@ -1,3 +1,13 @@
+2005-01-24  Matthias Clasen  <mclasen@redhat.com>
+
+	* tests/markups/fail-40.gmarkup: Add a test with a long entity
+	name.
+
+	* glib/gmarkup.c (unescape_text_state_inside_entity_name): Don't
+	copy the entity name into a short buffer of fixed length. Instead,
+	compare it in place with strncmp(), and do a full strdup() in the
+	error path.  (#165100, Simon Budig)
+
 2005-01-22  Tor Lillqvist  <tml@novell.com>

 	* glib/gdate.c (g_date_set_time): Don't g_assert that localtime()
--- a/ChangeLog.pre-2-8
+++ b/ChangeLog.pre-2-8
@ -1,3 +1,13 @@
+2005-01-24  Matthias Clasen  <mclasen@redhat.com>
+
+	* tests/markups/fail-40.gmarkup: Add a test with a long entity
+	name.
+
+	* glib/gmarkup.c (unescape_text_state_inside_entity_name): Don't
+	copy the entity name into a short buffer of fixed length. Instead,
+	compare it in place with strncmp(), and do a full strdup() in the
+	error path.  (#165100, Simon Budig)
+
 2005-01-22  Tor Lillqvist  <tml@novell.com>

 	* glib/gdate.c (g_date_set_time): Don't g_assert that localtime()
--- a/glib/gmarkup.c
+++ b/glib/gmarkup.c
@ -458,12 +458,6 @@ unescape_text_state_inside_entity_name (UnescapeContext *ucontext,
                                        const gchar     *p,
                                        GError         **error)
 {
-#define MAX_ENT_LEN 5
-  gchar buf[MAX_ENT_LEN+1] = {
-    '\0', '\0', '\0', '\0', '\0', '\0'
-  };
-  gchar *dest;
-
  while (p != ucontext->text_end)
    {
      if (*p == ';')
@ -488,38 +482,33 @@ unescape_text_state_inside_entity_name (UnescapeContext *ucontext,
    {
      if (p != ucontext->text_end)
        {
-          const gchar *src;
-                
-          src = ucontext->entity_start;
-          dest = buf;
-          while (src != p)
-            {
-              *dest = *src;
-              ++dest;
-              ++src;
-            }
+	  gint len = p - ucontext->entity_start;

          /* move to after semicolon */
          p = g_utf8_next_char (p);
          ucontext->state = USTATE_INSIDE_TEXT;

-          if (strcmp (buf, "lt") == 0)
+          if (strncmp (ucontext->entity_start, "lt", len) == 0)
            g_string_append_c (ucontext->str, '<');
-          else if (strcmp (buf, "gt") == 0)
+          else if (strncmp (ucontext->entity_start, "gt", len) == 0)
            g_string_append_c (ucontext->str, '>');
-          else if (strcmp (buf, "amp") == 0)
+          else if (strncmp (ucontext->entity_start, "amp", len) == 0)
            g_string_append_c (ucontext->str, '&');
-          else if (strcmp (buf, "quot") == 0)
+          else if (strncmp (ucontext->entity_start, "quot", len) == 0)
            g_string_append_c (ucontext->str, '"');
-          else if (strcmp (buf, "apos") == 0)
+          else if (strncmp (ucontext->entity_start, "apos", len) == 0)
            g_string_append_c (ucontext->str, '\'');
          else
            {
+	      gchar *name;
+
+	      name = g_strndup (ucontext->entity_start, len);
              set_unescape_error (ucontext->context, error,
                                  p, ucontext->text_end,
                                  G_MARKUP_ERROR_PARSE,
                                  _("Entity name '%s' is not known"),
-                                  buf);
+                                  name);
+	      g_free (name);
            }
        }
      else
--- a/tests/markups/fail-40.gmarkup
+++ b/tests/markups/fail-40.gmarkup
@ -0,0 +1 @@
+<bla>&unknownentityname;</bla>