diff --git a/ChangeLog b/ChangeLog index 14b7d01b7..7e10da0f7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2005-01-24 Matthias Clasen + + * tests/markups/fail-40.gmarkup: Add a test with a long entity + name. + + * glib/gmarkup.c (unescape_text_state_inside_entity_name): Don't + copy the entity name into a short buffer of fixed length. Instead, + compare it in place with strncmp(), and do a full strdup() in the + error path. (#165100, Simon Budig) + 2005-01-22 Tor Lillqvist * glib/gdate.c (g_date_set_time): Don't g_assert that localtime() diff --git a/ChangeLog.pre-2-10 b/ChangeLog.pre-2-10 index 14b7d01b7..7e10da0f7 100644 --- a/ChangeLog.pre-2-10 +++ b/ChangeLog.pre-2-10 @@ -1,3 +1,13 @@ +2005-01-24 Matthias Clasen + + * tests/markups/fail-40.gmarkup: Add a test with a long entity + name. + + * glib/gmarkup.c (unescape_text_state_inside_entity_name): Don't + copy the entity name into a short buffer of fixed length. Instead, + compare it in place with strncmp(), and do a full strdup() in the + error path. (#165100, Simon Budig) + 2005-01-22 Tor Lillqvist * glib/gdate.c (g_date_set_time): Don't g_assert that localtime() diff --git a/ChangeLog.pre-2-12 b/ChangeLog.pre-2-12 index 14b7d01b7..7e10da0f7 100644 --- a/ChangeLog.pre-2-12 +++ b/ChangeLog.pre-2-12 @@ -1,3 +1,13 @@ +2005-01-24 Matthias Clasen + + * tests/markups/fail-40.gmarkup: Add a test with a long entity + name. + + * glib/gmarkup.c (unescape_text_state_inside_entity_name): Don't + copy the entity name into a short buffer of fixed length. Instead, + compare it in place with strncmp(), and do a full strdup() in the + error path. (#165100, Simon Budig) + 2005-01-22 Tor Lillqvist * glib/gdate.c (g_date_set_time): Don't g_assert that localtime() diff --git a/ChangeLog.pre-2-8 b/ChangeLog.pre-2-8 index 14b7d01b7..7e10da0f7 100644 --- a/ChangeLog.pre-2-8 +++ b/ChangeLog.pre-2-8 @@ -1,3 +1,13 @@ +2005-01-24 Matthias Clasen + + * tests/markups/fail-40.gmarkup: Add a test with a long entity + name. + + * glib/gmarkup.c (unescape_text_state_inside_entity_name): Don't + copy the entity name into a short buffer of fixed length. Instead, + compare it in place with strncmp(), and do a full strdup() in the + error path. (#165100, Simon Budig) + 2005-01-22 Tor Lillqvist * glib/gdate.c (g_date_set_time): Don't g_assert that localtime() diff --git a/glib/gmarkup.c b/glib/gmarkup.c index a0acfcec6..45d75b705 100644 --- a/glib/gmarkup.c +++ b/glib/gmarkup.c @@ -458,12 +458,6 @@ unescape_text_state_inside_entity_name (UnescapeContext *ucontext, const gchar *p, GError **error) { -#define MAX_ENT_LEN 5 - gchar buf[MAX_ENT_LEN+1] = { - '\0', '\0', '\0', '\0', '\0', '\0' - }; - gchar *dest; - while (p != ucontext->text_end) { if (*p == ';') @@ -488,38 +482,33 @@ unescape_text_state_inside_entity_name (UnescapeContext *ucontext, { if (p != ucontext->text_end) { - const gchar *src; - - src = ucontext->entity_start; - dest = buf; - while (src != p) - { - *dest = *src; - ++dest; - ++src; - } + gint len = p - ucontext->entity_start; /* move to after semicolon */ p = g_utf8_next_char (p); ucontext->state = USTATE_INSIDE_TEXT; - if (strcmp (buf, "lt") == 0) + if (strncmp (ucontext->entity_start, "lt", len) == 0) g_string_append_c (ucontext->str, '<'); - else if (strcmp (buf, "gt") == 0) + else if (strncmp (ucontext->entity_start, "gt", len) == 0) g_string_append_c (ucontext->str, '>'); - else if (strcmp (buf, "amp") == 0) + else if (strncmp (ucontext->entity_start, "amp", len) == 0) g_string_append_c (ucontext->str, '&'); - else if (strcmp (buf, "quot") == 0) + else if (strncmp (ucontext->entity_start, "quot", len) == 0) g_string_append_c (ucontext->str, '"'); - else if (strcmp (buf, "apos") == 0) + else if (strncmp (ucontext->entity_start, "apos", len) == 0) g_string_append_c (ucontext->str, '\''); else { + gchar *name; + + name = g_strndup (ucontext->entity_start, len); set_unescape_error (ucontext->context, error, p, ucontext->text_end, G_MARKUP_ERROR_PARSE, _("Entity name '%s' is not known"), - buf); + name); + g_free (name); } } else diff --git a/tests/markups/fail-40.gmarkup b/tests/markups/fail-40.gmarkup new file mode 100644 index 000000000..f4c1a7025 --- /dev/null +++ b/tests/markups/fail-40.gmarkup @@ -0,0 +1 @@ +&unknownentityname;