luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-01-24 04:56:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

gvariant-parser: Add a proof for pattern_coalesce()’s safety

Browse Source 
This proof backs up the already-present assertion that “the length of
the output is loosely bounded by the sum of the input lengths”.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #3469
This commit is contained in:
Philip Withnall 2024-09-19 16:35:27 +01:00
parent 7f4300c5da
commit 3d5ada2689
No known key found for this signature in database
GPG Key ID: DCDF5885B1F3ED73
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
glib/gvariant-parser.c
View File

@ -401,6 +401,8 @@ token_stream_end_ref (TokenStream *stream,
ref->end = stream->stream - stream->start; ref->end = stream->stream - stream->start;
} }
/* This is guaranteed to write exactly as many bytes to `out` as it consumes
* from `in`. i.e. The `out` buffer doesnt need to be any longer than `in`. */
static void static void
pattern_copy (gchar **out, pattern_copy (gchar **out,
const gchar **in) const gchar **in)
@ -436,9 +438,12 @@ pattern_coalesce (const gchar *left,
/* the length of the output is loosely bound by the sum of the input /* the length of the output is loosely bound by the sum of the input
* lengths, not simply the greater of the two lengths. * lengths, not simply the greater of the two lengths.
* *
* (*(iii)) + ((iii)*) ((iii)(iii)) * (*(iii)) + ((iii)*) = ((iii)(iii))
* *
* 8 + 8 = 12 * 8 + 8 = 12
*
* This can be proven by the fact that `out` is never incremented by more
* bytes than are consumed from `left` or `right` in each iteration.
*/ */
buflen = strlen (left) + strlen (right); buflen = strlen (left) + strlen (right);
out = result = g_malloc (buflen); out = result = g_malloc (buflen);