luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-08-24 01:48:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

girparser: Limit the size of GIR files which can be parsed

Browse Source 
Due to passing around file lengths variously as `gsize` or `gssize`,
we can’t reliably handle files with length greater than `G_MAXSSIZE`, as
some of the APIs in use need `-1` to indicate that their input is nul
terminated.

Add some checks for this, and gracefully return an error if an input
file is too big, rather than just exploding.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #3405
This commit is contained in:
Philip Withnall
2025-04-11 23:14:52 +01:00
parent 4a29abe9f7
commit 7c06269eef
1 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
girepository/girparser.c
View File

@@ -3080,7 +3080,14 @@ parse_include (GMarkupParseContext *context,
return FALSE;
}
module = gi_ir_parser_parse_string (ctx->parser, name, girpath, buffer, length, &error);
if (length > G_MAXSSIZE)
{
g_printerr ("Input file %s too big\n", girpath);
g_free (girpath);
return FALSE;
}
module = gi_ir_parser_parse_string (ctx->parser, name, girpath, buffer, (gssize) length, &error);
g_free (buffer);
if (error != NULL)
{
@@ -3922,7 +3929,7 @@ cleanup (GMarkupParseContext *context,
* @namespace: the namespace of the string
* @filename: (nullable) (type filename): Path to parsed file, or `NULL`
* @buffer: (array length=length): the data containing the XML
* @length: length of the data, in bytes
* @length: length of the data, in bytes, or `-1` if nul terminated
* @error: return location for a [type@GLib.Error], or `NULL`
*
* Parse a string that holds a complete GIR XML file, and return a list of a
@@ -4061,7 +4068,19 @@ gi_ir_parser_parse_file (GIIrParser *parser,
return NULL;
}
module = gi_ir_parser_parse_string (parser, namespace, filename, buffer, length, error);
if (length > G_MAXSSIZE)
{
g_free (namespace);
g_free (buffer);
g_set_error (error,
G_MARKUP_ERROR,
G_MARKUP_ERROR_INVALID_CONTENT,
"Input file too big");
return NULL;
}
module = gi_ir_parser_parse_string (parser, namespace, filename, buffer, (gssize) length, error);
g_free (namespace);