From a7689537605ade51b19be76baa3fba303527483d Mon Sep 17 00:00:00 2001 From: Ryan Lortie Date: Sat, 19 Jun 2010 11:38:57 -0400 Subject: [PATCH] Fix bug in strinfo We can't search for a larger needle inside of a smaller haystack, and unsigned integer subtraction tends to result in very large numbers rather than small ones. Add a check for this case and abort out immediately. Also add a test case (lifted directly from the docs) that demonstrates the problem. Issue discovered and tracked down by Milan Bouchet-Valat --- gio/strinfo.c | 3 ++ gio/tests/gschema-compile.c | 3 +- gio/tests/schema-tests/from-docs.gschema.xml | 34 ++++++++++++++++++++ 3 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 gio/tests/schema-tests/from-docs.gschema.xml diff --git a/gio/strinfo.c b/gio/strinfo.c index 9ba18aa40..f762fc5c3 100644 --- a/gio/strinfo.c +++ b/gio/strinfo.c @@ -147,6 +147,9 @@ strinfo_scan (const guint32 *strinfo, { guint i = 0; + if (length < n_words) + return -1; + while (i <= length - n_words) { guint j = 0; diff --git a/gio/tests/gschema-compile.c b/gio/tests/gschema-compile.c index 477bab998..48d0ffbd4 100644 --- a/gio/tests/gschema-compile.c +++ b/gio/tests/gschema-compile.c @@ -91,7 +91,8 @@ static const SchemaTest tests[] = { { "range-high-default", NULL, "* is not contained in the specified range*" }, { "range-default-low", NULL, "* is not contained in the specified range*" }, { "range-default-high", NULL, "* is not contained in the specified range*" }, - { "range-parse-error", NULL, "*invalid character in number*" } + { "range-parse-error", NULL, "*invalid character in number*" }, + { "from-docs", NULL, NULL } }; int diff --git a/gio/tests/schema-tests/from-docs.gschema.xml b/gio/tests/schema-tests/from-docs.gschema.xml new file mode 100644 index 000000000..4fe45c76f --- /dev/null +++ b/gio/tests/schema-tests/from-docs.gschema.xml @@ -0,0 +1,34 @@ + + + + + + + + + + + + + 10 + + + + + + + + + + + + + 'Joe' + + + + 'first' + + + +