gdatetime: fix double free in format parser

If %#Z is followed by %Z then we accidentally free the tmp variable from
the previous iteration of the loop a second time. Good job to the static
analysis tool (probably Coverity) that found this.

Fortunately it's unlikely that a realistic application would do this.

I've also added a new test that crashes without the fix
This commit is contained in:
Michael Catanzaro 2024-09-10 15:42:50 -05:00 committed by Philip Withnall
parent 1196ac7af6
commit a893d622c0
2 changed files with 2 additions and 1 deletions

View File

@ -3603,7 +3603,7 @@ g_date_time_format_utf8 (GDateTime *datetime,
if (mod_case && g_strcmp0 (mod, "#") == 0)
tz = tmp = g_utf8_strdown (tz, -1);
g_string_append (outstr, tz);
g_free (tmp);
g_clear_pointer (&tmp, g_free);
break;
case '%':
g_string_append_c (outstr, '%');

View File

@ -1636,6 +1636,7 @@ test_GDateTime_printf (void)
TEST_PRINTF ("%9", NULL);
#ifdef G_OS_UNIX
TEST_PRINTF ("%Z", "UTC");
TEST_PRINTF ("%#Z %Z", "utc UTC");
#elif defined G_OS_WIN32
g_assert (GetDynamicTimeZoneInformation (&dtz_info) != TIME_ZONE_ID_INVALID);
if (wcscmp (dtz_info.StandardName, L"") != 0)