mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2024-12-27 07:56:14 +01:00
gvariant: Fix more bounds checking in GVariant text format parser
token_stream_prepare() was over-reading at the start of bytestring literals (`b'blah'`). Add tests for that, and for some other situations regarding bytestring literal parsing, in order to try and get full branch coverage of that bit of code. oss-fuzz#9805 Signed-off-by: Philip Withnall <withnall@endlessm.com>
This commit is contained in:
parent
0d271223d8
commit
a9108f8bfd
@ -197,7 +197,8 @@ token_stream_prepare (TokenStream *stream)
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case 'b':
|
case 'b':
|
||||||
if (stream->stream[1] == '\'' || stream->stream[1] == '"')
|
if (stream->stream + 1 != stream->end &&
|
||||||
|
(stream->stream[1] == '\'' || stream->stream[1] == '"'))
|
||||||
{
|
{
|
||||||
for (end = stream->stream + 2; end != stream->end; end++)
|
for (end = stream->stream + 2; end != stream->end; end++)
|
||||||
if (*end == stream->stream[1] || *end == '\0' ||
|
if (*end == stream->stream[1] || *end == '\0' ||
|
||||||
|
@ -3892,6 +3892,17 @@ test_parse_failures (void)
|
|||||||
"string 4", "7-8:", "can not parse as",
|
"string 4", "7-8:", "can not parse as",
|
||||||
"\x0a", "1:", "expected value",
|
"\x0a", "1:", "expected value",
|
||||||
"((", "2:", "expected value",
|
"((", "2:", "expected value",
|
||||||
|
"(b", "1:", "expected value",
|
||||||
|
"b'", "0-2:", "unterminated string constant",
|
||||||
|
"b\"", "0-2:", "unterminated string constant",
|
||||||
|
"b'a", "0-3:", "unterminated string constant",
|
||||||
|
"b\"a", "0-3:", "unterminated string constant",
|
||||||
|
"b'\\", "0-3:", "unterminated string constant",
|
||||||
|
"b\"\\", "0-3:", "unterminated string constant",
|
||||||
|
"b'\\'", "0-4:", "unterminated string constant",
|
||||||
|
"b\"\\\"", "0-4:", "unterminated string constant",
|
||||||
|
"b'\\'a", "0-5:", "unterminated string constant",
|
||||||
|
"b\"\\\"a", "0-5:", "unterminated string constant",
|
||||||
};
|
};
|
||||||
gint i;
|
gint i;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user