mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2025-01-11 23:16:14 +01:00
gresource: Fix potential array overflow if using empty paths
Adds tests to cover this case and similar cases for various GResource methods in future. Signed-off-by: Philip Withnall <withnall@endlessm.com> https://gitlab.gnome.org/GNOME/glib/issues/927
This commit is contained in:
parent
f62d7c1e2a
commit
ab87af1734
@ -606,8 +606,9 @@ do_lookup (GResource *resource,
|
|||||||
gboolean res = FALSE;
|
gboolean res = FALSE;
|
||||||
GVariant *value;
|
GVariant *value;
|
||||||
|
|
||||||
|
/* Drop any trailing slash. */
|
||||||
path_len = strlen (path);
|
path_len = strlen (path);
|
||||||
if (path[path_len-1] == '/')
|
if (path_len >= 1 && path[path_len-1] == '/')
|
||||||
{
|
{
|
||||||
path = free_path = g_strdup (path);
|
path = free_path = g_strdup (path);
|
||||||
free_path[path_len-1] = 0;
|
free_path[path_len-1] = 0;
|
||||||
|
@ -32,14 +32,24 @@ test_resource (GResource *resource)
|
|||||||
char **children;
|
char **children;
|
||||||
GInputStream *in;
|
GInputStream *in;
|
||||||
char buffer[128];
|
char buffer[128];
|
||||||
|
const gchar *not_found_paths[] =
|
||||||
found = g_resource_get_info (resource,
|
{
|
||||||
"/not/there",
|
"/not/there",
|
||||||
|
"/",
|
||||||
|
"",
|
||||||
|
};
|
||||||
|
gsize i;
|
||||||
|
|
||||||
|
for (i = 0; i < G_N_ELEMENTS (not_found_paths); i++)
|
||||||
|
{
|
||||||
|
found = g_resource_get_info (resource,
|
||||||
|
not_found_paths[i],
|
||||||
G_RESOURCE_LOOKUP_FLAGS_NONE,
|
G_RESOURCE_LOOKUP_FLAGS_NONE,
|
||||||
&size, &flags, &error);
|
&size, &flags, &error);
|
||||||
g_assert (!found);
|
|
||||||
g_assert_error (error, G_RESOURCE_ERROR, G_RESOURCE_ERROR_NOT_FOUND);
|
g_assert_error (error, G_RESOURCE_ERROR, G_RESOURCE_ERROR_NOT_FOUND);
|
||||||
g_clear_error (&error);
|
g_clear_error (&error);
|
||||||
|
g_assert_false (found);
|
||||||
|
}
|
||||||
|
|
||||||
found = g_resource_get_info (resource,
|
found = g_resource_get_info (resource,
|
||||||
"/test1.txt",
|
"/test1.txt",
|
||||||
@ -68,6 +78,17 @@ test_resource (GResource *resource)
|
|||||||
g_assert_cmpint (size, ==, 6);
|
g_assert_cmpint (size, ==, 6);
|
||||||
g_assert_cmpuint (flags, ==, 0);
|
g_assert_cmpuint (flags, ==, 0);
|
||||||
|
|
||||||
|
for (i = 0; i < G_N_ELEMENTS (not_found_paths); i++)
|
||||||
|
{
|
||||||
|
data = g_resource_lookup_data (resource,
|
||||||
|
not_found_paths[i],
|
||||||
|
G_RESOURCE_LOOKUP_FLAGS_NONE,
|
||||||
|
&error);
|
||||||
|
g_assert_error (error, G_RESOURCE_ERROR, G_RESOURCE_ERROR_NOT_FOUND);
|
||||||
|
g_clear_error (&error);
|
||||||
|
g_assert_null (data);
|
||||||
|
}
|
||||||
|
|
||||||
data = g_resource_lookup_data (resource,
|
data = g_resource_lookup_data (resource,
|
||||||
"/test1.txt",
|
"/test1.txt",
|
||||||
G_RESOURCE_LOOKUP_FLAGS_NONE,
|
G_RESOURCE_LOOKUP_FLAGS_NONE,
|
||||||
@ -76,6 +97,17 @@ test_resource (GResource *resource)
|
|||||||
g_assert_no_error (error);
|
g_assert_no_error (error);
|
||||||
g_bytes_unref (data);
|
g_bytes_unref (data);
|
||||||
|
|
||||||
|
for (i = 0; i < G_N_ELEMENTS (not_found_paths); i++)
|
||||||
|
{
|
||||||
|
in = g_resource_open_stream (resource,
|
||||||
|
not_found_paths[i],
|
||||||
|
G_RESOURCE_LOOKUP_FLAGS_NONE,
|
||||||
|
&error);
|
||||||
|
g_assert_error (error, G_RESOURCE_ERROR, G_RESOURCE_ERROR_NOT_FOUND);
|
||||||
|
g_clear_error (&error);
|
||||||
|
g_assert_null (in);
|
||||||
|
}
|
||||||
|
|
||||||
in = g_resource_open_stream (resource,
|
in = g_resource_open_stream (resource,
|
||||||
"/test1.txt",
|
"/test1.txt",
|
||||||
G_RESOURCE_LOOKUP_FLAGS_NONE,
|
G_RESOURCE_LOOKUP_FLAGS_NONE,
|
||||||
@ -118,13 +150,19 @@ test_resource (GResource *resource)
|
|||||||
g_assert_cmpstr (g_bytes_get_data (data, NULL), ==, "test2\n");
|
g_assert_cmpstr (g_bytes_get_data (data, NULL), ==, "test2\n");
|
||||||
g_bytes_unref (data);
|
g_bytes_unref (data);
|
||||||
|
|
||||||
|
for (i = 0; i < G_N_ELEMENTS (not_found_paths); i++)
|
||||||
|
{
|
||||||
|
if (g_str_equal (not_found_paths[i], "/"))
|
||||||
|
continue;
|
||||||
|
|
||||||
children = g_resource_enumerate_children (resource,
|
children = g_resource_enumerate_children (resource,
|
||||||
"/not/here",
|
not_found_paths[i],
|
||||||
G_RESOURCE_LOOKUP_FLAGS_NONE,
|
G_RESOURCE_LOOKUP_FLAGS_NONE,
|
||||||
&error);
|
&error);
|
||||||
g_assert (children == NULL);
|
|
||||||
g_assert_error (error, G_RESOURCE_ERROR, G_RESOURCE_ERROR_NOT_FOUND);
|
g_assert_error (error, G_RESOURCE_ERROR, G_RESOURCE_ERROR_NOT_FOUND);
|
||||||
g_clear_error (&error);
|
g_clear_error (&error);
|
||||||
|
g_assert_null (children);
|
||||||
|
}
|
||||||
|
|
||||||
children = g_resource_enumerate_children (resource,
|
children = g_resource_enumerate_children (resource,
|
||||||
"/a_prefix",
|
"/a_prefix",
|
||||||
|
Loading…
Reference in New Issue
Block a user