luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2024-11-10 11:26:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '927-resource-path-fix' into 'master'

Browse Source 
gresource: Fix potential array overflow if using empty paths

Closes #927

See merge request GNOME/glib!150
This commit is contained in:
Emmanuele Bassi 2018-07-11 09:24:03 +00:00
commit ad3947c42e
2 changed files with 63 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
gio/gresource.c
View File

@ -591,23 +591,24 @@ g_resource_load (const gchar *filename,
return g_resource_new_from_table (table);
}
static
gboolean do_lookup (GResource *resource,
const gchar *path,
GResourceLookupFlags lookup_flags,
gsize *size,
guint32 *flags,
const void **data,
gsize *data_size,
GError **error)
static gboolean
do_lookup (GResource *resource,
const gchar *path,
GResourceLookupFlags lookup_flags,
gsize *size,
guint32 *flags,
const void **data,
gsize *data_size,
GError **error)
{
char *free_path = NULL;
gsize path_len;
gboolean res = FALSE;
GVariant *value;
/* Drop any trailing slash. */
path_len = strlen (path);
if (path[path_len-1] == '/')
if (path_len >= 1 && path[path_len-1] == '/')
{
path = free_path = g_strdup (path);
free_path[path_len-1] = 0;

66
gio/tests/resources.c
View File

@ -32,14 +32,24 @@ test_resource (GResource *resource)
char **children;
GInputStream *in;
char buffer[128];
const gchar *not_found_paths[] =
{
"/not/there",
"/",
"",
};
gsize i;
found = g_resource_get_info (resource,
"/not/there",
G_RESOURCE_LOOKUP_FLAGS_NONE,
&size, &flags, &error);
g_assert (!found);
g_assert_error (error, G_RESOURCE_ERROR, G_RESOURCE_ERROR_NOT_FOUND);
g_clear_error (&error);
for (i = 0; i < G_N_ELEMENTS (not_found_paths); i++)
{
found = g_resource_get_info (resource,
not_found_paths[i],
G_RESOURCE_LOOKUP_FLAGS_NONE,
&size, &flags, &error);
g_assert_error (error, G_RESOURCE_ERROR, G_RESOURCE_ERROR_NOT_FOUND);
g_clear_error (&error);
g_assert_false (found);
}
found = g_resource_get_info (resource,
"/test1.txt",
@ -68,6 +78,17 @@ test_resource (GResource *resource)
g_assert_cmpint (size, ==, 6);
g_assert_cmpuint (flags, ==, 0);
for (i = 0; i < G_N_ELEMENTS (not_found_paths); i++)
{
data = g_resource_lookup_data (resource,
not_found_paths[i],
G_RESOURCE_LOOKUP_FLAGS_NONE,
&error);
g_assert_error (error, G_RESOURCE_ERROR, G_RESOURCE_ERROR_NOT_FOUND);
g_clear_error (&error);
g_assert_null (data);
}
data = g_resource_lookup_data (resource,
"/test1.txt",
G_RESOURCE_LOOKUP_FLAGS_NONE,
@ -76,6 +97,17 @@ test_resource (GResource *resource)
g_assert_no_error (error);
g_bytes_unref (data);
for (i = 0; i < G_N_ELEMENTS (not_found_paths); i++)
{
in = g_resource_open_stream (resource,
not_found_paths[i],
G_RESOURCE_LOOKUP_FLAGS_NONE,
&error);
g_assert_error (error, G_RESOURCE_ERROR, G_RESOURCE_ERROR_NOT_FOUND);
g_clear_error (&error);
g_assert_null (in);
}
in = g_resource_open_stream (resource,
"/test1.txt",
G_RESOURCE_LOOKUP_FLAGS_NONE,
@ -118,13 +150,19 @@ test_resource (GResource *resource)
g_assert_cmpstr (g_bytes_get_data (data, NULL), ==, "test2\n");
g_bytes_unref (data);
children = g_resource_enumerate_children (resource,
"/not/here",
G_RESOURCE_LOOKUP_FLAGS_NONE,
&error);
g_assert (children == NULL);
g_assert_error (error, G_RESOURCE_ERROR, G_RESOURCE_ERROR_NOT_FOUND);
g_clear_error (&error);
for (i = 0; i < G_N_ELEMENTS (not_found_paths); i++)
{
if (g_str_equal (not_found_paths[i], "/"))
continue;
children = g_resource_enumerate_children (resource,
not_found_paths[i],
G_RESOURCE_LOOKUP_FLAGS_NONE,
&error);
g_assert_error (error, G_RESOURCE_ERROR, G_RESOURCE_ERROR_NOT_FOUND);
g_clear_error (&error);
g_assert_null (children);
}
children = g_resource_enumerate_children (resource,
"/a_prefix",