xdgmime: Fix an invalid read

This commit factors out a function for comparing string suffixes, and at
the same time makes it safe for mime types that are shorter than the
"/*" suffix.

==25418== Invalid read of size 1
==25418==    at 0x3C6D0F9D22: __gio_xdg_cache_mime_type_subclass (xdgmimecache.c:848)
==25418==    by 0x3C6D09ED8C: g_content_type_is_a (gcontenttype.c:158)
==25418==    by 0x34D8031E95: gtk_recent_filter_filter (gtkrecentfilter.c:733)
==25418==    by 0x34D802F167: _gtk_recent_chooser_get_items (gtkrecentchooserutils.c:387)
==25418==    by 0x34D802D07F: idle_populate_func (gtkrecentchoosermenu.c:1011)
==25418==    by 0x34D7A20477: gdk_threads_dispatch (gdk.c:804)
==25418==    by 0x3C6C0492F5: g_main_context_dispatch (gmain.c:3065)
==25418==    by 0x3C6C049677: g_main_context_iterate.isra.23 (gmain.c:3712)
==25418==    by 0x3C6C04972B: g_main_context_iteration (gmain.c:3773)
==25418==    by 0x34D7FC2AF4: gtk_main_iteration (gtkmain.c:1262)
==25418==    by 0x408EB4: main (in /usr/bin/glade)

https://bugzilla.gnome.org/show_bug.cgi?id=708529
This commit is contained in:
Kalev Lember 2013-09-21 13:52:09 +02:00
parent 5aead642c2
commit be7f40185f
2 changed files with 28 additions and 10 deletions

View File

@ -741,19 +741,28 @@ xdg_mime_media_type_equal (const char *mime_a,
#if 1
static int
xdg_mime_is_super_type (const char *mime)
ends_with (const char *str,
const char *suffix)
{
int length;
const char *type;
int suffix_length;
length = strlen (mime);
type = &(mime[length - 2]);
length = strlen (str);
suffix_length = strlen (suffix);
if (length < suffix_length)
return 0;
if (strcmp (type, "/*") == 0)
if (strcmp (str + length - suffix_length, suffix) == 0)
return 1;
return 0;
}
static int
xdg_mime_is_super_type (const char *mime)
{
return ends_with (mime, "/*");
}
#endif
int

View File

@ -837,19 +837,28 @@ _xdg_mime_cache_get_mime_types_from_file_name (const char *file_name,
#if 1
static int
is_super_type (const char *mime)
ends_with (const char *str,
const char *suffix)
{
int length;
const char *type;
int suffix_length;
length = strlen (mime);
type = &(mime[length - 2]);
length = strlen (str);
suffix_length = strlen (suffix);
if (length < suffix_length)
return 0;
if (strcmp (type, "/*") == 0)
if (strcmp (str + length - suffix_length, suffix) == 0)
return 1;
return 0;
}
static int
is_super_type (const char *mime)
{
return ends_with (mime, "/*");
}
#endif
int