Merge branch 'markup-cve-fixes-2-56' into 'glib-2-56'

Backport gmarkup fixes to 2.56 See merge request GNOME/glib!307
2025-02-24 03:02:10 +01:00 · 2018-09-07 11:34:19 +00:00 · 2018-09-07 11:34:19 +00:00 · d188851253
commit d188851253
parent 5716eeacaf c008d2c436
6 changed files with 27 additions and 5 deletions
--- a/glib/gmarkup.c
+++ b/glib/gmarkup.c
@ -557,11 +557,23 @@ char_str (gunichar c,
  return buf;
 }

+/* Format the next UTF-8 character as a gchar* for printing in error output
+ * when we encounter a syntax error. This correctly handles invalid UTF-8,
+ * emitting it as hex escapes. */
 static gchar*
 utf8_str (const gchar *utf8,
          gchar       *buf)
 {
-  char_str (g_utf8_get_char (utf8), buf);
+  gunichar c = g_utf8_get_char_validated (utf8, -1);
+  if (c == (gunichar) -1 || c == (gunichar) -2)
+    {
+      gchar *temp = g_strdup_printf ("\\x%02x", (guint)(guchar)*utf8);
+      memset (buf, 0, 8);
+      memcpy (buf, temp, strlen (temp));
+      g_free (temp);
+    }
+  else
+    char_str (c, buf);
  return buf;
 }

@ -1832,9 +1844,14 @@ g_markup_parse_context_end_parse (GMarkupParseContext  *context,
    case STATE_AFTER_CLOSE_TAG_SLASH:
    case STATE_INSIDE_CLOSE_TAG_NAME:
    case STATE_AFTER_CLOSE_TAG_NAME:
-      set_error (context, error, G_MARKUP_ERROR_PARSE,
-                 _("Document ended unexpectedly inside the close tag for "
-                   "element '%s'"), current_element (context));
+      if (context->tag_stack != NULL)
+        set_error (context, error, G_MARKUP_ERROR_PARSE,
+                   _("Document ended unexpectedly inside the close tag for "
+                     "element '%s'"), current_element (context));
+      else
+        set_error (context, error, G_MARKUP_ERROR_PARSE,
+                   _("Document ended unexpectedly inside the close tag for an "
+                     "unopened element"));
      break;

    case STATE_INSIDE_PASSTHROUGH:
--- a/glib/tests/Makefile.am
+++ b/glib/tests/Makefile.am
@ -155,7 +155,8 @@ markup_tests = \
 	fail-31 fail-32 fail-33 fail-34 fail-35 \
 	fail-36 fail-37 fail-38 fail-39 fail-40 \
 	fail-41 fail-42 fail-43 fail-44 fail-45 \
-	fail-46 fail-47 fail-48 fail-49 \
+	fail-46 fail-47 fail-48 fail-49 fail-50 \
+	fail-51 \
 	valid-1 valid-2 valid-3 valid-4 valid-5 \
 	valid-6 valid-7 valid-8 valid-9 valid-10 \
 	valid-11 valid-12 valid-13 valid-14 valid-15 \
--- a/glib/tests/markups/fail-50.expected
+++ b/glib/tests/markups/fail-50.expected
@ -0,0 +1 @@
+ERROR Error on line 1 char 5: Odd character '\xfc', expected an open quote mark after the equals sign when giving value for attribute 'r' of element ''
--- a/glib/tests/markups/fail-50.gmarkup
+++ b/glib/tests/markups/fail-50.gmarkup
@ -0,0 +1 @@
+<	r=<3D>
--- a/glib/tests/markups/fail-51.expected
+++ b/glib/tests/markups/fail-51.expected
@ -0,0 +1 @@
+ERROR Error on line 1 char 5: Document ended unexpectedly inside the close tag for an unopened element
--- a/glib/tests/markups/fail-51.gmarkup
+++ b/glib/tests/markups/fail-51.gmarkup
@ -0,0 +1 @@
+</0<
				`@ -0,0 +1 @@`
				`ERROR Error on line 1 char 5: Odd character '\xfc', expected an open quote mark after the equals sign when giving value for attribute 'r' of element ''`
				`@ -0,0 +1 @@`
				`ERROR Error on line 1 char 5: Document ended unexpectedly inside the close tag for an unopened element`