From f64d4aad6e0371bb364693f3f095db3a86596097 Mon Sep 17 00:00:00 2001 From: Michael Catanzaro Date: Thu, 22 Aug 2024 16:01:29 -0500 Subject: [PATCH] gvariant-parser: add some comments I just spent several hours convinced that there was a memory safety issue in string_parse() and bytestring_parse(). There isn't. (At least, I think so.) Add some comments to save the next person some time. --- glib/gvariant-parser.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/glib/gvariant-parser.c b/glib/gvariant-parser.c index 8bd16766c..efad35619 100644 --- a/glib/gvariant-parser.c +++ b/glib/gvariant-parser.c @@ -1618,7 +1618,11 @@ string_free (AST *ast) } /* Accepts exactly @length hexadecimal digits. No leading sign or `0x`/`0X` prefix allowed. - * No leading/trailing space allowed. */ + * No leading/trailing space allowed. + * + * It's OK to pass a length greater than the actual length of the src buffer, + * provided src must be null-terminated. + */ static gboolean unicode_unescape (const gchar *src, gint *src_ofs, @@ -1692,6 +1696,9 @@ string_parse (TokenStream *stream, length = strlen (token); quote = token[0]; + /* The output will always be at least one byte smaller than the input, + * because we skip over the initial quote character. + */ str = g_malloc (length); g_assert (quote == '"' || quote == '\''); j = 0; @@ -1823,6 +1830,9 @@ bytestring_parse (TokenStream *stream, length = strlen (token); quote = token[1]; + /* The output will always be smaller than the input, because we skip over the + * initial b and the quote character. + */ str = g_malloc (length); g_assert (quote == '"' || quote == '\''); j = 0;