gvariant-parser: add some comments

I just spent several hours convinced that there was a memory safety issue in string_parse() and bytestring_parse(). There isn't. (At least, I think so.) Add some comments to save the next person some time.
2024-12-26 15:36:14 +01:00 · 2024-08-22 16:01:29 -05:00 · 2024-08-22 16:01:29 -05:00 · f64d4aad6e
commit f64d4aad6e
parent 343081becc
1 changed files with 11 additions and 1 deletions
--- a/glib/gvariant-parser.c
+++ b/glib/gvariant-parser.c
@ -1618,7 +1618,11 @@ string_free (AST *ast)
 }

 /* Accepts exactly @length hexadecimal digits. No leading sign or `0x`/`0X` prefix allowed.
- * No leading/trailing space allowed. */
+ * No leading/trailing space allowed.
+ *
+ * It's OK to pass a length greater than the actual length of the src buffer,
+ * provided src must be null-terminated.
+ */
 static gboolean
 unicode_unescape (const gchar  *src,
                  gint         *src_ofs,
@ -1692,6 +1696,9 @@ string_parse (TokenStream  *stream,
  length = strlen (token);
  quote = token[0];

+  /* The output will always be at least one byte smaller than the input,
+   * because we skip over the initial quote character.
+   */
  str = g_malloc (length);
  g_assert (quote == '"' || quote == '\'');
  j = 0;
@ -1823,6 +1830,9 @@ bytestring_parse (TokenStream  *stream,
  length = strlen (token);
  quote = token[1];

+  /* The output will always be smaller than the input, because we skip over the
+   * initial b and the quote character.
+   */
  str = g_malloc (length);
  g_assert (quote == '"' || quote == '\'');
  j = 0;