pool/glib2
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
glib2/0005-gvariant-Limit-GVariant-strings-to-G_MAXSSIZE.patch
Dominique Leuenberger 8eed20495d Accepting request 644162 from home:sreeves1:branches:GNOME:Factory 
- Add patchset to fix gvariant parsing issues. (bsc#1111499).
   0001-gvariant-Fix-checking-arithmetic-for-tuple-element-e.patch
   0002-gvarianttype-Impose-a-recursion-limit-of-64-on-varia.patch
   0003-gvariant-Check-array-offsets-against-serialised-data.patch
   0004-gvariant-Check-tuple-offsets-against-serialised-data.patch
   0005-gvariant-Limit-GVariant-strings-to-G_MAXSSIZE.patch
   0006-gdbusmessage-Validate-type-of-message-header-signatu.patch
   0007-gdbusmessage-Improve-documentation-for-g_dbus_messag.patch
   0008-gdbusmessage-Clarify-error-returns-for-g_dbus_messag.patch
   0009-gdbusmessage-Fix-a-typo-in-a-documentation-comment.patch
   0010-gdbusmessage-Check-for-valid-GVariantType-when-parsi.patch
   0011-gvariant-Clarify-internal-documentation-about-GVaria.patch
   0012-tests-Tidy-up-GError-handling-in-gdbus-serialization.patch
   0013-tests-Use-g_assert_null-in-gdbus-serialization-test.patch
   0014-gutf8-Add-a-g_utf8_validate_len-function.patch
   0015-glib-Port-various-callers-to-use-g_utf8_validate_len.patch

OBS-URL: https://build.opensuse.org/request/show/644162
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/glib2?expand=0&rev=370
2018-10-24 12:56:55 +00:00

94 lines
3.0 KiB
Diff
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From ee54f72bc190fd5b95688c0d8270adee90f8117b Mon Sep 17 00:00:00 2001
From: Philip Withnall <withnall@endlessm.com>
Date: Tue, 18 Sep 2018 13:29:18 +0100
Subject: [PATCH 05/15] gvariant: Limit GVariant strings to G_MAXSSIZE
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When validating a string to see if its valid UTF-8, we pass a gsize to
g_utf8_validate(), which only takes a gssize. For large gsize values,
this will result in the gssize actually being negative, which will
change g_utf8_validate()s behaviour to stop at the first nul byte. That
would allow subsequent nul bytes through the string validator, against
its documented behaviour.
Add a test case.
oss-fuzz#10319
Signed-off-by: Philip Withnall <withnall@endlessm.com>
---
glib/gvariant-serialiser.c | 3 ++-
glib/tests/gvariant.c | 26 ++++++++++++++++++++++++++
2 files changed, 28 insertions(+), 1 deletion(-)
diff --git a/glib/gvariant-serialiser.c b/glib/gvariant-serialiser.c
index 643894919..bbdcc7a0c 100644
--- a/glib/gvariant-serialiser.c
+++ b/glib/gvariant-serialiser.c
@@ -1643,6 +1643,7 @@ g_variant_serialiser_is_string (gconstpointer data,
const gchar *expected_end;
const gchar *end;
+ /* Strings must end with a nul terminator. */
if (size == 0)
return FALSE;
@@ -1651,7 +1652,7 @@ g_variant_serialiser_is_string (gconstpointer data,
if (*expected_end != '\0')
return FALSE;
- g_utf8_validate (data, size, &end);
+ g_utf8_validate_len (data, size, &end);
return end == expected_end;
}
diff --git a/glib/tests/gvariant.c b/glib/tests/gvariant.c
index 1af1466cc..e575c8013 100644
--- a/glib/tests/gvariant.c
+++ b/glib/tests/gvariant.c
@@ -4763,6 +4763,30 @@ test_normal_checking_tuple_offsets (void)
g_variant_unref (variant);
}
+/* Test that an empty object path is normalised successfully to the base object
+ * path, /. */
+static void
+test_normal_checking_empty_object_path (void)
+{
+ const guint8 data[] = {
+ 0x20, 0x20, 0x00, 0x00, 0x00, 0x00,
+ '(', 'h', '(', 'a', 'i', 'a', 'b', 'i', 'o', ')', ')',
+ };
+ gsize size = sizeof (data);
+ GVariant *variant = NULL;
+ GVariant *normal_variant = NULL;
+
+ variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, data, size,
+ FALSE, NULL, NULL);
+ g_assert_nonnull (variant);
+
+ normal_variant = g_variant_get_normal_form (variant);
+ g_assert_nonnull (normal_variant);
+
+ g_variant_unref (normal_variant);
+ g_variant_unref (variant);
+}
+
int
main (int argc, char **argv)
{
@@ -4835,6 +4859,8 @@ main (int argc, char **argv)
test_normal_checking_array_offsets);
g_test_add_func ("/gvariant/normal-checking/tuple-offsets",
test_normal_checking_tuple_offsets);
+ g_test_add_func ("/gvariant/normal-checking/empty-object-path",
+ test_normal_checking_empty_object_path);
g_test_add_func ("/gvariant/recursion-limits/variant-in-variant",
test_recursion_limits_variant_in_variant);
--
2.14.4
Reference in New Issue View Git Blame Copy Permalink