Commit c008d2c4 authored by Philip Withnall's avatar Philip Withnall Committed by Iain Lane

gmarkup: Fix crash in error handling path for closing elements

If something which looks like a closing tag is left unfinished, but
isn’t paired to an opening tag in the document, the error handling code
would do a null pointer dereference. Avoid that, at the cost of
introducing a new translatable error message.

Includes a test case, courtesy of pdknsk.
Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>

https://gitlab.gnome.org/GNOME/glib/issues/1461
(cherry picked from commit fccef3cc)
parent 6ea19a71
Pipeline #29163 passed with stage
in 6 minutes and 2 seconds
......@@ -1844,9 +1844,14 @@ g_markup_parse_context_end_parse (GMarkupParseContext *context,
case STATE_AFTER_CLOSE_TAG_SLASH:
case STATE_INSIDE_CLOSE_TAG_NAME:
case STATE_AFTER_CLOSE_TAG_NAME:
set_error (context, error, G_MARKUP_ERROR_PARSE,
_("Document ended unexpectedly inside the close tag for "
"element '%s'"), current_element (context));
if (context->tag_stack != NULL)
set_error (context, error, G_MARKUP_ERROR_PARSE,
_("Document ended unexpectedly inside the close tag for "
"element '%s'"), current_element (context));
else
set_error (context, error, G_MARKUP_ERROR_PARSE,
_("Document ended unexpectedly inside the close tag for an "
"unopened element"));
break;
case STATE_INSIDE_PASSTHROUGH:
......
......@@ -156,6 +156,7 @@ markup_tests = \
fail-36 fail-37 fail-38 fail-39 fail-40 \
fail-41 fail-42 fail-43 fail-44 fail-45 \
fail-46 fail-47 fail-48 fail-49 fail-50 \
fail-51 \
valid-1 valid-2 valid-3 valid-4 valid-5 \
valid-6 valid-7 valid-8 valid-9 valid-10 \
valid-11 valid-12 valid-13 valid-14 valid-15 \
......
ERROR Error on line 1 char 5: Document ended unexpectedly inside the close tag for an unopened element
</0<
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment