Commit cec71705 authored by Philip Withnall's avatar Philip Withnall
Browse files

gmarkup: Fix unvalidated UTF-8 read in markup parsing error paths

When formatting the error messages for markup parsing errors, the parser
was unconditionally reading a UTF-8 character from the input buffer —
but the buffer might end with a partial code sequence, resulting in
reading off the end of the buffer by up to three bytes.

Fix this and add a test case, courtesy of pdknsk.
Signed-off-by: Philip Withnall's avatarPhilip Withnall <>
parent 2d7423b9
......@@ -557,11 +557,23 @@ char_str (gunichar c,
return buf;
/* Format the next UTF-8 character as a gchar* for printing in error output
* when we encounter a syntax error. This correctly handles invalid UTF-8,
* emitting it as hex escapes. */
static gchar*
utf8_str (const gchar *utf8,
gchar *buf)
char_str (g_utf8_get_char (utf8), buf);
gunichar c = g_utf8_get_char_validated (utf8, -1);
if (c == (gunichar) -1 || c == (gunichar) -2)
gchar *temp = g_strdup_printf ("\\x%02x", (guint)(guchar)*utf8);
memset (buf, 0, 8);
memcpy (buf, temp, strlen (temp));
g_free (temp);
char_str (c, buf);
return buf;
......@@ -158,7 +158,7 @@ markup_tests = \
fail-31 fail-32 fail-33 fail-34 fail-35 \
fail-36 fail-37 fail-38 fail-39 fail-40 \
fail-41 fail-42 fail-43 fail-44 fail-45 \
fail-46 fail-47 fail-48 fail-49 \
fail-46 fail-47 fail-48 fail-49 fail-50 \
valid-1 valid-2 valid-3 valid-4 valid-5 \
valid-6 valid-7 valid-8 valid-9 valid-10 \
valid-11 valid-12 valid-13 valid-14 valid-15 \
ERROR Error on line 1 char 5: Odd character “\xfc”, expected an open quote mark after the equals sign when giving value for attribute “r” of element “”
< r=
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment