gvariant-parser: add assert to ensure we don't write too far (!4280) · Merge requests · GNOME / GLib

Michael Catanzaro requested to merge mcatanzaro/#3469 into main Sep 19, 2024

This function is complicated and it's hard to assess whether it is correct or not, so let's add an assert just to be sure.

Notably, when writing this I initially had an off-by-one error in my assert, causing the assertion to actually fire when running the unit tests. So we know it's definitely possible for the function to use the entirety of the buffer. The upper bound is not loose, and writing one additional byte would be a security bug.

Note my assertion possibly doesn't protect against security issues because it will be hit after the bad write rather than before.

Fixes #3469 (closed)

===================

P.S. If somebody can prove the correctness of this function, possibly by adding some code comments to explain how it works, that would be even better. But it's time for me to move on to other tasks.

gvariant-parser: add assert to ensure we don't write too far

Merge request reports