gvariant: Fix error handling for parsing Unicode escapes (!511) · Merge requests · GNOME / GLib

Philip Withnall requested to merge pwithnall/glib:ossfuzz-11576-variant-text-unicode-unescape into master Dec 04, 2018

When parsing an escaped Unicode character in a text format GVariant string, such as '\U0001F415', the code uses g_ascii_strtoull(). This, unexpectedly, accepts minus signs, which can cause an assertion failure when input like '\u-FF4' is presented for parsing.

Validate that there are no leading sign characters when parsing.

This shouldn’t be considered a security bug, because the GVariant text format parser should not be used on untrusted input.

oss-fuzz#11576

Signed-off-by: Philip Withnall withnall@endlessm.com

gvariant: Fix error handling for parsing Unicode escapes

Merge request reports