• Philip Withnall's avatar
    gvariant: Fix error handling for parsing Unicode escapes · d2224b47
    Philip Withnall authored
    When parsing an escaped Unicode character in a text format GVariant
    string, such as '\U0001F415', the code uses g_ascii_strtoull(). This,
    unexpectedly, accepts minus signs, which can cause an assertion failure
    when input like '\u-FF4' is presented for parsing.
    Validate that there are no leading sign characters when parsing.
    This shouldn’t be considered a security bug, because the GVariant text
    format parser should not be used on untrusted input.
    Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
gvariant-parser.c 69.7 KB