Commit 56e62858 authored by Simon Feltman's avatar Simon Feltman
Browse files

Make sure g_value_set_boxed does not cause a buffer overrun with GStrvs

Add NULL terminator to gchar** passed to g_value_set_boxed to
make sure it does not overrun memory in pygi_set_property_value_real.
Add MALLOC_CHECK_=3 to "make check" which prints an error and aborts
in these cases.

https://bugzilla.gnome.org/show_bug.cgi?id=688232
parent ca11ec12
......@@ -384,6 +384,9 @@ pygi_set_property_value_real (PyGObject *instance,
break;
case GI_TYPE_TAG_ARRAY:
{
/* This is assumes GI_TYPE_TAG_ARRAY is always a GStrv
* https://bugzilla.gnome.org/show_bug.cgi?id=688232
*/
GArray *arg_items = (GArray*) arg.v_pointer;
gchar** strings;
int i;
......@@ -391,12 +394,13 @@ pygi_set_property_value_real (PyGObject *instance,
if (arg_items == NULL)
goto out;
strings = g_new0 (char*, arg_items->len);
strings = g_new0 (char*, arg_items->len + 1);
for (i = 0; i < arg_items->len; ++i) {
strings[i] = g_array_index (arg_items, GIArgument, i).v_string;
}
g_array_free (arg_items, TRUE);
strings[arg_items->len] = NULL;
g_value_set_boxed (&value, strings);
g_array_free (arg_items, TRUE);
break;
}
default:
......
......@@ -122,6 +122,7 @@ RUN_TESTS_ENV_VARS= \
GI_TYPELIB_PATH=$(builddir):$$GI_TYPELIB_PATH \
XDG_DATA_DIRS=$$XDG_DATA_DIRS:/usr/share \
MALLOC_PERTURB_=85 \
MALLOC_CHECK_=3 \
TESTS_BUILDDIR=$(builddir)
check-local: $(LTLIBRARIES:.la=.so) $(test_typelibs) gschemas.compiled
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment