const string[] not NULL terminated; crashes in GBoxed property getter
@pwithnall
Submitted by Philip Withnall Link to original bug (#682698)
Description
If I have a class with a const string[] which is returned in a property getter, Vala will generate C code which doesn’t NULL-terminate the array before calling g_value_set_boxed() on it. Since the array is handled as a G_TYPE_STRV boxed type, the boxing function assumes it’ll be NULL-terminated, and ends up walking off into random memory.
This Vala:
public class MyClass {
private const string[] _foobar = {
"baz"
};
public string[] foobar {
get { return this._foobar; }
}
}
generates something like the following C (trimmed down from an example in libfolks):
static const gchar* MY_CLASS__foobar[1] = {"baz"};
…
g_object_class_install_property (G_OBJECT_CLASS (klass), MY_CLASS_FOOBAR, g_param_spec_boxed ("foobar", "foobar", "foobar", G_TYPE_STRV, G_PARAM_STATIC_NAME | G_PARAM_STATIC_NICK | G_PARAM_STATIC_BLURB | G_PARAM_READABLE));
…
static void _vala_my_class_get_property (GObject * object, guint property_id, GValue * value, GParamSpec * pspec) {
…
switch (property_id) {
case MY_CLASS_FOOBAR:
{
int length;
g_value_set_boxed (value, my_class_get_foobar ((MyClass*) self, &length));
}
break;
}
}
…
static gchar** my_class_get_foobar (MyClass* base, int* result_length1) {
…
_tmp0_ = MY_CLASS__foobar;
_tmp0__length1 = G_N_ELEMENTS (MY_CLASS__foobar);
if (result_length1) {
*result_length1 = _tmp0__length1;
}
result = _tmp0_;
return result;
}
See also
Edited by Niels De Graef