walters / rpms / glib2

Forked from rpms/glib2 4 years ago
Clone
Source Code
GIT

Files

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f20-gnome-3-12 f20-gnome-3-14 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f7 f8 f9 ghmac-gnutls master origin/f14/master private-boltron private-f26-flatpak
  1.   f15
  2.   0003-Fix-bug-in-strinfo.patch
Blob Blame History Raw 
From a7689537605ade51b19be76baa3fba303527483d Mon Sep 17 00:00:00 2001
From: Ryan Lortie <desrt@desrt.ca>
Date: Sat, 19 Jun 2010 11:38:57 -0400
Subject: [PATCH 03/45] Fix bug in strinfo

We can't search for a larger needle inside of a smaller haystack, and
unsigned integer subtraction tends to result in very large numbers
rather than small ones.

Add a check for this case and abort out immediately.

Also add a test case (lifted directly from the docs) that demonstrates
the problem.

Issue discovered and tracked down by Milan Bouchet-Valat
---
 gio/strinfo.c                                |    3 ++
 gio/tests/gschema-compile.c                  |    3 +-
 gio/tests/schema-tests/from-docs.gschema.xml |   34 ++++++++++++++++++++++++++
 3 files changed, 39 insertions(+), 1 deletions(-)
 create mode 100644 gio/tests/schema-tests/from-docs.gschema.xml

diff --git a/gio/strinfo.c b/gio/strinfo.c
index 9ba18aa..f762fc5 100644
--- a/gio/strinfo.c
+++ b/gio/strinfo.c
@@ -147,6 +147,9 @@ strinfo_scan (const guint32 *strinfo,
 {
   guint i = 0;
 
+  if (length < n_words)
+    return -1;
+
   while (i <= length - n_words)
     {
       guint j = 0;
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.