[pygobject] Make sure g_value_set_boxed does not cause a buffer overrun with GStrvs

From: Simon Feltman <sfeltman src gnome org>
To: commits-list gnome org
Cc:
Subject: [pygobject] Make sure g_value_set_boxed does not cause a buffer overrun with GStrvs
Date: Tue, 13 Nov 2012 11:07:38 +0000 (UTC)

commit 56e62858e9c2bdde3186f5cf4e83be94fb4e5306
Author: Simon Feltman <sfeltman src gnome org>
Date:   Tue Nov 13 02:53:34 2012 -0800

    Make sure g_value_set_boxed does not cause a buffer overrun with GStrvs
    
    Add NULL terminator to gchar** passed to g_value_set_boxed to
    make sure it does not overrun memory in pygi_set_property_value_real.
    Add MALLOC_CHECK_=3 to "make check" which prints an error and aborts
    in these cases.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=688232

 gi/pygi-property.c |    8 ++++++--
 tests/Makefile.am  |    1 +
 2 files changed, 7 insertions(+), 2 deletions(-)
---
diff --git a/gi/pygi-property.c b/gi/pygi-property.c
index 4f09e70..a072ef1 100644
--- a/gi/pygi-property.c
+++ b/gi/pygi-property.c
@@ -384,6 +384,9 @@ pygi_set_property_value_real (PyGObject *instance,
             break;
         case GI_TYPE_TAG_ARRAY:
         {
+            /* This is assumes GI_TYPE_TAG_ARRAY is always a GStrv
+             * https://bugzilla.gnome.org/show_bug.cgi?id=688232
+             */
             GArray *arg_items = (GArray*) arg.v_pointer;
             gchar** strings;
             int i;
@@ -391,12 +394,13 @@ pygi_set_property_value_real (PyGObject *instance,
             if (arg_items == NULL)
                 goto out;
 
-            strings = g_new0 (char*, arg_items->len);
+            strings = g_new0 (char*, arg_items->len + 1);
             for (i = 0; i < arg_items->len; ++i) {
                 strings[i] = g_array_index (arg_items, GIArgument, i).v_string;
             }
-            g_array_free (arg_items, TRUE);
+            strings[arg_items->len] = NULL;
             g_value_set_boxed (&value, strings);
+            g_array_free (arg_items, TRUE);
             break;
         }
         default:
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 91ed293..0764ea3 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -122,6 +122,7 @@ RUN_TESTS_ENV_VARS= \
 	GI_TYPELIB_PATH=$(builddir):$$GI_TYPELIB_PATH \
 	XDG_DATA_DIRS=$$XDG_DATA_DIRS:/usr/share \
 	MALLOC_PERTURB_=85 \
+	MALLOC_CHECK_=3 \
 	TESTS_BUILDDIR=$(builddir)
 
 check-local: $(LTLIBRARIES:.la=.so) $(test_typelibs) gschemas.compiled

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]