[gimp/gimp-2-6] Bug 493778 – metadata plug-in crashes on some images

[Martin Nordholts <martinn src gnome org>]

commit baf48c6167cbf77bccc686498de96fb674619f1f
Author: Massimo Valentini <sixtysix inwind it>
Date:   Mon Jul 20 14:59:29 2009 +0200

    Bug 493778 â?? metadata plug-in crashes on some images
    
    The problem is that the parser adds an empty property value when
    parsing an empty Alt-array, "<rdf:Alt/>".
    
    But when it is encoded it is expected to be in the form of a NULL
    terminated array of pairs of property values, with the result that the
    NULL terminator is considered the second element of the first pair and
    the loop encoding these properties goes beyond the end of the array,
    thus dereferencing invalid pointers.
    
    This commit alters the parser to avoid adding dummy values when empty
    rdf:Alt, rdf:Bag and rdf:Seq elements are found.

 plug-ins/metadata/xmp-parse.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)
---
diff --git a/plug-ins/metadata/xmp-parse.c b/plug-ins/metadata/xmp-parse.c
index bed0d8d..0043f61 100644
--- a/plug-ins/metadata/xmp-parse.c
+++ b/plug-ins/metadata/xmp-parse.c
@@ -926,6 +926,11 @@ end_element_handler    (GMarkupParseContext  *markup_context,
     case STATE_INSIDE_ALT:
     case STATE_INSIDE_BAG:
     case STATE_INSIDE_SEQ:
+      if (context->property && context->prop_cur_value < 0)
+        {
+          g_free (context->property);
+          context->property = NULL;
+        }
       context->state = STATE_INSIDE_PROPERTY;
       break;