[glib] GVariant: validate that passed string is UTF-8

[David Zeuthen <davidz src gnome org>]

commit 5e6f762d61db1a5c64bd1d33e5ba112755106581
Author: David Zeuthen <davidz redhat com>
Date:   Tue Aug 3 13:33:03 2010 -0400

    GVariant: validate that passed string is UTF-8
    
    As discussed with Ryan on IRC.
    
    This check is crucial because it guarantees that
    g_variant_get_string() will _always_ return valid UTF-8. Except in
    cases where the programmer used unsafe API such as
    g_variant_new_from_data() and setting @trusted to TRUE.
    
    In fact, this check revealed a flaw in my polkit gdbus port
    
     (lt-polkitd:11632): GLib-CRITICAL **: g_variant_new_string: assertion
     `g_utf8_validate (string, len, NULL)' failed
    
    and with this I could easily find the problem by using gdb(1) and
    G_DBUS=fatal-warnings.
    
    Without this check we'd pass the non-UTF8 string all the way to the
    message bus and the bus would then disconnect us. So instead I was
    seeing
    
      g_dbus_connection_real_closed: Remote peer vanished with error:
      Underlying GIOStream returned 0 bytes on an async read
      (g-io-error-quark, 0). Exiting.
    
    and then SIGTERM as raised by g_dbus_connection_real_closed() and my
    polkitd process would exit. This behavior is much harder to debug than
    failing early (as this patch implements).
    
    Signed-off-by: David Zeuthen <davidz redhat com>

 glib/gvariant.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/glib/gvariant.c b/glib/gvariant.c
index a259195..ab42d2c 100644
--- a/glib/gvariant.c
+++ b/glib/gvariant.c
@@ -971,6 +971,7 @@ GVariant *
 g_variant_new_string (const gchar *string)
 {
   g_return_val_if_fail (string != NULL, NULL);
+  g_return_val_if_fail (g_utf8_validate (string, -1, NULL), NULL);
 
   return g_variant_new_from_trusted (G_VARIANT_TYPE_STRING,
                                      string, strlen (string) + 1);