[libgxps] Fixed read of uninitialized memory in gxps_parse_stream()

From: Carlos Garcia Campos <carlosgc src gnome org>
To: commits-list gnome org
Cc:
Subject: [libgxps] Fixed read of uninitialized memory in gxps_parse_stream()
Date: Fri, 2 Sep 2011 07:23:15 +0000 (UTC)

commit 6641e75e30c1bd2f53bd80bf934919001bbcb629
Author: Jason Crain <jason aquaticape us>
Date:   Thu Sep 1 21:03:40 2011 -0500

    Fixed read of uninitialized memory in gxps_parse_stream()
    
    When a stream contains only a BOM, gxps_parse_stream() can pass a
    negative length to g_markup_parse_context_parse() causing it to read
    uninitialized memory.

 libgxps/gxps-parse-utils.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/libgxps/gxps-parse-utils.c b/libgxps/gxps-parse-utils.c
index afdff88..9854103 100644
--- a/libgxps/gxps-parse-utils.c
+++ b/libgxps/gxps-parse-utils.c
@@ -185,7 +185,7 @@ gxps_parse_stream (GMarkupParseContext  *context,
 		}
 
 		g_markup_parse_context_get_position (context, &line, &column);
-		has_bom = line == 1 && column == 1 && utf8_has_bom (buffer);
+		has_bom = line == 1 && column == 1 && bytes_read >= 3 && utf8_has_bom (buffer);
 		if (!g_markup_parse_context_parse (context,
 						   has_bom ? (const gchar *)buffer + 3 : (const gchar *)buffer,
 						   has_bom ? bytes_read - 3 : bytes_read,

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]