[glib] xdgmime: Fix an invalid read
- From: Kalev Lember <klember src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib] xdgmime: Fix an invalid read
- Date: Fri, 4 Oct 2013 21:49:17 +0000 (UTC)
commit be7f40185fb2ce884112c1f8a4b196ea65350466
Author: Kalev Lember <kalevlember gmail com>
Date: Sat Sep 21 13:52:09 2013 +0200
xdgmime: Fix an invalid read
This commit factors out a function for comparing string suffixes, and at
the same time makes it safe for mime types that are shorter than the
"/*" suffix.
==25418== Invalid read of size 1
==25418== at 0x3C6D0F9D22: __gio_xdg_cache_mime_type_subclass (xdgmimecache.c:848)
==25418== by 0x3C6D09ED8C: g_content_type_is_a (gcontenttype.c:158)
==25418== by 0x34D8031E95: gtk_recent_filter_filter (gtkrecentfilter.c:733)
==25418== by 0x34D802F167: _gtk_recent_chooser_get_items (gtkrecentchooserutils.c:387)
==25418== by 0x34D802D07F: idle_populate_func (gtkrecentchoosermenu.c:1011)
==25418== by 0x34D7A20477: gdk_threads_dispatch (gdk.c:804)
==25418== by 0x3C6C0492F5: g_main_context_dispatch (gmain.c:3065)
==25418== by 0x3C6C049677: g_main_context_iterate.isra.23 (gmain.c:3712)
==25418== by 0x3C6C04972B: g_main_context_iteration (gmain.c:3773)
==25418== by 0x34D7FC2AF4: gtk_main_iteration (gtkmain.c:1262)
==25418== by 0x408EB4: main (in /usr/bin/glade)
https://bugzilla.gnome.org/show_bug.cgi?id=708529
gio/xdgmime/xdgmime.c | 19 ++++++++++++++-----
gio/xdgmime/xdgmimecache.c | 19 ++++++++++++++-----
2 files changed, 28 insertions(+), 10 deletions(-)
---
diff --git a/gio/xdgmime/xdgmime.c b/gio/xdgmime/xdgmime.c
index 846be39..f73b7f2 100644
--- a/gio/xdgmime/xdgmime.c
+++ b/gio/xdgmime/xdgmime.c
@@ -741,19 +741,28 @@ xdg_mime_media_type_equal (const char *mime_a,
#if 1
static int
-xdg_mime_is_super_type (const char *mime)
+ends_with (const char *str,
+ const char *suffix)
{
int length;
- const char *type;
+ int suffix_length;
- length = strlen (mime);
- type = &(mime[length - 2]);
+ length = strlen (str);
+ suffix_length = strlen (suffix);
+ if (length < suffix_length)
+ return 0;
- if (strcmp (type, "/*") == 0)
+ if (strcmp (str + length - suffix_length, suffix) == 0)
return 1;
return 0;
}
+
+static int
+xdg_mime_is_super_type (const char *mime)
+{
+ return ends_with (mime, "/*");
+}
#endif
int
diff --git a/gio/xdgmime/xdgmimecache.c b/gio/xdgmime/xdgmimecache.c
index 87a3cd0..3a64deb 100644
--- a/gio/xdgmime/xdgmimecache.c
+++ b/gio/xdgmime/xdgmimecache.c
@@ -837,19 +837,28 @@ _xdg_mime_cache_get_mime_types_from_file_name (const char *file_name,
#if 1
static int
-is_super_type (const char *mime)
+ends_with (const char *str,
+ const char *suffix)
{
int length;
- const char *type;
+ int suffix_length;
- length = strlen (mime);
- type = &(mime[length - 2]);
+ length = strlen (str);
+ suffix_length = strlen (suffix);
+ if (length < suffix_length)
+ return 0;
- if (strcmp (type, "/*") == 0)
+ if (strcmp (str + length - suffix_length, suffix) == 0)
return 1;
return 0;
}
+
+static int
+is_super_type (const char *mime)
+{
+ return ends_with (mime, "/*");
+}
#endif
int
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
