[libgsf] openpkg: fix access of absolute relations

From: Morten Welinder <mortenw src gnome org>
To: commits-list gnome org
Cc:
Subject: [libgsf] openpkg: fix access of absolute relations
Date: Sat, 6 Feb 2016 22:38:49 +0000 (UTC)
commit 4d66e257e0e16187d3e62600fe3555d0d0666190
Author: Morten Welinder <terra gnome org>
Date:   Sat Feb 6 17:38:15 2016 -0500

    openpkg: fix access of absolute relations
    
    And plug a leak while we're at it.

 ChangeLog                |    8 ++++++++
 NEWS                     |    4 ++++
 gsf/gsf-libxml.c         |    3 +++
 gsf/gsf-open-pkg-utils.c |    6 ++++--
 4 files changed, 19 insertions(+), 2 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index 36ed09b..a3cb0f5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2016-02-06  Morten Welinder  <terra gnome org>
+
+       * gsf/gsf-open-pkg-utils.c (gsf_open_pkg_open_rel): Move
+       parent-reffing to after we handle absolute references.  Fixes
+       #761648.
+
+       * gsf/gsf-libxml.c (gsf_xml_in_doc_parse): Plug leak.
+
 2016-02-06  Morten Welinder <terra gnome org>
 
        * configure.ac: Post-release bump.
diff --git a/NEWS b/NEWS
index 4a6cbd6..7e35055 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,9 @@
 libgsf 1.14.36
 
+Morten:
+       * Plug leak
+       * Fix openpkg absolute member reference.  [#761648]
+
 --------------------------------------------------------------------------
 libgsf 1.14.35
 
diff --git a/gsf/gsf-libxml.c b/gsf/gsf-libxml.c
index 6eee5a4..fc77c47 100644
--- a/gsf/gsf-libxml.c
+++ b/gsf/gsf-libxml.c
@@ -1339,6 +1339,9 @@ gsf_xml_in_doc_parse (GsfXMLInDoc *doc, GsfInput *input, gpointer user_state)
        res = ctxt->wellFormed;
        xmlFreeParserCtxt (ctxt);
 
+       if (state.pub.content)
+               g_string_free (state.pub.content, TRUE);
+
        return res;
 }
 
diff --git a/gsf/gsf-open-pkg-utils.c b/gsf/gsf-open-pkg-utils.c
index 3cfb76f..9e42daf 100644
--- a/gsf/gsf-open-pkg-utils.c
+++ b/gsf/gsf-open-pkg-utils.c
@@ -233,7 +233,6 @@ gsf_open_pkg_open_rel (GsfInput *opkg, GsfOpenPkgRel const *rel,
        parent = gsf_input_name (opkg)
                ? gsf_input_container (opkg)
                : GSF_INFILE (opkg);
-       g_object_ref (parent);
 
        target = rel->target;
        if (target[0] == '/') {
@@ -249,6 +248,7 @@ gsf_open_pkg_open_rel (GsfInput *opkg, GsfOpenPkgRel const *rel,
                }
        }
 
+       g_object_ref (parent);
        elems = g_strsplit (rel->target, "/", 0);
        for (i = 0 ; elems[i] && NULL != parent ; i++) {
                if (0 == strcmp (elems[i], ".") || '\0' == *elems[i])
@@ -262,8 +262,10 @@ gsf_open_pkg_open_rel (GsfInput *opkg, GsfOpenPkgRel const *rel,
                                /* check for attempt to gain access outside the zip file */
                                if (G_OBJECT_TYPE (parent) == G_OBJECT_TYPE (prev_parent))
                                        g_object_ref (parent);
-                               else
+                               else {
+                                       g_warning ("Broken file: relation access outside container\n");
                                        parent = NULL;
+                               }
                        }
                } else {
                        res = gsf_infile_child_by_name (parent, elems[i]);
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]