[gtk+/gtk-3-22] cssselector: Ensure we do not index out of bounds
- From: Daniel Boles <dboles src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gtk+/gtk-3-22] cssselector: Ensure we do not index out of bounds
- Date: Tue, 1 Aug 2017 19:20:04 +0000 (UTC)
commit 6063a8923575816adee6ff3eafcfe07a8749d31e
Author: Daniel Boles <dboles src gnome org>
Date: Tue Aug 1 19:57:51 2017 +0100
cssselector: Ensure we do not index out of bounds
This would only happen if the last element was deprecated, but it should
be avoided anyway.
CID 1388852 (#1 of 1): Out-of-bounds read (OVERRUN)
12. overrun-local: Overrunning array pseudo_classes of 16 32-byte
elements at element index 16 (byte offset 512) using index i + 1U (which
evaluates to 16).
gtk/gtkcssselector.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
---
diff --git a/gtk/gtkcssselector.c b/gtk/gtkcssselector.c
index 06258cf..9739c5a 100644
--- a/gtk/gtkcssselector.c
+++ b/gtk/gtkcssselector.c
@@ -1142,8 +1142,8 @@ parse_selector_pseudo_class (GtkCssParser *parser,
{ "visited", 0, GTK_STATE_FLAG_VISITED, },
{ "checked", 0, GTK_STATE_FLAG_CHECKED, },
{ "drop(active)", 0, GTK_STATE_FLAG_DROP_ACTIVE, }
-
};
+
guint i;
if (_gtk_css_parser_try (parser, "nth-child", FALSE))
@@ -1163,7 +1163,8 @@ parse_selector_pseudo_class (GtkCssParser *parser,
selector->state.state = pseudo_classes[i].state_flag;
if (pseudo_classes[i].deprecated)
{
- if (pseudo_classes[i + 1].state_flag == pseudo_classes[i].state_flag)
+ if (i + 1 < G_N_ELEMENTS (pseudo_classes) &&
+ pseudo_classes[i + 1].state_flag == pseudo_classes[i].state_flag)
_gtk_css_parser_error_full (parser,
GTK_CSS_PROVIDER_ERROR_DEPRECATED,
"The :%s pseudo-class is deprecated. Use :%s instead.",
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
