[glib/markup-cve-fixes-2-56: 1/2] gmarkup: Fix unvalidated UTF-8 read in markup parsing error paths
- From: Iain Lane <iainl src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib/markup-cve-fixes-2-56: 1/2] gmarkup: Fix unvalidated UTF-8 read in markup parsing error paths
- Date: Wed, 12 Sep 2018 11:55:55 +0000 (UTC)
commit 6ea19a71e8c0d0eb57e6401b1871c52913ba7b84
Author: Philip Withnall <withnall endlessm com>
Date: Mon Jul 30 18:10:25 2018 +0100
gmarkup: Fix unvalidated UTF-8 read in markup parsing error paths
When formatting the error messages for markup parsing errors, the parser
was unconditionally reading a UTF-8 character from the input buffer —
but the buffer might end with a partial code sequence, resulting in
reading off the end of the buffer by up to three bytes.
Fix this and add a test case, courtesy of pdknsk.
Signed-off-by: Philip Withnall <withnall endlessm com>
https://gitlab.gnome.org/GNOME/glib/issues/1462
(cherry picked from commit cec71705406f0b2790422f0c1aa0ff3b4b464b1b)
glib/gmarkup.c | 14 +++++++++++++-
glib/tests/Makefile.am | 2 +-
glib/tests/markups/fail-50.expected | 1 +
glib/tests/markups/fail-50.gmarkup | 1 +
4 files changed, 16 insertions(+), 2 deletions(-)
---
diff --git a/glib/gmarkup.c b/glib/gmarkup.c
index ed30ed297..fd3a11c52 100644
--- a/glib/gmarkup.c
+++ b/glib/gmarkup.c
@@ -557,11 +557,23 @@ char_str (gunichar c,
return buf;
}
+/* Format the next UTF-8 character as a gchar* for printing in error output
+ * when we encounter a syntax error. This correctly handles invalid UTF-8,
+ * emitting it as hex escapes. */
static gchar*
utf8_str (const gchar *utf8,
gchar *buf)
{
- char_str (g_utf8_get_char (utf8), buf);
+ gunichar c = g_utf8_get_char_validated (utf8, -1);
+ if (c == (gunichar) -1 || c == (gunichar) -2)
+ {
+ gchar *temp = g_strdup_printf ("\\x%02x", (guint)(guchar)*utf8);
+ memset (buf, 0, 8);
+ memcpy (buf, temp, strlen (temp));
+ g_free (temp);
+ }
+ else
+ char_str (c, buf);
return buf;
}
diff --git a/glib/tests/Makefile.am b/glib/tests/Makefile.am
index b3983d3bd..d119fd974 100644
--- a/glib/tests/Makefile.am
+++ b/glib/tests/Makefile.am
@@ -155,7 +155,7 @@ markup_tests = \
fail-31 fail-32 fail-33 fail-34 fail-35 \
fail-36 fail-37 fail-38 fail-39 fail-40 \
fail-41 fail-42 fail-43 fail-44 fail-45 \
- fail-46 fail-47 fail-48 fail-49 \
+ fail-46 fail-47 fail-48 fail-49 fail-50 \
valid-1 valid-2 valid-3 valid-4 valid-5 \
valid-6 valid-7 valid-8 valid-9 valid-10 \
valid-11 valid-12 valid-13 valid-14 valid-15 \
diff --git a/glib/tests/markups/fail-50.expected b/glib/tests/markups/fail-50.expected
new file mode 100644
index 000000000..e0a11e7eb
--- /dev/null
+++ b/glib/tests/markups/fail-50.expected
@@ -0,0 +1 @@
+ERROR Error on line 1 char 5: Odd character '\xfc', expected an open quote mark after the equals sign when
giving value for attribute 'r' of element ''
diff --git a/glib/tests/markups/fail-50.gmarkup b/glib/tests/markups/fail-50.gmarkup
new file mode 100644
index 000000000..f110f1564
--- /dev/null
+++ b/glib/tests/markups/fail-50.gmarkup
@@ -0,0 +1 @@
+< r=�
\ No newline at end of file
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]