[gtk/ebassi/memdup2: 77/78] Ensure we don't overflow when using g_memdup2()

From: Emmanuele Bassi <ebassi src gnome org>
To: commits-list gnome org
Cc:
Subject: [gtk/ebassi/memdup2: 77/78] Ensure we don't overflow when using g_memdup2()
Date: Thu, 11 Feb 2021 12:57:57 +0000 (UTC)


commit 12f138bbea93892e1e79cec5a9b9b2fd88c9a22c
Author: Emmanuele Bassi <ebassi gnome org>
Date:   Thu Feb 4 19:20:10 2021 +0000

    Ensure we don't overflow when using g_memdup2()
    
    When we turn integers into size_t we should check we're not going to
    make a mess.

 gtk/gtkcellareaboxcontext.c         | 7 +++++--
 gtk/inspector/gtktreemodelcssnode.c | 7 ++++++-
 2 files changed, 11 insertions(+), 3 deletions(-)
---
diff --git a/gtk/gtkcellareaboxcontext.c b/gtk/gtkcellareaboxcontext.c
index 9ad1ba6e7c..b759f718e2 100644
--- a/gtk/gtkcellareaboxcontext.c
+++ b/gtk/gtkcellareaboxcontext.c
@@ -407,6 +407,7 @@ _gtk_cell_area_box_init_groups (GtkCellAreaBoxContext *box_context,
                                 gboolean              *align_groups)
 {
   GtkCellAreaBoxContextPrivate *priv;
+  gsize groups_size;
 
   g_return_if_fail (GTK_IS_CELL_AREA_BOX_CONTEXT (box_context));
   g_return_if_fail (n_groups == 0 || expand_groups != NULL);
@@ -420,11 +421,13 @@ _gtk_cell_area_box_init_groups (GtkCellAreaBoxContext *box_context,
   g_array_set_size (priv->base_widths,  n_groups);
   g_array_set_size (priv->base_heights, n_groups);
 
+  groups_size = n_groups * sizeof (gboolean);
+
   g_free (priv->expand);
-  priv->expand = g_memdup (expand_groups, n_groups * sizeof (gboolean));
+  priv->expand = g_memdup2 (expand_groups, groups_size);
 
   g_free (priv->align);
-  priv->align = g_memdup (align_groups, n_groups * sizeof (gboolean));
+  priv->align = g_memdup2 (align_groups, groups_size);
 }
 
 void
diff --git a/gtk/inspector/gtktreemodelcssnode.c b/gtk/inspector/gtktreemodelcssnode.c
index 2939e438cf..17d9ecd743 100644
--- a/gtk/inspector/gtktreemodelcssnode.c
+++ b/gtk/inspector/gtktreemodelcssnode.c
@@ -401,17 +401,22 @@ gtk_tree_model_css_node_newv (GtkTreeModelCssNodeGetFunc  get_func,
 {
   GtkTreeModelCssNode *result;
   GtkTreeModelCssNodePrivate *priv;
+  gsize columns_size;
 
   g_return_val_if_fail (get_func != NULL, NULL);
   g_return_val_if_fail (n_columns > 0, NULL);
+  g_return_val_if_fail (n_columns <= G_MAXSIZE / sizeof (GType), NULL);
   g_return_val_if_fail (types != NULL, NULL);
 
   result = g_object_new (GTK_TYPE_TREE_MODEL_CSS_NODE, NULL);
+
   priv = result->priv;
 
+  columns_size = n_columns * sizeof (GType);
+
   priv->get_func = get_func;
   priv->n_columns = n_columns;
-  priv->column_types = g_memdup (types, sizeof (GType) * n_columns);
+  priv->column_types = g_memdup2 (types, columns_size);
 
   return GTK_TREE_MODEL (result);
 }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]