diff options
| author | Kalev Lember <kalevlember@gmail.com> | 2013-09-21 13:52:09 +0200 |
|---|---|---|
| committer | Kalev Lember <kalevlember@gmail.com> | 2013-10-04 22:08:36 +0200 |
| commit | be7f40185fb2ce884112c1f8a4b196ea65350466 (patch) | |
| tree | adff2c33ede126a910d8532f4743eeb322a392c2 /gio/xdgmime | |
| parent | 5aead642c29d2fcd4cc4152449eb434b52edc6af (diff) | |
xdgmime: Fix an invalid read
This commit factors out a function for comparing string suffixes, and at
the same time makes it safe for mime types that are shorter than the
"/*" suffix.
==25418== Invalid read of size 1
==25418== at 0x3C6D0F9D22: __gio_xdg_cache_mime_type_subclass (xdgmimecache.c:848)
==25418== by 0x3C6D09ED8C: g_content_type_is_a (gcontenttype.c:158)
==25418== by 0x34D8031E95: gtk_recent_filter_filter (gtkrecentfilter.c:733)
==25418== by 0x34D802F167: _gtk_recent_chooser_get_items (gtkrecentchooserutils.c:387)
==25418== by 0x34D802D07F: idle_populate_func (gtkrecentchoosermenu.c:1011)
==25418== by 0x34D7A20477: gdk_threads_dispatch (gdk.c:804)
==25418== by 0x3C6C0492F5: g_main_context_dispatch (gmain.c:3065)
==25418== by 0x3C6C049677: g_main_context_iterate.isra.23 (gmain.c:3712)
==25418== by 0x3C6C04972B: g_main_context_iteration (gmain.c:3773)
==25418== by 0x34D7FC2AF4: gtk_main_iteration (gtkmain.c:1262)
==25418== by 0x408EB4: main (in /usr/bin/glade)
https://bugzilla.gnome.org/show_bug.cgi?id=708529
Diffstat (limited to 'gio/xdgmime')
| -rw-r--r-- | gio/xdgmime/xdgmime.c | 19 | ||||
| -rw-r--r-- | gio/xdgmime/xdgmimecache.c | 19 |
2 files changed, 28 insertions, 10 deletions
diff --git a/gio/xdgmime/xdgmime.c b/gio/xdgmime/xdgmime.c index 846be39f7..f73b7f213 100644 --- a/gio/xdgmime/xdgmime.c +++ b/gio/xdgmime/xdgmime.c @@ -741,19 +741,28 @@ xdg_mime_media_type_equal (const char *mime_a, #if 1 static int -xdg_mime_is_super_type (const char *mime) +ends_with (const char *str, + const char *suffix) { int length; - const char *type; + int suffix_length; - length = strlen (mime); - type = &(mime[length - 2]); + length = strlen (str); + suffix_length = strlen (suffix); + if (length < suffix_length) + return 0; - if (strcmp (type, "/*") == 0) + if (strcmp (str + length - suffix_length, suffix) == 0) return 1; return 0; } + +static int +xdg_mime_is_super_type (const char *mime) +{ + return ends_with (mime, "/*"); +} #endif int diff --git a/gio/xdgmime/xdgmimecache.c b/gio/xdgmime/xdgmimecache.c index 87a3cd00b..3a64debd7 100644 --- a/gio/xdgmime/xdgmimecache.c +++ b/gio/xdgmime/xdgmimecache.c @@ -837,19 +837,28 @@ _xdg_mime_cache_get_mime_types_from_file_name (const char *file_name, #if 1 static int -is_super_type (const char *mime) +ends_with (const char *str, + const char *suffix) { int length; - const char *type; + int suffix_length; - length = strlen (mime); - type = &(mime[length - 2]); + length = strlen (str); + suffix_length = strlen (suffix); + if (length < suffix_length) + return 0; - if (strcmp (type, "/*") == 0) + if (strcmp (str + length - suffix_length, suffix) == 0) return 1; return 0; } + +static int +is_super_type (const char *mime) +{ + return ends_with (mime, "/*"); +} #endif int |