gvariant: fix recursing into empty array

In GVariant, arrays of variable size values have offsets at the end.
We need to know how many offsets are in an array when we recurse
into it. To count the offsets we need to have offsets size and
the start and end of the offsets. The start of the offsets
is computed from the value of the last offset.

On the other hand, empty arrays have size equal to zero. In other words,
they have no offsets. Function _dbus_reader_count_array_elems missed it.

This commit fixes _dbus_reader_count_array_elems() by ensuring returning 0
when an array is empty.

Change-Id: I5f93ea89e490b321b2c2528e7bae838a1af0ec75

diff --git a/dbus/dbus-marshal-gvariant.c b/dbus/dbus-marshal-gvariant.c
index 825b718..9f3ff3e 100644 (file)
--- a/dbus/dbus-marshal-gvariant.c
+++ b/dbus/dbus-marshal-gvariant.c
@@ -1076,10 +1076,16 @@ _dbus_reader_get_offset_of_end_of_variable (DBusTypeReader *reader)
 int
 _dbus_reader_count_array_elems (const DBusTypeReader *reader)
 {
+/* To count the offsets we need to have offsets size and
+ * the start and end of the offsets. The start of the offsets
+ * is computed from the value of the last offset.
+ */
   const char *buffer = _dbus_string_get_const_data (reader->value_str) + reader->value_start;
   size_t container_size = reader->value_end - reader->value_start;
   size_t offset_size = bus_gvariant_determine_word_size (container_size, 0);
-  size_t last_offset = bus_gvariant_read_word_le (buffer + container_size - offset_size, offset_size);
+  size_t last_offset = container_size; /* this will give 0 if container is smaller than a single offset */
+  if (container_size > offset_size)
+         last_offset = bus_gvariant_read_word_le (buffer + container_size - offset_size, offset_size);
   return (container_size - last_offset) / offset_size;
 }