GVariant parser: fix tuple type checking

Robert Ancell discovered that the GVariant parser messes up pretty badly
when the type of a tuple is specified and the tuple in the text being
parsed has a different number of elements (but otherwise matching child
types).

Check that we have the expected number of elements.

Closes #644786.

diff --git a/glib/gvariant-parser.c b/glib/gvariant-parser.c
index 7cd424b..6131e3c 100644 (file)
--- a/glib/gvariant-parser.c
+++ b/glib/gvariant-parser.c
@@ -1014,6 +1014,12 @@ tuple_get_value (AST                 *ast,
     {
       GVariant *child;
 
+      if (childtype == NULL)
+        {
+          g_variant_builder_clear (&builder);
+          return ast_type_error (ast, type, error);
+        }
+
       if (!(child = ast_get_value (tuple->children[i], childtype, error)))
         {
           g_variant_builder_clear (&builder);
@@ -1024,6 +1030,12 @@ tuple_get_value (AST                 *ast,
       childtype = g_variant_type_next (childtype);
     }
 
+  if (childtype != NULL)
+    {
+      g_variant_builder_clear (&builder);
+      return ast_type_error (ast, type, error);
+    }
+
   return g_variant_builder_end (&builder);
 }