From: Ryan Lortie <desrt@desrt.ca>
Date: Tue, 14 Sep 2010 18:55:38 +0000 (-0400)
Subject: GVariant: Check for size == 0 in get_bytestring
X-Git-Tag: 2.25.16~21
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=235820d0ef817d549844fa898349e31f28fb833d;p=platform%2Fupstream%2Fglib.git

GVariant: Check for size == 0 in get_bytestring

And add a test from David that shows the problem.

Closes #629698
---

diff --git a/glib/gvariant.c b/glib/gvariant.c
index 133bfa1..f9eb851 100644
--- a/glib/gvariant.c
+++ b/glib/gvariant.c
@@ -1368,7 +1368,7 @@ g_variant_get_bytestring (GVariant *value)
   string = g_variant_get_data (value);
   size = g_variant_get_size (value);
 
-  if (string[size - 1] == '\0')
+  if (size && string[size - 1] == '\0')
     return string;
   else
     return "";
diff --git a/glib/tests/gvariant.c b/glib/tests/gvariant.c
index 7e228ac..74eee40 100644
--- a/glib/tests/gvariant.c
+++ b/glib/tests/gvariant.c
@@ -3819,6 +3819,8 @@ test_bytestring (void)
   GVariant *value;
   gchar **strv;
   gchar *str;
+  const gchar *const_str;
+  GVariant *untrusted_empty;
 
   strv = g_strsplit (test_string, ",", 0);
 
@@ -3884,6 +3886,12 @@ test_bytestring (void)
   g_variant_get_child (value, 3, "^&ay", &str);
   g_assert_cmpstr (str, ==, "foo");
   g_variant_unref (value);
+
+  untrusted_empty = g_variant_new_from_data (G_VARIANT_TYPE ("ay"), NULL, 0, FALSE, NULL, NULL);
+  value = g_variant_get_normal_form (untrusted_empty);
+  const_str = g_variant_get_bytestring (value);
+  g_variant_unref (value);
+  g_variant_unref (untrusted_empty);
 }
 
 int