From: David Zeuthen Date: Tue, 3 Aug 2010 17:33:03 +0000 (-0400) Subject: GVariant: validate that passed string is UTF-8 X-Git-Tag: 2.25.13~34 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=5e6f762d61db1a5c64bd1d33e5ba112755106581;p=platform%2Fupstream%2Fglib.git GVariant: validate that passed string is UTF-8 As discussed with Ryan on IRC. This check is crucial because it guarantees that g_variant_get_string() will _always_ return valid UTF-8. Except in cases where the programmer used unsafe API such as g_variant_new_from_data() and setting @trusted to TRUE. In fact, this check revealed a flaw in my polkit gdbus port (lt-polkitd:11632): GLib-CRITICAL **: g_variant_new_string: assertion `g_utf8_validate (string, len, NULL)' failed and with this I could easily find the problem by using gdb(1) and G_DBUS=fatal-warnings. Without this check we'd pass the non-UTF8 string all the way to the message bus and the bus would then disconnect us. So instead I was seeing g_dbus_connection_real_closed: Remote peer vanished with error: Underlying GIOStream returned 0 bytes on an async read (g-io-error-quark, 0). Exiting. and then SIGTERM as raised by g_dbus_connection_real_closed() and my polkitd process would exit. This behavior is much harder to debug than failing early (as this patch implements). Signed-off-by: David Zeuthen --- diff --git a/glib/gvariant.c b/glib/gvariant.c index a259195..ab42d2c 100644 --- a/glib/gvariant.c +++ b/glib/gvariant.c @@ -971,6 +971,7 @@ GVariant * g_variant_new_string (const gchar *string) { g_return_val_if_fail (string != NULL, NULL); + g_return_val_if_fail (g_utf8_validate (string, -1, NULL), NULL); return g_variant_new_from_trusted (G_VARIANT_TYPE_STRING, string, strlen (string) + 1);