From 3d03fdbfe443cfea53a51def8275f200d4aa0617 Mon Sep 17 00:00:00 2001 From: Behdad Esfahbod Date: Mon, 10 Dec 2007 10:56:18 +0000 Subject: [PATCH] =?utf8?q?Bug=20399573=20=E2=80=93=20replace=20strtoul=20i?= =?utf8?q?n=20pango-markup.c=20with=20pango=5Fscan=5Fint()?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit 2007-12-10 Behdad Esfahbod Bug 399573 – replace strtoul in pango-markup.c with pango_scan_int() * pango/pango-markup.c (span_parse_func): Use pango_scan_int() and improve error message on parse failure. svn path=/trunk/; revision=2520 --- ChangeLog | 7 +++++++ pango/pango-markup.c | 17 +++++++++-------- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index d17108b..b7ad3b4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ 2007-12-10 Behdad Esfahbod + Bug 399573 – replace strtoul in pango-markup.c with pango_scan_int() + + * pango/pango-markup.c (span_parse_func): Use pango_scan_int() and + improve error message on parse failure. + +2007-12-10 Behdad Esfahbod + Bug 478914 – Use something invalid instead of '?' when validating input text diff --git a/pango/pango-markup.c b/pango/pango-markup.c index af337e1..abb3890 100644 --- a/pango/pango-markup.c +++ b/pango/pango-markup.c @@ -1079,20 +1079,21 @@ span_parse_func (MarkupData *md, { if (g_ascii_isdigit (*size)) { - char *end = NULL; - gulong n; + const char *end; + gint n; - n = strtoul (size, &end, 10); +/* cap size from the top at an arbitrary 2048 */ +#define MAX_SIZE (2048 * PANGO_SCALE) - if (*end != '\0' || n < 0 || n > 1000000) + if ((end = size, !pango_scan_int (&end, &n)) || *end != '\0' || n < 0 || n > MAX_SIZE) { g_set_error (error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, - _("Value of 'size' attribute on tag on line %d" - "could not be parsed; should be an integer, or a " + _("Value of 'size' attribute on tag on line %d " + "could not be parsed; should be an integer less than %d, or a " "string such as 'small', not '%s'"), - line_number, size); + line_number, MAX_SIZE+1, size); goto error; } @@ -1123,7 +1124,7 @@ span_parse_func (MarkupData *md, g_set_error (error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, - _("Value of 'size' attribute on tag on line %d" + _("Value of 'size' attribute on tag on line %d " "could not be parsed; should be an integer, or a " "string such as 'small', not '%s'"), line_number, size); -- 2.7.4