GVariant: fix string validation

String validation was done by checking if the string was valid utf8 and
ensuring that the first non-utf8 character was the last character (ie:
the nul terminator).

No check was actually done to make sure that this byte actually
contained a nul, however, so it was possible that you could have a
string like "hello\xff" with length 6 that would correctly validate.

Fix that, and test it.

diff --git a/glib/gvariant-serialiser.c b/glib/gvariant-serialiser.c
index d4b668b..4ee6c72 100644 (file)
--- a/glib/gvariant-serialiser.c
+++ b/glib/gvariant-serialiser.c
@@ -1593,11 +1593,20 @@ gboolean
 g_variant_serialiser_is_string (gconstpointer data,
                                 gsize         size)
 {
+  const gchar *expected_end;
   const gchar *end;
 
+  if (size == 0)
+    return FALSE;
+
+  expected_end = ((gchar *) data) + size - 1;
+
+  if (*expected_end != '\0')
+    return FALSE;
+
   g_utf8_validate (data, size, &end);
 
-  return data == end - (size - 1);
+  return end == expected_end;
 }
 
 /* < private >

diff --git a/glib/tests/gvariant.c b/glib/tests/gvariant.c
index d3d8aa2..a6bef23 100644 (file)
--- a/glib/tests/gvariant.c
+++ b/glib/tests/gvariant.c
@@ -1821,6 +1821,7 @@ test_strings (void)
     { is_nval,     13, "hello world\0" },
     { is_nval,     13, "hello\0world!" },
     { is_nval,     12, "hello world!" },
+    { is_nval,     13, "hello world!\xff" },
 
     { is_objpath,   2, "/" },
     { is_objpath,   3, "/a" },