From 15c43e5284c9671e946aa57f32310c3b54f00f28 Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Tue, 10 Oct 2023 18:54:27 -0400
Subject: [PATCH] a11y: Avoid a crash

It is not safe to access text[end],
if text may not be NUL-terminated.

Fixes: #6146
---
 gtk/a11y/gtkatspicontext.c | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/gtk/a11y/gtkatspicontext.c b/gtk/a11y/gtkatspicontext.c
index 6c7612c1d6..db6c55e8c8 100644
--- a/gtk/a11y/gtkatspicontext.c
+++ b/gtk/a11y/gtkatspicontext.c
@@ -705,27 +705,19 @@ emit_text_changed (GtkAtSpiContext *self,
                    int              end,
                    const char      *text)
 {
-  char *copy = NULL;
-
   if (self->connection == NULL)
     return;
 
-  /* Protect against possible non-UTF8 garbage after the end
-   * that g_variant_new_string() will complain about.
-   */
-  if (text[end] != '\0')
-    text = copy = g_strndup (text, end);
-
   g_dbus_connection_emit_signal (self->connection,
                                  NULL,
                                  self->context_path,
                                  "org.a11y.atspi.Event.Object",
                                  "TextChanged",
                                  g_variant_new ("(siiva{sv})",
-                                                kind, start, end, g_variant_new_string (text), NULL),
+                                                kind, start, end,
+                                                g_variant_new_take_string (g_strndup (text, end)),
+                                                NULL),
                                  NULL);
-
-  g_free (copy);
 }
 
 static void