Ensure we don't overflow when using g_memdup2()

When we turn integers into size_t we should check we're not going to make a mess.
2024-12-26 21:51:08 +00:00 · 2021-02-04 19:20:10 +00:00 · 2021-02-04 19:20:10 +00:00 · a63a2b26cf
commit a63a2b26cf
parent 43fd9d16c5
2 changed files with 18 additions and 3 deletions
--- a/gtk/gtkcellareaboxcontext.c
+++ b/gtk/gtkcellareaboxcontext.c
@ -25,6 +25,9 @@
 #include "gtkcellareaboxcontextprivate.h"
 #include "gtkorientable.h"

+/* XXX: For g_memdup2() */
+#include "gtkprivate.h"
+
 /* GObjectClass */
 static void      _gtk_cell_area_box_context_finalize              (GObject               *object);

@ -407,6 +410,7 @@ _gtk_cell_area_box_init_groups (GtkCellAreaBoxContext *box_context,
                                gboolean              *align_groups)
 {
  GtkCellAreaBoxContextPrivate *priv;
+  gsize groups_size;

  g_return_if_fail (GTK_IS_CELL_AREA_BOX_CONTEXT (box_context));
  g_return_if_fail (n_groups == 0 || expand_groups != NULL);
@ -420,11 +424,13 @@ _gtk_cell_area_box_init_groups (GtkCellAreaBoxContext *box_context,
  g_array_set_size (priv->base_widths,  n_groups);
  g_array_set_size (priv->base_heights, n_groups);

+  groups_size = n_groups * sizeof (gboolean);
+
  g_free (priv->expand);
-  priv->expand = g_memdup (expand_groups, n_groups * sizeof (gboolean));
+  priv->expand = g_memdup2 (expand_groups, groups_size);

  g_free (priv->align);
-  priv->align = g_memdup (align_groups, n_groups * sizeof (gboolean));
+  priv->align = g_memdup2 (align_groups, groups_size);
 }

 void
--- a/gtk/inspector/gtktreemodelcssnode.c
+++ b/gtk/inspector/gtktreemodelcssnode.c
@ -20,6 +20,10 @@
 #include "gtktreemodelcssnode.h"
 #include "gtk/gtkcsstransientnodeprivate.h"

+#if !GLIB_CHECK_VERSION (2, 67, 3)
+# define g_memdup2(mem,size)    g_memdup((mem), (size))
+#endif
+
 struct _GtkTreeModelCssNodePrivate
 {
  GtkTreeModelCssNodeGetFunc    get_func;
@ -401,17 +405,22 @@ gtk_tree_model_css_node_newv (GtkTreeModelCssNodeGetFunc  get_func,
 {
  GtkTreeModelCssNode *result;
  GtkTreeModelCssNodePrivate *priv;
+  gsize columns_size;

  g_return_val_if_fail (get_func != NULL, NULL);
  g_return_val_if_fail (n_columns > 0, NULL);
+  g_return_val_if_fail (n_columns <= G_MAXSIZE / sizeof (GType), NULL);
  g_return_val_if_fail (types != NULL, NULL);

  result = g_object_new (GTK_TYPE_TREE_MODEL_CSS_NODE, NULL);
+
  priv = result->priv;

+  columns_size = n_columns * sizeof (GType);
+
  priv->get_func = get_func;
  priv->n_columns = n_columns;
-  priv->column_types = g_memdup (types, sizeof (GType) * n_columns);
+  priv->column_types = g_memdup2 (types, columns_size);

  return GTK_TREE_MODEL (result);
 }