diff options
| author | Matthias Clasen <mclasen@redhat.com> | 2007-01-08 14:49:30 +0000 |
|---|---|---|
| committer | Matthias Clasen <matthiasc@src.gnome.org> | 2007-01-08 14:49:30 +0000 |
| commit | 32e1c3b4d21eedc335666a069e0c954c98e68b86 (patch) | |
| tree | 4eb9761eee69ce7ca322d9743f80dda6dba34534 /gtk/gtktreemodel.c | |
| parent | 74280fde6f26ec46c9d9cb5be074aaf2b8610021 (diff) | |
| download | gtk+-32e1c3b4d21eedc335666a069e0c954c98e68b86.tar.gz | |
Don't corrupt memory when faced with paths with ridiculously large
2007-01-08 Matthias Clasen <mclasen@redhat.com>
* gtk/gtktreemodel.c (gtk_tree_path_to_string): Don't
corrupt memory when faced with paths with ridiculously
large indices. Found by the GTKVTS test suite.
svn path=/trunk/; revision=17116
Diffstat (limited to 'gtk/gtktreemodel.c')
| -rw-r--r-- | gtk/gtktreemodel.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/gtk/gtktreemodel.c b/gtk/gtktreemodel.c index a34e2af2ff..88022b805b 100644 --- a/gtk/gtktreemodel.c +++ b/gtk/gtktreemodel.c @@ -494,22 +494,24 @@ gtk_tree_path_new_from_indices (gint first_index, gchar * gtk_tree_path_to_string (GtkTreePath *path) { - gchar *retval, *ptr; - gint i; + gchar *retval, *ptr, *end; + gint i, n; g_return_val_if_fail (path != NULL, NULL); if (path->depth == 0) return NULL; - ptr = retval = g_new0 (gchar, path->depth*8); - g_sprintf (retval, "%d", path->indices[0]); - while (*ptr != '\000') + n = path->depth * 12; + ptr = retval = g_new0 (gchar, n); + end = ptr + n; + g_snprintf (retval, end - ptr, "%d", path->indices[0]); + while (*ptr != '\000') ptr++; for (i = 1; i < path->depth; i++) { - g_sprintf (ptr, ":%d", path->indices[i]); + g_snprintf (ptr, end - ptr, ":%d", path->indices[i]); while (*ptr != '\000') ptr++; } |