diff options
| author | Alexandr Miloslavskiy <alexandr.miloslavskiy@syntevo.com> | 2019-11-21 20:26:22 +0100 |
|---|---|---|
| committer | Benjamin Otte <otte@redhat.com> | 2019-11-23 18:06:31 +0100 |
| commit | 1efb72210d6fb39d9de97d4d7a76251cd22cd54d (patch) | |
| tree | 05019c932c5309904aa1e0013b04d3ae161285f2 /testsuite | |
| parent | 3804d7a0cad18e1b064c02269509a9f5edd47b11 (diff) | |
| download | gtk+-1efb72210d6fb39d9de97d4d7a76251cd22cd54d.tar.gz | |
Fix crash in parse_border()
The bug was introduced in commit:
9b7640b8 by Benjamin Otte, 2012-03-26 17:24:02
styleproperty: Make _gtk_style_property_parse_value() return a CssValue
In that commit, `values` changed from `GValue*` to `GtkCssValue**`,
but one `!G_IS_VALUE (&values[8])` was left untouched. As a result,
if `border` shorthand contains anything after color, it might crash,
depending on memory layout.
New test included.
Fixes: #751
Diffstat (limited to 'testsuite')
| -rw-r--r-- | testsuite/css/parser/Makefile.am | 3 | ||||
| -rw-r--r-- | testsuite/css/parser/border-crash-3.24.css | 4 | ||||
| -rw-r--r-- | testsuite/css/parser/border-crash-3.24.errors | 1 | ||||
| -rw-r--r-- | testsuite/css/parser/border-crash-3.24.ref.css | 0 | ||||
| -rw-r--r-- | testsuite/css/parser/meson.build | 3 |
5 files changed, 11 insertions, 0 deletions
diff --git a/testsuite/css/parser/Makefile.am b/testsuite/css/parser/Makefile.am index 03aa9b638a..fcef37a44c 100644 --- a/testsuite/css/parser/Makefile.am +++ b/testsuite/css/parser/Makefile.am @@ -206,6 +206,9 @@ test_data = \ border-color.ref.css \ border-color-currentcolor.css \ border-color-currentcolor.ref.css \ + border-crash-3.24.css \ + border-crash-3.24.errors \ + border-crash-3.24.ref.css \ border-image-source.css \ border-image-source.ref.css \ border-image-repeat.css \ diff --git a/testsuite/css/parser/border-crash-3.24.css b/testsuite/css/parser/border-crash-3.24.css new file mode 100644 index 0000000000..971048e2a8 --- /dev/null +++ b/testsuite/css/parser/border-crash-3.24.css @@ -0,0 +1,4 @@ +* { + border: 2px solid alpha(black, 0.3) + padding: 2px; +} diff --git a/testsuite/css/parser/border-crash-3.24.errors b/testsuite/css/parser/border-crash-3.24.errors new file mode 100644 index 0000000000..c49f1d071a --- /dev/null +++ b/testsuite/css/parser/border-crash-3.24.errors @@ -0,0 +1 @@ +border-crash-3.24.css:3: error: GTK_CSS_PROVIDER_ERROR_SYNTAX diff --git a/testsuite/css/parser/border-crash-3.24.ref.css b/testsuite/css/parser/border-crash-3.24.ref.css new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/testsuite/css/parser/border-crash-3.24.ref.css diff --git a/testsuite/css/parser/meson.build b/testsuite/css/parser/meson.build index 7e60bb8b41..d3bbdae17b 100644 --- a/testsuite/css/parser/meson.build +++ b/testsuite/css/parser/meson.build @@ -181,6 +181,9 @@ test_data = [ 'border-color-currentcolor.ref.css', 'border-color.css', 'border-color.ref.css', + 'border-crash-3.24.css', + 'border-crash-3.24.errors', + 'border-crash-3.24.ref.css', 'border-image-repeat.css', 'border-image-repeat.ref.css', 'border-image-slice.css', |