GNOME Bugzilla – Bug 142794
gmarkup.c: advance_char
Last modified: 2004-12-22 21:47:04 UTC
See http://lists.gnome.org/archives/gtk-devel-list/2004-May/msg00085.html --- gmarkup.c.~1.27.~ Wed Oct 8 21:45:24 2003 +++ gmarkup.c Wed May 19 15:13:11 2004 @@ -662,16 +662,19 @@ static gboolean advance_char (GMarkupParseContext *context) { - context->iter = g_utf8_next_char (context->iter); context->char_number += 1; + + if (context->iter == context->current_text_end) + return FALSE; + if (*context->iter == '\n') { context->line_number += 1; context->char_number = 1; } - return context->iter != context->current_text_end; + return TRUE; } static gboolean
Hmm, it looks suspicious that the return value of advance_char is ignored in many places, e.g. case STATE_AFTER_ATTRIBUTE_EQUALS_SIGN: /* Possible next state: INSIDE_ATTRIBUTE_VALUE_[SQ/DQ] */ if (*context->iter == '"') { advance_char (context); context->state = STATE_INSIDE_ATTRIBUTE_VALUE_DQ; context->start = context->iter; } If advance_char moves iter off the buffer, then context->start will be invalid after this code...
I checked all advance_char calls and they all end up checking whether we are at the end of the buffer, most by getting to the "while" just outside the switch you quote above. So, I think the patch is good and complete, although you could add an initial g_return_val_if_fail (context->iter != context->current_text_end, FALSE) to advance_char if you feel like it.