GNOME Bugzilla – Bug 491752
gtk_tree_path_new_from_string() needs range checking
Last modified: 2018-02-10 03:40:15 UTC
gtk_tree_path_new_from_string() uses a simple strtol() to parse out each component between the ":". This several problems: * The code doesn't check for overflow/underflow: strtol() will return LONG_MIN/LONG_MAX and set errno to ERANGE if it overflows. * The code assigns the result of strtol() to an int, without checking if it fits.
This is https://bugzilla.novell.com/show_bug.cgi?id=223606 as well.
Created attachment 99094 [details] [review] gtk2-bnc223606-bgo491752-tree-path-strtol-validation.diff
Created attachment 99098 [details] [review] gtk2-bnc223606-bgo491752-tree-path-strtol-validation.diff Ahem, #include <errno.h>
Nit picker's comments: 1. strtol is locale dependent, at least in principle. 2. testing errno against 0 is not good, I think. A succeeding libc function can change errno. 3. is g_warning really right here? They trigger for data errors here, not programmer's errors. 4. What about whitespace? It is allowed before numbers, but not after.
We're moving to gitlab! As part of this move, we are closing bugs that haven't seen activity in more than 5 years. If this issue is still imporant to you and still relevant with GTK+ 3.22 or master, please consider creating a gitlab issue for it.