Fix buffer overruns in 'gtk-builder-tool simplify'

Oops, here we allocate only one byte for each pointer we want to store.
We need to multiply by the size of a pointer.

diff --git a/gtk/tools/gtk-builder-tool-simplify.c b/gtk/tools/gtk-builder-tool-simplify.c
index 151488f272f13a8300357174e1b1f8a36f139de1..0541207a97952791c83b2f180d104658910a6a66 100644 (file)
--- a/gtk/tools/gtk-builder-tool-simplify.c
+++ b/gtk/tools/gtk-builder-tool-simplify.c
@@ -507,8 +507,8 @@ set_attribute_value (Element *element,
     }
 
   len = g_strv_length (element->attribute_names);
-  element->attribute_names = g_realloc (element->attribute_names, len + 2);
-  element->attribute_values = g_realloc (element->attribute_values, len + 2);
+  element->attribute_names = g_realloc_n (element->attribute_names, len + 2, sizeof (char *));
+  element->attribute_values = g_realloc_n (element->attribute_values, len + 2, sizeof (char *));
   element->attribute_names[len] = g_strdup (name);
   element->attribute_values[len] = g_strdup (value);
   element->attribute_names[len + 1] = NULL;