From 4c5df54e39a69dad7e6feee4221ceb92bcd278db Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Mon, 27 Jul 2020 00:21:01 -0400 Subject: [PATCH] a11y: Be a bit safer against crashes We are collecting values from varargs and use them as indices into static arrays. We should at least do some bounds checking to prevent silly crashes. --- gtk/gtkaccessiblevalue.c | 18 ++++++++++++++++++ gtk/gtkaccessiblevaluestatic.c | 7 +++++++ 2 files changed, 25 insertions(+) diff --git a/gtk/gtkaccessiblevalue.c b/gtk/gtkaccessiblevalue.c index ed3a5c4879..21d9ae741a 100644 --- a/gtk/gtkaccessiblevalue.c +++ b/gtk/gtkaccessiblevalue.c @@ -904,6 +904,8 @@ gtk_accessible_value_get_default_for_state (GtkAccessibleState state) { const GtkAccessibleCollect *cstate = &collect_states[state]; + g_return_val_if_fail (state <= GTK_ACCESSIBLE_STATE_SELECTED, NULL); + switch (cstate->value) { case GTK_ACCESSIBLE_STATE_BUSY: @@ -1240,6 +1242,8 @@ gtk_accessible_value_collect_for_state (GtkAccessibleState state, { const GtkAccessibleCollect *cstate = &collect_states[state]; + g_return_val_if_fail (state <= GTK_ACCESSIBLE_STATE_SELECTED, NULL); + return gtk_accessible_value_collect_valist (cstate, args); } @@ -1259,6 +1263,8 @@ gtk_accessible_value_collect_for_state_value (GtkAccessibleState state, { const GtkAccessibleCollect *cstate = &collect_states[state]; + g_return_val_if_fail (state <= GTK_ACCESSIBLE_STATE_SELECTED, NULL); + return gtk_accessible_value_collect_value (cstate, value); } @@ -1276,6 +1282,8 @@ gtk_accessible_value_get_default_for_property (GtkAccessibleProperty property) { const GtkAccessibleCollect *cstate = &collect_props[property]; + g_return_val_if_fail (property <= GTK_ACCESSIBLE_PROPERTY_VALUE_TEXT, NULL); + switch (cstate->value) { /* Boolean properties */ @@ -1340,6 +1348,8 @@ gtk_accessible_value_collect_for_property (GtkAccessibleProperty property, { const GtkAccessibleCollect *cstate = &collect_props[property]; + g_return_val_if_fail (property <= GTK_ACCESSIBLE_PROPERTY_VALUE_TEXT, NULL); + return gtk_accessible_value_collect_valist (cstate, args); } @@ -1359,6 +1369,8 @@ gtk_accessible_value_collect_for_property_value (GtkAccessibleProperty property { const GtkAccessibleCollect *cstate = &collect_props[property]; + g_return_val_if_fail (property <= GTK_ACCESSIBLE_PROPERTY_VALUE_TEXT, NULL); + return gtk_accessible_value_collect_value (cstate, value); } @@ -1376,6 +1388,8 @@ gtk_accessible_value_get_default_for_relation (GtkAccessibleRelation relation) { const GtkAccessibleCollect *cstate = &collect_rels[relation]; + g_return_val_if_fail (relation <= GTK_ACCESSIBLE_RELATION_SET_SIZE, NULL); + switch (cstate->value) { /* References */ @@ -1429,6 +1443,8 @@ gtk_accessible_value_collect_for_relation (GtkAccessibleRelation relation, { const GtkAccessibleCollect *cstate = &collect_rels[relation]; + g_return_val_if_fail (relation <= GTK_ACCESSIBLE_RELATION_SET_SIZE, NULL); + return gtk_accessible_value_collect_valist (cstate, args); } @@ -1448,6 +1464,8 @@ gtk_accessible_value_collect_for_relation_value (GtkAccessibleRelation relation { const GtkAccessibleCollect *cstate = &collect_rels[relation]; + g_return_val_if_fail (relation <= GTK_ACCESSIBLE_RELATION_SET_SIZE, NULL); + return gtk_accessible_value_collect_value (cstate, value); } diff --git a/gtk/gtkaccessiblevaluestatic.c b/gtk/gtkaccessiblevaluestatic.c index f984b836b0..6d26ea2900 100644 --- a/gtk/gtkaccessiblevaluestatic.c +++ b/gtk/gtkaccessiblevaluestatic.c @@ -189,6 +189,9 @@ static GtkTristateAccessibleValue tristate_values[] = { GtkAccessibleValue * gtk_tristate_accessible_value_new (GtkAccessibleTristate value) { + g_return_val_if_fail (value >= GTK_ACCESSIBLE_TRISTATE_FALSE && + value <= GTK_ACCESSIBLE_TRISTATE_MIXED, NULL); + return gtk_accessible_value_ref ((GtkAccessibleValue *) &tristate_values[value]); } @@ -344,6 +347,10 @@ static GtkTokenAccessibleValue orientation_values[] = { GtkAccessibleValue * gtk_orientation_accessible_value_new (GtkOrientation value) { + g_return_val_if_fail (value >= GTK_ORIENTATION_HORIZONTAL && + value <= GTK_ORIENTATION_VERTICAL, + NULL); + return gtk_accessible_value_ref ((GtkAccessibleValue *) &orientation_values[value]); } -- 2.30.2