projects / gtk4.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e3c3cbb) | patch
Fix crash in parse_border()
authorAlexandr Miloslavskiy <alexandr.miloslavskiy@syntevo.com>
Thu, 21 Nov 2019 19:26:22 +0000 (20:26 +0100)
committerBenjamin Otte <otte@redhat.com>
Sat, 23 Nov 2019 17:15:19 +0000 (18:15 +0100)
commitfd1630e049e1b9d670d1b16ab9801628f638dd86
tree6ac0bf185ac4c787d8614bfb19b0f759bd083b0btree | snapshot
parente3c3cbbbcb4706203fe33b2eb471123242a7b89fcommit | diff
Fix crash in parse_border()

The bug was introduced in commit:
9b7640b8 by Benjamin Otte, 2012-03-26 17:24:02
styleproperty: Make _gtk_style_property_parse_value() return a CssValue

In that commit, `values` changed from `GValue*` to `GtkCssValue**`,
but one `!G_IS_VALUE (&values[8])` was left untouched. As a result,
if `border` shorthand contains anything after color, it might crash,
depending on memory layout.

New test included.

Fixes: #751
gtk/gtkcssshorthandpropertyimpl.c diff | blob | history
testsuite/css/parser/border-crash-3.24.css [new file with mode: 0644] blob
testsuite/css/parser/border-crash-3.24.errors [new file with mode: 0644] blob
testsuite/css/parser/border-crash-3.24.ref.css [new file with mode: 0644] blob
testsuite/css/parser/meson.build diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.