From d667ebe1568591bdd3c3cc23d751ffc5c0a3752c Mon Sep 17 00:00:00 2001 From: Sam Thursfield Date: Tue, 31 Mar 2015 12:59:43 -0400 Subject: [PATCH] core: Fix possible crash in ostree_mutable_tree_walk() If the starting index is beyond the end of the list, it's a programming error. Previously, the code was trying to raise a runtime error, but actually causing a segfault. This was detected by test code in test-mutable-tree.c, which is removed in this commit because it should now not be possible to crash here. https://bugzilla.gnome.org/747032 --- src/libostree/ostree-mutable-tree.c | 8 +++----- tests/test-mutable-tree.c | 7 ------- 2 files changed, 3 insertions(+), 12 deletions(-) diff --git a/src/libostree/ostree-mutable-tree.c b/src/libostree/ostree-mutable-tree.c index 26a1ca44..17bcdc9a 100644 --- a/src/libostree/ostree-mutable-tree.c +++ b/src/libostree/ostree-mutable-tree.c @@ -315,11 +315,9 @@ ostree_mutable_tree_walk (OstreeMutableTree *self, OstreeMutableTree **out_subdir, GError **error) { - if (start >= split_path->len) - { - return set_error_noent (error, (char*)split_path->pdata[start]); - } - else if (start == split_path->len - 1) + g_return_val_if_fail (start < split_path->len, FALSE); + + if (start == split_path->len - 1) { *out_subdir = g_object_ref (self); return TRUE; diff --git a/tests/test-mutable-tree.c b/tests/test-mutable-tree.c index ef2b6b5b..b0c23867 100644 --- a/tests/test-mutable-tree.c +++ b/tests/test-mutable-tree.c @@ -68,13 +68,6 @@ test_mutable_tree_walk (void) g_clear_error (&error); } - { - gs_unref_object OstreeMutableTree *subdir = NULL; - g_assert_false (ostree_mutable_tree_walk (tree, split_path, 10, &subdir, &error)); - g_assert_null (subdir); - g_clear_error (&error); - } - { gs_unref_object OstreeMutableTree *subdir = NULL; gs_unref_object OstreeMutableTree *a = NULL;