gnome/nautilus
gnome/nautilus
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/nautilus synced 2024-06-30 23:46:35 +00:00
Code Issues Projects Releases Wiki Activity

files-view: Fix heap overflow

Browse Source 
Fix a heap overflow by designating the data type as a buffer instead
of a string in the case of a template copy and check for the operation
type to perform copying correctly.
This commit is contained in:
Khalid Abu Shawarib 2024-04-28 22:40:54 +03:00 committed by Peter Eisenmann
parent 2288345ba2
commit c57c9f57ae
6 changed files with 28 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/nautilus-file-operations.c
View File

@ -116,7 +116,7 @@ typedef struct
char *filename;
gboolean make_dir;
GFile *src;
char *src_data;
void *src_data;
int length;
gboolean new_mtime;
GFile *created_file;
@ -7118,7 +7118,7 @@ create_task_thread_func (GTask *task,
gboolean filename_is_utf8;
char *primary, *secondary, *details;
int response;
char *data;
void *data;
gsize length;
GFileOutputStream *out;
gboolean handled_invalid_filename;
@ -7254,7 +7254,7 @@ retry:
}
else
{
data = "";
data = NULL;
length = 0;
if (job->src_data)
{
@ -7694,7 +7694,7 @@ void
nautilus_file_operations_new_file (GtkWidget *parent_view,
const char *parent_dir,
const char *target_filename,
const char *initial_contents,
const void *initial_contents,
gsize length,
NautilusCreateCallback done_callback,
gpointer done_callback_data)

2
src/nautilus-file-operations.h
View File

@ -68,7 +68,7 @@ void nautilus_file_operations_new_folder (GtkWidget *paren
void nautilus_file_operations_new_file (GtkWidget *parent_view,
const char *parent_dir,
const char *target_filename,
const char *initial_contents,
const void *initial_contents,
gsize length,
NautilusCreateCallback done_callback,
gpointer data);

25
src/nautilus-file-undo-operations.c
View File

@ -805,9 +805,13 @@ struct _NautilusFileUndoInfoCreate
{
NautilusFileUndoInfo parent_instance;
char *template;
union
{
char *template;
void *buffer;
};
GFile *target_file;
gint length;
gsize length;
};
G_DEFINE_TYPE (NautilusFileUndoInfoCreate, nautilus_file_undo_info_create, NAUTILUS_TYPE_FILE_UNDO_INFO)
@ -1011,12 +1015,23 @@ nautilus_file_undo_info_create_new (NautilusFileUndoOp op_type)
void
nautilus_file_undo_info_create_set_data (NautilusFileUndoInfoCreate *self,
GFile *file,
const char *template,
const void *template,
gsize length)
{
NautilusFileUndoOp op_type = nautilus_file_undo_info_get_op_type (NAUTILUS_FILE_UNDO_INFO (self));
self->target_file = g_object_ref (file);
self->template = g_strdup (template);
self->length = length;
if (op_type == NAUTILUS_FILE_UNDO_OP_CREATE_EMPTY_FILE)
{
/* Operation name is a misnomer, it still can hold data to write to
* the newly created file. */
self->buffer = g_memdup2 (template, length);
self->length = length;
}
else if (op_type == NAUTILUS_FILE_UNDO_OP_CREATE_FILE_FROM_TEMPLATE)
{
self->template = g_strdup (template);
}
}
/* rename */

2
src/nautilus-file-undo-operations.h
View File

@ -119,7 +119,7 @@ G_DECLARE_FINAL_TYPE (NautilusFileUndoInfoCreate, nautilus_file_undo_info_create
NautilusFileUndoInfo *nautilus_file_undo_info_create_new (NautilusFileUndoOp op_type);
void nautilus_file_undo_info_create_set_data (NautilusFileUndoInfoCreate *self,
GFile *file,
const char *template,
const void *template,
gsize length);
/* rename */

2
src/nautilus-files-view.c
View File

@ -2373,7 +2373,7 @@ void
nautilus_files_view_new_file_with_initial_contents (NautilusFilesView *view,
const char *parent_uri,
const char *filename,
const char *initial_contents,
const void *initial_contents,
gsize length)
{
NewFolderData *data;

2
src/nautilus-files-view.h
View File

@ -148,7 +148,7 @@ void nautilus_file_view_save_image_from_texture (NautilusFilesVi
void nautilus_files_view_new_file_with_initial_contents (NautilusFilesView *view,
const char *parent_uri,
const char *filename,
const char *initial_contents,
const void *initial_contents,
gsize length);
/* selection handling */
void nautilus_files_view_activate_selection (NautilusFilesView *view,