dbus-marshal-basic: Assert that we are in-bounds after skipping items

We recommend disabling assertions in production builds of dbus, so it
is "cheap" to add them even in relatively fast-path locations.

Signed-off-by: Simon McVittie <smcv@collabora.com>

diff --git a/dbus/dbus-marshal-basic.c b/dbus/dbus-marshal-basic.c
index 3b22aa70be06429975d47587a32341e4b6e57f1d..6ebe5bd36d4a72a31221f0649b8f016029cfa01a 100644 (file)
--- a/dbus/dbus-marshal-basic.c
+++ b/dbus/dbus-marshal-basic.c
@@ -1193,6 +1193,10 @@ _dbus_marshal_skip_basic (const DBusString      *str,
       _dbus_assert_not_reached ("not a basic type");
       break;
     }
+
+  /* We had better still be in-bounds at this point (pointing either into
+   * the content of the string, or 1 past the logical length of the string) */
+  _dbus_assert (*pos <= _dbus_string_get_length (str));
 }
 
 /**
@@ -1230,6 +1234,10 @@ _dbus_marshal_skip_array (const DBusString  *str,
 
   /* Skip the actual array data */
   *pos = i + array_len;
+
+  /* We had better still be in-bounds at this point (pointing either into
+   * the content of the string, or 1 past the logical length of the string) */
+  _dbus_assert (*pos <= _dbus_string_get_length (str));
 }
 
 /**