From: Philip Withnall <withnall@endlessm.com>
Date: Tue, 5 Dec 2017 11:59:32 +0000 (+0000)
Subject: glib-2.0: Fix potential null pointer dereference in string.joinv()
X-Git-Tag: 0.39.2~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fb005f46f772fcc8a149b6b538fca86036ed0c8d;p=thirdparty%2Fvala.git

glib-2.0: Fix potential null pointer dereference in string.joinv()

The logic in the ‘is the array null or empty’ check was disjunctive
rather than conjunctive. If (str_array == null), the condition would
have short-circuited and tried to evaluate str_array.length, which would
have crashed.

Coverity CID: #1462389 (spotted when scanning Tracker)

https://bugzilla.gnome.org/show_bug.cgi?id=791257
---

diff --git a/vapi/glib-2.0.vapi b/vapi/glib-2.0.vapi
index 8414293a5..21cac17a1 100644
--- a/vapi/glib-2.0.vapi
+++ b/vapi/glib-2.0.vapi
@@ -1092,7 +1092,7 @@ public class string {
 		if (separator == null) {
 			separator = "";
 		}
-		if (str_array != null || str_array.length > 0 || (str_array.length == -1 && str_array[0] != null)) {
+		if (str_array != null && (str_array.length > 0 || (str_array.length == -1 && str_array[0] != null))) {
 			int i;
 			size_t len = 1;
 			for (i = 0 ; (str_array.length != -1 && i < str_array.length) || (str_array.length == -1 && str_array[i] != null) ; i++) {