From fb005f46f772fcc8a149b6b538fca86036ed0c8d Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Tue, 5 Dec 2017 11:59:32 +0000 Subject: [PATCH] glib-2.0: Fix potential null pointer dereference in string.joinv() MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The logic in the ‘is the array null or empty’ check was disjunctive rather than conjunctive. If (str_array == null), the condition would have short-circuited and tried to evaluate str_array.length, which would have crashed. Coverity CID: #1462389 (spotted when scanning Tracker) https://bugzilla.gnome.org/show_bug.cgi?id=791257 --- vapi/glib-2.0.vapi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vapi/glib-2.0.vapi b/vapi/glib-2.0.vapi index 8414293a5..21cac17a1 100644 --- a/vapi/glib-2.0.vapi +++ b/vapi/glib-2.0.vapi @@ -1092,7 +1092,7 @@ public class string { if (separator == null) { separator = ""; } - if (str_array != null || str_array.length > 0 || (str_array.length == -1 && str_array[0] != null)) { + if (str_array != null && (str_array.length > 0 || (str_array.length == -1 && str_array[0] != null))) { int i; size_t len = 1; for (i = 0 ; (str_array.length != -1 && i < str_array.length) || (str_array.length == -1 && str_array[i] != null) ; i++) { -- 2.47.3