From: Tobias Mueller <tobiasmue@gnome.org>
Date: Mon, 12 Apr 2010 17:22:43 +0000 (+0100)
Subject: gobject-introspection: Free allocated memory and fix format strings
X-Git-Tag: 0.9.1~38
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=368d71448acad0546efbb203c08a093ec43611a4;p=thirdparty%2Fvala.git

gobject-introspection: Free allocated memory and fix format strings

g_markup_printf_escaped allocates memory which now is free()d. Also,
move from g_string_append_printf to g_string_append because it has a
clearer and easier semantic and is less error prone. In fact, this fixes
potential format string vulnerabilties.

Fixes bug 615552.
---

diff --git a/gobject-introspection/gidlwriter.c b/gobject-introspection/gidlwriter.c
index cd6cbad2a..2c0cbaa5c 100644
--- a/gobject-introspection/gidlwriter.c
+++ b/gobject-introspection/gidlwriter.c
@@ -138,12 +138,14 @@ function_generate (GIdlWriter * writer, GIdlNodeFunction * node)
 			  "%s name=\"%s\"",
 			  tag_name, node->node.name);
 
-  if (node->node.type != G_IDL_NODE_CALLBACK)
-    g_string_append_printf (markup_s,
-			    g_markup_printf_escaped (" symbol=\"%s\"", node->symbol));
+  if (node->node.type != G_IDL_NODE_CALLBACK) {
+    gchar *tmp = g_markup_printf_escaped (" symbol=\"%s\"", node->symbol);
+    markup_s = g_string_append (markup_s, tmp);
+    g_free (tmp);
+  }
 
   if (node->deprecated)
-    g_string_append_printf (markup_s, " deprecated=\"1\"");
+    markup_s = g_string_append (markup_s, " deprecated=\"1\"");
 
   g_string_append (markup_s, ">\n");
 
@@ -388,18 +390,21 @@ enum_generate (GIdlWriter * writer, GIdlNodeEnum * node)
 			  "%s name=\"%s\"",
 			  tag_name, node->node.name);
 
-  if (node->gtype_name != NULL)
-    g_string_append_printf (markup_s,
-			    g_markup_printf_escaped (" type-name=\"%s\"", node->gtype_name));
-
-  if (node->gtype_init != NULL)
-    g_string_append_printf (markup_s,
-			    g_markup_printf_escaped (" get-type=\"%s\"", node->gtype_init));
+  if (node->gtype_name != NULL) {
+    gchar *tmp = g_markup_printf_escaped (" type-name=\"%s\"", node->gtype_name);
+    markup_s = g_string_append (markup_s, tmp);
+    g_free (tmp);
+  }
+  if (node->gtype_init != NULL) {
+    gchar *tmp = g_markup_printf_escaped (" get-type=\"%s\"", node->gtype_init);
+    markup_s = g_string_append (markup_s, tmp);
+    g_free(tmp);
+  }
 
   if (node->deprecated)
-    g_string_append_printf (markup_s, " deprecated=\"1\"");
+    markup_s = g_string_append (markup_s, " deprecated=\"1\"");
 
-  g_string_append (markup_s, ">\n");
+  markup_s = g_string_append (markup_s, ">\n");
 
   g_writer_write_indent (writer, markup_s->str);
   g_string_free (markup_s, TRUE);