From 3370260a13c65ebe45e19d5397dc10d66673f953 Mon Sep 17 00:00:00 2001
From: Havoc Pennington <hp@pobox.com>
Date: Tue, 29 Jan 2002 03:42:23 +0000
Subject: [PATCH] NULL-terminate context->attr_values so g_strfreev() is safe.
 Would

2002-01-28  Havoc Pennington  <hp@pobox.com>

	* glib/gmarkup.c (add_attribute): NULL-terminate
	context->attr_values so g_strfreev() is safe.
	Would previously crash if parsing was ended prior
	to ending the start tag.
	(g_markup_parse_context_parse): add a couple assertions
---
 ChangeLog          | 8 ++++++++
 ChangeLog.pre-2-0  | 8 ++++++++
 ChangeLog.pre-2-10 | 8 ++++++++
 ChangeLog.pre-2-12 | 8 ++++++++
 ChangeLog.pre-2-2  | 8 ++++++++
 ChangeLog.pre-2-4  | 8 ++++++++
 ChangeLog.pre-2-6  | 8 ++++++++
 ChangeLog.pre-2-8  | 8 ++++++++
 glib/gmarkup.c     | 9 +++++++--
 9 files changed, 71 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index dff6a783..f5583795 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2002-01-28  Havoc Pennington  <hp@pobox.com>
+
+	* glib/gmarkup.c (add_attribute): NULL-terminate
+	context->attr_values so g_strfreev() is safe. 
+	Would previously crash if parsing was ended prior 
+	to ending the start tag.
+	(g_markup_parse_context_parse): add a couple assertions
+
 2002-01-28  Havoc Pennington  <hp@redhat.com>
 
 	* glib/gmacros.h: get rid of warning here
diff --git a/ChangeLog.pre-2-0 b/ChangeLog.pre-2-0
index dff6a783..f5583795 100644
--- a/ChangeLog.pre-2-0
+++ b/ChangeLog.pre-2-0
@@ -1,3 +1,11 @@
+2002-01-28  Havoc Pennington  <hp@pobox.com>
+
+	* glib/gmarkup.c (add_attribute): NULL-terminate
+	context->attr_values so g_strfreev() is safe. 
+	Would previously crash if parsing was ended prior 
+	to ending the start tag.
+	(g_markup_parse_context_parse): add a couple assertions
+
 2002-01-28  Havoc Pennington  <hp@redhat.com>
 
 	* glib/gmacros.h: get rid of warning here
diff --git a/ChangeLog.pre-2-10 b/ChangeLog.pre-2-10
index dff6a783..f5583795 100644
--- a/ChangeLog.pre-2-10
+++ b/ChangeLog.pre-2-10
@@ -1,3 +1,11 @@
+2002-01-28  Havoc Pennington  <hp@pobox.com>
+
+	* glib/gmarkup.c (add_attribute): NULL-terminate
+	context->attr_values so g_strfreev() is safe. 
+	Would previously crash if parsing was ended prior 
+	to ending the start tag.
+	(g_markup_parse_context_parse): add a couple assertions
+
 2002-01-28  Havoc Pennington  <hp@redhat.com>
 
 	* glib/gmacros.h: get rid of warning here
diff --git a/ChangeLog.pre-2-12 b/ChangeLog.pre-2-12
index dff6a783..f5583795 100644
--- a/ChangeLog.pre-2-12
+++ b/ChangeLog.pre-2-12
@@ -1,3 +1,11 @@
+2002-01-28  Havoc Pennington  <hp@pobox.com>
+
+	* glib/gmarkup.c (add_attribute): NULL-terminate
+	context->attr_values so g_strfreev() is safe. 
+	Would previously crash if parsing was ended prior 
+	to ending the start tag.
+	(g_markup_parse_context_parse): add a couple assertions
+
 2002-01-28  Havoc Pennington  <hp@redhat.com>
 
 	* glib/gmacros.h: get rid of warning here
diff --git a/ChangeLog.pre-2-2 b/ChangeLog.pre-2-2
index dff6a783..f5583795 100644
--- a/ChangeLog.pre-2-2
+++ b/ChangeLog.pre-2-2
@@ -1,3 +1,11 @@
+2002-01-28  Havoc Pennington  <hp@pobox.com>
+
+	* glib/gmarkup.c (add_attribute): NULL-terminate
+	context->attr_values so g_strfreev() is safe. 
+	Would previously crash if parsing was ended prior 
+	to ending the start tag.
+	(g_markup_parse_context_parse): add a couple assertions
+
 2002-01-28  Havoc Pennington  <hp@redhat.com>
 
 	* glib/gmacros.h: get rid of warning here
diff --git a/ChangeLog.pre-2-4 b/ChangeLog.pre-2-4
index dff6a783..f5583795 100644
--- a/ChangeLog.pre-2-4
+++ b/ChangeLog.pre-2-4
@@ -1,3 +1,11 @@
+2002-01-28  Havoc Pennington  <hp@pobox.com>
+
+	* glib/gmarkup.c (add_attribute): NULL-terminate
+	context->attr_values so g_strfreev() is safe. 
+	Would previously crash if parsing was ended prior 
+	to ending the start tag.
+	(g_markup_parse_context_parse): add a couple assertions
+
 2002-01-28  Havoc Pennington  <hp@redhat.com>
 
 	* glib/gmacros.h: get rid of warning here
diff --git a/ChangeLog.pre-2-6 b/ChangeLog.pre-2-6
index dff6a783..f5583795 100644
--- a/ChangeLog.pre-2-6
+++ b/ChangeLog.pre-2-6
@@ -1,3 +1,11 @@
+2002-01-28  Havoc Pennington  <hp@pobox.com>
+
+	* glib/gmarkup.c (add_attribute): NULL-terminate
+	context->attr_values so g_strfreev() is safe. 
+	Would previously crash if parsing was ended prior 
+	to ending the start tag.
+	(g_markup_parse_context_parse): add a couple assertions
+
 2002-01-28  Havoc Pennington  <hp@redhat.com>
 
 	* glib/gmacros.h: get rid of warning here
diff --git a/ChangeLog.pre-2-8 b/ChangeLog.pre-2-8
index dff6a783..f5583795 100644
--- a/ChangeLog.pre-2-8
+++ b/ChangeLog.pre-2-8
@@ -1,3 +1,11 @@
+2002-01-28  Havoc Pennington  <hp@pobox.com>
+
+	* glib/gmarkup.c (add_attribute): NULL-terminate
+	context->attr_values so g_strfreev() is safe. 
+	Would previously crash if parsing was ended prior 
+	to ending the start tag.
+	(g_markup_parse_context_parse): add a couple assertions
+
 2002-01-28  Havoc Pennington  <hp@redhat.com>
 
 	* glib/gmacros.h: get rid of warning here
diff --git a/glib/gmarkup.c b/glib/gmarkup.c
index bf7ff376..f20ee368 100644
--- a/glib/gmarkup.c
+++ b/glib/gmarkup.c
@@ -732,6 +732,7 @@ add_attribute (GMarkupParseContext *context, char *name)
   context->attr_names[context->cur_attr] = name;
   context->attr_values[context->cur_attr] = NULL;
   context->attr_names[context->cur_attr+1] = NULL;
+  context->attr_values[context->cur_attr+1] = NULL;
 }
 
 /**
@@ -1196,8 +1197,12 @@ g_markup_parse_context_parse (GMarkupParseContext *context,
 		      g_free (context->attr_values[pos]);
 		      context->attr_names[pos] = context->attr_values[pos] = NULL;
 		    }
-                  context->cur_attr = -1;
-
+                  g_assert (context->cur_attr == -1);
+                  g_assert (context->attr_names == NULL ||
+                            context->attr_names[0] == NULL);
+                  g_assert (context->attr_values == NULL ||
+                            context->attr_values[0] == NULL);
+                  
                   if (tmp_error != NULL)
                     {
                       mark_error (context, tmp_error);
-- 
2.34.1