[Xfce4-commits] [apps/xfdashboard] 01/01: Add call depth counter for function resolving CSS @-identifier to detect possible indefinite recursion and stop parsing CSS file because it is handled as an error.

noreply at xfce.org noreply at xfce.org
Wed Apr 12 09:21:05 CEST 2017 

This is an automated email from the git hooks/post-receive script.

nomad pushed a commit to branch master
in repository apps/xfdashboard.

commit c63d267bac0f412bdaae644c9bb1f874dbf9cf23
Author: Stephan Haller <nomad at froevel.de>
Date:   Wed Apr 12 09:19:09 2017 +0200

    Add call depth counter for function resolving CSS @-identifier to detect possible indefinite recursion and stop parsing CSS file because it is handled as an error.
    
    This commit fixes GH #143
---
 libxfdashboard/theme-css.c | 30 ++++++++++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/libxfdashboard/theme-css.c b/libxfdashboard/theme-css.c
index 36a055f..822f4cb 100644
--- a/libxfdashboard/theme-css.c
+++ b/libxfdashboard/theme-css.c
@@ -1446,13 +1446,36 @@ static gchar* _xfdashboard_theme_css_resolve_at_identifier_by_string(Xfdashboard
 																		GScanner *inScopeScanner,
 																		GList *inScopeSelectors)
 {
-	GScanner	*scanner;
-	gchar		*value;
+	GScanner		*scanner;
+	gchar			*value;
+	static gint		callDepth=0;
 
 	g_return_val_if_fail(XFDASHBOARD_IS_THEME_CSS(self), NULL);
 	g_return_val_if_fail(inScopeScanner, NULL);
 	g_return_val_if_fail(inText, NULL);
 
+	/* Increment call depth and check if it is too deep now to avoid recursive
+	 * resolves of '@' identifier definitions.
+	 */
+	callDepth++;
+	if(callDepth>128)
+	{
+		gchar		*error;
+
+		error=g_strdup_printf(_("Possible recursion detected because call depth is too deep while resolving '%s'"),
+								inText);
+		g_scanner_unexp_token(inScopeScanner,
+								G_TOKEN_ERROR,
+								NULL,
+								NULL,
+								NULL,
+								error,
+								FALSE);
+		g_free(error);
+
+		return(NULL);
+	}
+
 	/* Create scanner to resolve value of '@' identifier */
 	scanner=g_scanner_new(NULL);
 
@@ -1485,6 +1508,9 @@ static gchar* _xfdashboard_theme_css_resolve_at_identifier_by_string(Xfdashboard
 	/* Destroy scanner */
 	g_scanner_destroy(scanner);
 
+	/* Decrement call depth counter again */
+	callDepth--;
+
 	/* Return resolved '@' identifier which may be NULL in case of error */
 	return(value);
 }

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Xfce4-commits mailing list