cssselector: Ensure we do not index out of bounds

This would only happen if the last element was deprecated, but it should be avoided anyway. CID 1388852 (#1 of 1): Out-of-bounds read (OVERRUN) 12. overrun-local: Overrunning array pseudo_classes of 16 32-byte elements at element index 16 (byte offset 512) using index i + 1U (which evaluates to 16).
2017-08-01 19:57:51 +01:00 · 2017-08-01 19:57:51 +01:00 · 6063a89235
commit 6063a89235
parent a381a06b12
1 changed files with 3 additions and 2 deletions
--- a/gtk/gtkcssselector.c
+++ b/gtk/gtkcssselector.c
@ -1142,8 +1142,8 @@ parse_selector_pseudo_class (GtkCssParser   *parser,
    { "visited",       0, GTK_STATE_FLAG_VISITED, },
    { "checked",       0, GTK_STATE_FLAG_CHECKED, },
    { "drop(active)",  0, GTK_STATE_FLAG_DROP_ACTIVE, }
-
  };
+
  guint i;

  if (_gtk_css_parser_try (parser, "nth-child", FALSE))
@ -1163,7 +1163,8 @@ parse_selector_pseudo_class (GtkCssParser   *parser,
              selector->state.state = pseudo_classes[i].state_flag;
              if (pseudo_classes[i].deprecated)
                {
-                  if (pseudo_classes[i + 1].state_flag == pseudo_classes[i].state_flag)
+                  if (i + 1 < G_N_ELEMENTS (pseudo_classes) &&
+                      pseudo_classes[i + 1].state_flag == pseudo_classes[i].state_flag)
                    _gtk_css_parser_error_full (parser,
                                                GTK_CSS_PROVIDER_ERROR_DEPRECATED,
                                                "The :%s pseudo-class is deprecated. Use :%s instead.",