From 5df314fa8f4ae6703876ed82bac340cce0495141 Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Mon, 2 May 2022 15:39:03 +0800 Subject: [PATCH 1/2] composetable: Add a missing NULL check gtk_compose_table_parse can return NULL. Handle it. --- gtk/gtkcomposetable.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gtk/gtkcomposetable.c b/gtk/gtkcomposetable.c index 7951b04c4d..4ec357fc97 100644 --- a/gtk/gtkcomposetable.c +++ b/gtk/gtkcomposetable.c @@ -1150,7 +1150,8 @@ parse: * is probably a copy of the system one, we take steps to keep things working, * and thell the user about it. */ - if (found_old_cache && !found_include && compose_table->n_sequences < 100) + if (found_old_cache && !found_include && + compose_table != NULL && compose_table->n_sequences < 100) { if (rewrite_compose_file (compose_file)) { From 2b183a9f4e90b7348380dab4ecd8141f608d8ae4 Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Mon, 2 May 2022 16:03:45 +0800 Subject: [PATCH 2/2] Reject compose tables that are too large The fixed-size format we use currently can only handle up to 32768 bytes of string data. If a compose file contains more, reject it with a warning. Fixes: #4873 --- gtk/gtkcomposetable.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/gtk/gtkcomposetable.c b/gtk/gtkcomposetable.c index 4ec357fc97..eda1e5ad5b 100644 --- a/gtk/gtkcomposetable.c +++ b/gtk/gtkcomposetable.c @@ -942,7 +942,12 @@ parser_get_compose_table (GtkComposeParser *parser) if (char_data->len > 0) g_string_append_c (char_data, 0); - g_assert (char_data->len < 0x8000); + if (char_data->len >= 0x8000) + { + g_warning ("GTK can't handle compose tables this large (%s)", parser->compose_file ? parser->compose_file : ""); + g_string_free (char_data, TRUE); + return NULL; + } encoded_value = (guint16) (char_data->len | 0x8000); g_string_append (char_data, value);