From ab1b117d91c77c6bffd93f324c0c81cf63113b27 Mon Sep 17 00:00:00 2001 From: Michael Catanzaro Date: Mon, 21 Dec 2020 15:35:51 -0600 Subject: [PATCH] Fix buffer overruns in 'gtk-builder-tool simplify' Oops, here we allocate only one byte for each pointer we want to store. We need to multiply by the size of a pointer. --- gtk/tools/gtk-builder-tool-simplify.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gtk/tools/gtk-builder-tool-simplify.c b/gtk/tools/gtk-builder-tool-simplify.c index 151488f272..0541207a97 100644 --- a/gtk/tools/gtk-builder-tool-simplify.c +++ b/gtk/tools/gtk-builder-tool-simplify.c @@ -507,8 +507,8 @@ set_attribute_value (Element *element, } len = g_strv_length (element->attribute_names); - element->attribute_names = g_realloc (element->attribute_names, len + 2); - element->attribute_values = g_realloc (element->attribute_values, len + 2); + element->attribute_names = g_realloc_n (element->attribute_names, len + 2, sizeof (char *)); + element->attribute_values = g_realloc_n (element->attribute_values, len + 2, sizeof (char *)); element->attribute_names[len] = g_strdup (name); element->attribute_values[len] = g_strdup (value); element->attribute_names[len + 1] = NULL;