From da5de1ba9969e5f307a6da11fe004db1f882d526 Mon Sep 17 00:00:00 2001
From: Benjamin Otte <otte@redhat.com>
Date: Sat, 30 Dec 2023 02:39:31 +0100
Subject: [PATCH] nodeparser: Fix SEGV in shadows parsing code

Testcase included

The code was writing invalid memory, so this might not have always
crashed, but I did my best to write the test so it causes a SEGV.

Also included is a fix for the testsuite where the expected result was
wrong.
---
 gsk/gskrendernodeparser.c                     | 2 +-
 testsuite/gsk/nodeparser/shadow-fail.errors   | 2 ++
 testsuite/gsk/nodeparser/shadow-fail.node     | 4 ++++
 testsuite/gsk/nodeparser/shadow-fail.ref.node | 9 ++++++++-
 4 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/gsk/gskrendernodeparser.c b/gsk/gskrendernodeparser.c
index 3b9a17d605..b9af8e5d9b 100644
--- a/gsk/gskrendernodeparser.c
+++ b/gsk/gskrendernodeparser.c
@@ -711,7 +711,7 @@ parse_shadows (GtkCssParser *parser,
 static void
 clear_shadows (gpointer inout_shadows)
 {
-  g_array_set_size (*(GArray **) inout_shadows, 0);
+  g_array_set_size (inout_shadows, 0);
 }
 
 static const struct
diff --git a/testsuite/gsk/nodeparser/shadow-fail.errors b/testsuite/gsk/nodeparser/shadow-fail.errors
index d6984612c1..0b5dea0c09 100644
--- a/testsuite/gsk/nodeparser/shadow-fail.errors
+++ b/testsuite/gsk/nodeparser/shadow-fail.errors
@@ -7,3 +7,5 @@
 <data>:3:11-13: error: GTK_CSS_PARSER_ERROR_UNKNOWN_VALUE
 <data>:3:13-14: error: GTK_CSS_PARSER_ERROR_SYNTAX
 <data>:3:13-14: error: GTK_CSS_PARSER_ERROR_UNKNOWN_VALUE
+<data>:7:22-24: error: GTK_CSS_PARSER_ERROR_SYNTAX
+<data>:7:2-8:1: error: GTK_CSS_PARSER_WARNING_SYNTAX
diff --git a/testsuite/gsk/nodeparser/shadow-fail.node b/testsuite/gsk/nodeparser/shadow-fail.node
index 5b851e7eb1..0435c2a570 100644
--- a/testsuite/gsk/nodeparser/shadow-fail.node
+++ b/testsuite/gsk/nodeparser/shadow-fail.node
@@ -2,3 +2,7 @@ shadow {
  shadows: 22;
  shadows: 22;
 }
+
+shadow {
+ shadows: blue 50 50 hi:
+}
diff --git a/testsuite/gsk/nodeparser/shadow-fail.ref.node b/testsuite/gsk/nodeparser/shadow-fail.ref.node
index 77e42196fb..da281baf80 100644
--- a/testsuite/gsk/nodeparser/shadow-fail.ref.node
+++ b/testsuite/gsk/nodeparser/shadow-fail.ref.node
@@ -1,5 +1,12 @@
 shadow {
-  shadows: rgb(0,0,0) 22 0, rgb(0,0,0) 22 0;
+  shadows: rgb(0,0,0) 22 0;
+  child: color {
+    bounds: 0 0 50 50;
+    color: rgb(255,0,204);
+  }
+}
+shadow {
+  shadows: rgb(0,0,0) 1 1;
   child: color {
     bounds: 0 0 50 50;
     color: rgb(255,0,204);