gvariant: Propagate trust when getting a child of a serialised variant

If a variant is trusted, that means all its children are trusted, so
ensure that their checked offsets are set as such.

This allows a lot of the offset table checks to be avoided when getting
children from trusted serialised tuples, which speeds things up.

No unit test is included because this is just a performance fix. If
there are other slownesses, or regressions, in serialised `GVariant`
performance, the fuzzing setup will catch them like it did this one.

This change does reduce the time to run the oss-fuzz reproducer from 80s
to about 0.7s on my machine.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2841
oss-fuzz#54314

1 files changed, 2 insertions, 2 deletions

diff --git a/glib/gvariant-core.c b/glib/gvariant-core.c
index f441c4757..477802282 100644
--- a/glib/gvariant-core.c
+++ b/glib/gvariant-core.c
@@ -1198,8 +1198,8 @@ g_variant_get_child_value (GVariant *value,
     child->contents.serialised.bytes =
       g_bytes_ref (value->contents.serialised.bytes);
     child->contents.serialised.data = s_child.data;
-    child->contents.serialised.ordered_offsets_up_to = s_child.ordered_offsets_up_to;
-    child->contents.serialised.checked_offsets_up_to = s_child.checked_offsets_up_to;
+    child->contents.serialised.ordered_offsets_up_to = (value->state & STATE_TRUSTED) ? G_MAXSIZE : s_child.ordered_offsets_up_to;
+    child->contents.serialised.checked_offsets_up_to = (value->state & STATE_TRUSTED) ? G_MAXSIZE : s_child.checked_offsets_up_to;
 
     return child;
   }