From 6c1e9f06f892407f667da6bd0c13ab6f3df92024 Mon Sep 17 00:00:00 2001
From: Christian Hergert <chergert@redhat.com>
Date: Wed, 26 Apr 2023 16:42:40 -0700
Subject: bufferoutputstream: be defensive about dereferencing nul byte

If we don't own the buffer, then we don't have a guarantee that the buffer
is one byte bigger than any count/length we've received. Mke sure to only
dereference that byte when we do.

Related #309
---
 gtksourceview/gtksourcebufferoutputstream.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gtksourceview/gtksourcebufferoutputstream.c b/gtksourceview/gtksourcebufferoutputstream.c
index 2816cb6d..566e96b9 100644
--- a/gtksourceview/gtksourcebufferoutputstream.c
+++ b/gtksourceview/gtksourcebufferoutputstream.c
@@ -705,7 +705,8 @@ validate_and_insert (GtkSourceBufferOutputStream *stream,
 
 			apply_error_tag (stream);
 
-			if ((nvalid != len || !owned) && buffer[nvalid] != '\0')
+			if (!owned ||
+			    (nvalid != len && buffer[nvalid] != '\0'))
 			{
 				/* make sure the buffer is always properly null
 				 * terminated. This is needed, at least for now,
-- 
cgit v1.2.1