Merge branch 'sam/valid-utf8' into 'master'

Mandate that inputs are valid UTF8

See merge request GNOME/libmediaart!7

2 files changed, 41 insertions, 11 deletions

diff --git a/libmediaart/cache.c b/libmediaart/cache.c
index ecbc7a1..f91eda8 100644
--- a/libmediaart/cache.c
+++ b/libmediaart/cache.c
@@ -101,7 +101,7 @@ media_art_strip_find_next_block (const gchar    *original,
 
 /**
  * media_art_strip_invalid_entities:
- * @original: original string
+ * @original: (nullable): original string
  *
  * Strip a albumname or artistname string to prepare it for calculating the
  * media art path with it. Certain characters and charactersets will be stripped
@@ -115,8 +115,11 @@ media_art_strip_find_next_block (const gchar    *original,
  * 2. Text inside brackets of (), {}, [] and <> pairs are removed.
  * 3. Multiples of space characters are removed.
  *
+ * This function expects that the input is valid UTF-8. Use g_utf8_validate()
+ * if the input has not already been validated.
+ *
  * Returns: @original stripped of invalid characters which must be
- * freed. On error or if @original is empty, %NULL is returned.
+ * freed. On error or if @original is NULL, %NULL is returned.
  *
  * Since: 0.2.0
  */
@@ -140,7 +143,10 @@ media_art_strip_invalid_entities (const gchar *original)
 		{  0,   0  }
 	};
 
-	g_return_val_if_fail (original != NULL, NULL);
+	if (original == NULL)
+		return NULL;
+
+	g_return_val_if_fail (g_utf8_validate (original, -1, NULL), NULL);
 
 	str_no_blocks = g_string_new ("");
 
@@ -262,6 +268,9 @@ media_art_checksum_for_data (GChecksumType  checksum_type,
  * This operation should not use i/o, but it depends on the backend
  * GFile implementation.
  *
+ * All string inputs must be valid UTF8. Use g_utf8_validate() if the
+ * input has not already been validated.
+ *
  * Returns: %TRUE if @cache_file was returned, otherwise %FALSE.
  *
  * Since: 0.2.0
@@ -284,6 +293,10 @@ media_art_get_file (const gchar  *artist,
 
 	/* http://live.gnome.org/MediaArtStorageSpec */
 
+	g_return_val_if_fail (!artist || g_utf8_validate (artist, -1, NULL), FALSE);
+	g_return_val_if_fail (!title || g_utf8_validate (title, -1, NULL), FALSE);
+	g_return_val_if_fail (!prefix || g_utf8_validate (prefix, -1, NULL), FALSE);
+
 	if (cache_file) {
 		*cache_file = NULL;
 	}
@@ -369,6 +382,9 @@ media_art_get_file (const gchar  *artist,
  * Get the path to media art for a given resource. Newly allocated
  * data returned in @cache_path must be freed with g_free().
  *
+ * All string inputs must be valid UTF8. Use g_utf8_validate() if the
+ * input has not already been validated.
+ *
  * Returns: %TRUE if @cache_path was returned, otherwise %FALSE.
  *
  * Since: 0.2.0
@@ -381,6 +397,10 @@ media_art_get_path (const gchar  *artist,
 {
 	GFile *cache_file = NULL;
 
+	g_return_val_if_fail (!artist || g_utf8_validate (artist, -1, NULL), FALSE);
+	g_return_val_if_fail (!title || g_utf8_validate (title, -1, NULL), FALSE);
+	g_return_val_if_fail (!prefix || g_utf8_validate (prefix, -1, NULL), FALSE);
+
 	/* Rules:
 	 * 1. artist OR title must be non-NULL.
 	 * 2. cache_file must be non-NULL
@@ -407,6 +427,9 @@ media_art_get_path (const gchar  *artist,
  *
  * If @artist and @album are %NULL, ALL media art cache is removed.
  *
+ * All string inputs must be valid UTF8. Use g_utf8_validate() if the
+ * input has not already been validated.
+ *
  * Returns: #TRUE on success, otherwise #FALSE where @error will be set.
  *
  * Since: 0.2.0
@@ -424,6 +447,8 @@ media_art_remove (const gchar   *artist,
 	gboolean success = TRUE;
 
 	g_return_val_if_fail (artist != NULL && artist[0] != '\0', FALSE);
+	g_return_val_if_fail (g_utf8_validate (artist, -1, NULL), FALSE);
+	g_return_val_if_fail (!album || g_utf8_validate (album, -1, NULL), FALSE);
 
 	dirname = g_build_filename (g_get_user_cache_dir (), "media-art", NULL);
 
@@ -604,6 +629,9 @@ remove_thread (GTask        *task,
  * value) will be executed before an outstanding request with lower
  * priority. Default priority is %G_PRIORITY_DEFAULT.
  *
+ * All string inputs must be valid UTF8. Use g_utf8_validate() if the
+ * input has not already been validated.
+ *
  * Since: 0.7.0
  */
 void
diff --git a/tests/mediaarttest.c b/tests/mediaarttest.c
index cef36c2..93ac684 100644
--- a/tests/mediaarttest.c
+++ b/tests/mediaarttest.c
@@ -112,18 +112,20 @@ test_mediaart_stripping_failures_subprocess (void)
 static void
 test_mediaart_stripping_failures (void)
 {
-	gchar *stripped = NULL;
+	gchar *stripped, *input = NULL;
 
 	/* a. Return NULL for NULL (subprocess)
-	 * b. Return NULL for ""
+	 * b. Return a copy for ""
 	 */
-	stripped = media_art_strip_invalid_entities ("");
-	g_assert (stripped);
-	g_assert_cmpstr (stripped, ==, "");
+	stripped = media_art_strip_invalid_entities (NULL);
+	g_assert (!stripped);
 
-	g_test_trap_subprocess ("/mediaart/stripping_failures/subprocess", 0, 0);
-	g_test_trap_assert_failed ();
-	g_test_trap_assert_stderr ("*assertion 'original != NULL' failed*");
+	input = "";
+	stripped = media_art_strip_invalid_entities (input);
+	g_assert (stripped);
+	g_assert (stripped != input);
+	g_assert (strcmp(stripped, "") == 0);
+	g_free (stripped);
 }