core: Avoid possible buffer overruns

In some circumstances we may pass -1 as len to g_strndup(), that does not follow the "-1 means strlen()" convention. Do this ourselves. CIDs: #1530151, #1530152
author: Carlos Garnacho <carlosg@gnome.org> 2023-05-04 12:08:47 +0200
committer: Carlos Garnacho <carlosg@gnome.org> 2023-05-04 12:08:47 +0200
commit: 16ab9f02340cb2ded6dfd503eb476744b93fa13f (patch)
tree: fb863b3c082f29058f8e3176cf69cf5c745093a0
parent: 126fe9b4cbc95077db805e24bb689f22b56120b1 (diff)
download: tracker-16ab9f02340cb2ded6dfd503eb476744b93fa13f.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/src/libtracker-sparql/core/tracker-db-interface-sqlite.c b/src/libtracker-sparql/core/tracker-db-interface-sqlite.c
index 2aa493ca9..6b3482435 100644
--- a/src/libtracker-sparql/core/tracker-db-interface-sqlite.c
+++ b/src/libtracker-sparql/core/tracker-db-interface-sqlite.c
@@ -1639,13 +1639,15 @@ function_sparql_print_value (sqlite3_context *context,
 				sqlite3_result_value (context, argv[0]);
 			} else if (prop_type == TRACKER_PROPERTY_TYPE_DATE) {
 				const gchar *value, *end;
-				int len = -1;
+				gsize len;
 
 				value = sqlite3_value_text (argv[0]);
 				/* Drop time data if we are given a xsd:dateTime as a xsd:date */
 				end = strchr (value, 'T');
 				if (end)
 					len = end - value;
+				else
+					len = strlen (value);
 
 				sqlite3_result_text (context,
 				                     g_strndup (value, len),
author	Carlos Garnacho <carlosg@gnome.org>	2023-05-04 12:08:47 +0200
committer	Carlos Garnacho <carlosg@gnome.org>	2023-05-04 12:08:47 +0200
commit	16ab9f02340cb2ded6dfd503eb476744b93fa13f (patch)
tree	fb863b3c082f29058f8e3176cf69cf5c745093a0
parent	126fe9b4cbc95077db805e24bb689f22b56120b1 (diff)
download	tracker-16ab9f02340cb2ded6dfd503eb476744b93fa13f.tar.gz