From e6490c84e84ba9f182fbd83b51ff4f9f5a0a1793 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 16 Aug 2023 03:42:47 +0000
Subject: [PATCH] gvariant: Port g_variant_deep_copy() to count its iterations
 directly

This is equivalent to what `GVariantIter` does, but it means that
`g_variant_deep_copy()` is making its own `g_variant_get_child_value()`
calls.

This will be useful in an upcoming commit, where those child values will
be inspected a little more deeply.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2121

CVE: CVE-2023-32665
Upstream-Status: Backport from [https://gitlab.gnome.org/GNOME/glib/-/commit/e6490c84e84ba9f182fbd83b51ff4f9f5a0a1793]
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
---
 glib/gvariant.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/glib/gvariant.c b/glib/gvariant.c
index cdb428e..fdd36be 100644
--- a/glib/gvariant.c
+++ b/glib/gvariant.c
@@ -5799,14 +5799,13 @@ g_variant_deep_copy (GVariant *value)
     case G_VARIANT_CLASS_VARIANT:
       {
         GVariantBuilder builder;
-        GVariantIter iter;
-        GVariant *child;
+        gsize i, n_children;
 
         g_variant_builder_init (&builder, g_variant_get_type (value));
-        g_variant_iter_init (&iter, value);
 
-        while ((child = g_variant_iter_next_value (&iter)))
+        for (i = 0, n_children = g_variant_n_children (value); i < n_children; i++)
           {
+            GVariant *child = g_variant_get_child_value (value, i);
             g_variant_builder_add_value (&builder, g_variant_deep_copy (child));
             g_variant_unref (child);
           }
-- 
2.24.4