diff options
| author | Simon McVittie <smcv@collabora.com> | 2022-10-28 11:54:36 +0100 |
|---|---|---|
| committer | Simon McVittie <smcv@debian.org> | 2022-12-12 19:15:52 +0000 |
| commit | 1eed25617cf74e5dbbbcd18380188a3b8b8b7aa0 (patch) | |
| tree | f1d27002665a3039707afb6ca5161bd0896543f3 | |
| parent | 7a144248f2372f23b68b4420635daa1fd11683a8 (diff) | |
| download | flatpak-1eed25617cf74e5dbbbcd18380188a3b8b8b7aa0.tar.gz | |
Replace calls to g_memdup() with g_memdup2()
g_memdup() is subject to an integer overflow on 64-bit machines if the
object being copied is larger than UINT_MAX bytes. I suspect none of
these objects can actually be that large in practice, but it's easier
to replace all the calls than it is to assess whether we need to
replace them.
A backport in libglnx is used on systems where GLib is older than 2.68.x.
Signed-off-by: Simon McVittie <smcv@collabora.com>
| -rw-r--r-- | app/flatpak-builtins-build-commit-from.c | 2 | ||||
| -rw-r--r-- | app/flatpak-complete.c | 4 | ||||
| -rw-r--r-- | common/flatpak-dir.c | 2 | ||||
| -rw-r--r-- | common/flatpak-utils.c | 2 |
4 files changed, 5 insertions, 5 deletions
diff --git a/app/flatpak-builtins-build-commit-from.c b/app/flatpak-builtins-build-commit-from.c index ef5601c3..5cfb83fb 100644 --- a/app/flatpak-builtins-build-commit-from.c +++ b/app/flatpak-builtins-build-commit-from.c @@ -129,7 +129,7 @@ static GVariant * new_bytearray (const guchar *data, gsize len) { - gpointer data_copy = g_memdup (data, len); + gpointer data_copy = g_memdup2 (data, len); GVariant *ret = g_variant_new_from_data (G_VARIANT_TYPE ("ay"), data_copy, len, FALSE, g_free, data_copy); diff --git a/app/flatpak-complete.c b/app/flatpak-complete.c index 8d671046..fad0638d 100644 --- a/app/flatpak-complete.c +++ b/app/flatpak-complete.c @@ -555,8 +555,8 @@ parse_completion_line_to_argv (const char *initial_completion_line, /* Make a shallow copy of argv, which will be our "working set" */ completion->argc = completion->original_argc; - completion->argv = g_memdup (completion->original_argv, - sizeof (gchar *) * (completion->original_argc + 1)); + completion->argv = g_memdup2 (completion->original_argv, + sizeof (gchar *) * (completion->original_argc + 1)); return parse_result; } diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c index 01362a2b..946a17c8 100644 --- a/common/flatpak-dir.c +++ b/common/flatpak-dir.c @@ -13002,7 +13002,7 @@ populate_hash_table_from_refs_map (GHashTable *ret_all_refs, continue; /* New timestamp is older, skip this commit */ } - new_timestamp = g_memdup (×tamp, sizeof (guint64)); + new_timestamp = g_memdup2 (×tamp, sizeof (guint64)); } g_hash_table_replace (ret_all_refs, g_steal_pointer (&decomposed), ostree_checksum_from_bytes (csum_bytes)); diff --git a/common/flatpak-utils.c b/common/flatpak-utils.c index c89cc63b..2d8d922b 100644 --- a/common/flatpak-utils.c +++ b/common/flatpak-utils.c @@ -3662,7 +3662,7 @@ _ostree_repo_static_delta_superblock_digest (OstreeRepo *repo, g_checksum_get_digest (checksum, digest, &len); return g_variant_new_from_data (G_VARIANT_TYPE ("ay"), - g_memdup (digest, len), len, + g_memdup2 (digest, len), len, FALSE, g_free, FALSE); } |