diff options
| author | Simon McVittie <smcv@collabora.com> | 2022-10-28 11:54:36 +0100 |
|---|---|---|
| committer | Simon McVittie <smcv@debian.org> | 2022-12-12 19:15:52 +0000 |
| commit | 1eed25617cf74e5dbbbcd18380188a3b8b8b7aa0 (patch) | |
| tree | f1d27002665a3039707afb6ca5161bd0896543f3 /common | |
| parent | 7a144248f2372f23b68b4420635daa1fd11683a8 (diff) | |
| download | flatpak-1eed25617cf74e5dbbbcd18380188a3b8b8b7aa0.tar.gz | |
Replace calls to g_memdup() with g_memdup2()
g_memdup() is subject to an integer overflow on 64-bit machines if the
object being copied is larger than UINT_MAX bytes. I suspect none of
these objects can actually be that large in practice, but it's easier
to replace all the calls than it is to assess whether we need to
replace them.
A backport in libglnx is used on systems where GLib is older than 2.68.x.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Diffstat (limited to 'common')
| -rw-r--r-- | common/flatpak-dir.c | 2 | ||||
| -rw-r--r-- | common/flatpak-utils.c | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c index 01362a2b..946a17c8 100644 --- a/common/flatpak-dir.c +++ b/common/flatpak-dir.c @@ -13002,7 +13002,7 @@ populate_hash_table_from_refs_map (GHashTable *ret_all_refs, continue; /* New timestamp is older, skip this commit */ } - new_timestamp = g_memdup (×tamp, sizeof (guint64)); + new_timestamp = g_memdup2 (×tamp, sizeof (guint64)); } g_hash_table_replace (ret_all_refs, g_steal_pointer (&decomposed), ostree_checksum_from_bytes (csum_bytes)); diff --git a/common/flatpak-utils.c b/common/flatpak-utils.c index c89cc63b..2d8d922b 100644 --- a/common/flatpak-utils.c +++ b/common/flatpak-utils.c @@ -3662,7 +3662,7 @@ _ostree_repo_static_delta_superblock_digest (OstreeRepo *repo, g_checksum_get_digest (checksum, digest, &len); return g_variant_new_from_data (G_VARIANT_TYPE ("ay"), - g_memdup (digest, len), len, + g_memdup2 (digest, len), len, FALSE, g_free, FALSE); } |