packages/glib2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2025-4056

Browse Source 
(cherry picked from commit cf493ed45f02c2d2612fd14d459ac13ce7cb9f10)
This commit is contained in:
hanhuihui 2025-05-07 03:03:21 +00:00 committed by openeuler-sync-bot
parent c660190582
commit 96b122c6e9
2 changed files with 54 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
backport-CVE-2025-4056.patch Normal file
View File

@ -0,0 +1,49 @@
From 3d9cc103308bc50938b65acb9814850208133112 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@gnome.org>
Date: Sun, 30 Mar 2025 21:49:05 +0100
Subject: [PATCH] gspawn-win32: Fix potential integer overflows in argv
handling
This can happen if a user passes a ludicrously long string to argv.
Spotted by chamalsl as #YWH-PGM9867-48.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
---
glib/gspawn-win32-helper.c | 4 ++--
glib/gspawn-win32.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/glib/gspawn-win32-helper.c b/glib/gspawn-win32-helper.c
index 35b25905cb..0dc56c0eec 100644
--- a/glib/gspawn-win32-helper.c
+++ b/glib/gspawn-win32-helper.c
@@ -80,8 +80,8 @@ protect_wargv (gint argc,
{
wchar_t *p = wargv[i];
wchar_t *q;
- gint len = 0;
- gint pre_bslash = 0;
+ size_t len = 0;
+ size_t pre_bslash = 0;
gboolean need_dblquotes = FALSE;
while (*p)
{
diff --git a/glib/gspawn-win32.c b/glib/gspawn-win32.c
index 96b8bafee6..3a9a308680 100644
--- a/glib/gspawn-win32.c
+++ b/glib/gspawn-win32.c
@@ -253,8 +253,8 @@ protect_argv_string (const gchar *string)
{
const gchar *p = string;
gchar *retval, *q;
- gint len = 0;
- gint pre_bslash = 0;
+ size_t len = 0;
+ size_t pre_bslash = 0;
gboolean need_dblquotes = FALSE;
while (*p)
{
--
GitLab

6
glib2.spec
View File

@ -1,6 +1,6 @@
Name: glib2
Version: 2.72.2
Release: 19
Release: 20
Summary: The core library that forms the basis for projects such as GTK+ and GNOME
License: LGPLv2+
URL: http://www.gtk.org
@ -89,6 +89,7 @@ patch6075: backport-gcontextspecificgroup-Wait-until-stop_func-is-done.patc
patch6076: backport-gsocketclient-Fix-a-use-after-free-in-g_socket_client_connected_callback.patch
patch6077: backport-gdbusmessage-Clean-the-cached-arg0-when-setting-the-message-body.patch
patch6078: backport-CVE-2024-52533.patch
patch6079: backport-CVE-2025-4056.patch
BuildRequires: chrpath gcc gcc-c++ gettext perl-interpreter
BUildRequires: glibc-devel libattr-devel libselinux-devel meson
@ -275,6 +276,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
%endif
%changelog
* Wed May 7 2025 hanhuihui <hanhuihui5@huawei.com> - 2.72.2-20
- fix CVE-2025-4056
* Tue Nov 12 2024 liningjie <liningjie@xfusion.com> - 2.72.2-19
- Fix CVE-2024-52533