luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-08-23 17:38:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

gstring: Fix g_string_append_vprintf overflow

Browse Source 
The g_string_append_vprintf function could overflow with strings
which are INT_MAX bytes long. The eventual memcpy call copies INT_MAX
plus additional nul byte into newly allocated memory. This means
that due to signed integer overflow more bytes are copied than
could ever fit.
This commit is contained in:
Tobias Stoeckmann
2025-07-09 22:37:48 +02:00
parent 5da569a425
commit 1f06e086f3
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
glib/gstring.c
View File

@@ -1360,7 +1360,7 @@ g_string_append_vprintf (GString *string,
if (len >= 0)
{
g_string_maybe_expand (string, len);
memcpy (string->str + string->len, buf, len + 1);
memcpy (string->str + string->len, buf, (size_t) len + 1);
string->len += len;
g_free (buf);
}