From 3d9cc103308bc50938b65acb9814850208133112 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@gnome.org>
Date: Sun, 30 Mar 2025 21:49:05 +0100
Subject: [PATCH] gspawn-win32: Fix potential integer overflows in argv
 handling

This can happen if a user passes a ludicrously long string to argv.

Spotted by chamalsl as #YWH-PGM9867-48.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
---
 glib/gspawn-win32-helper.c | 4 ++--
 glib/gspawn-win32.c        | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/glib/gspawn-win32-helper.c b/glib/gspawn-win32-helper.c
index 35b25905c..0dc56c0ee 100644
--- a/glib/gspawn-win32-helper.c
+++ b/glib/gspawn-win32-helper.c
@@ -80,8 +80,8 @@ protect_wargv (gint       argc,
     {
       wchar_t *p = wargv[i];
       wchar_t *q;
-      gint len = 0;
-      gint pre_bslash = 0;
+      size_t len = 0;
+      size_t pre_bslash = 0;
       gboolean need_dblquotes = FALSE;
       while (*p)
 	{
diff --git a/glib/gspawn-win32.c b/glib/gspawn-win32.c
index 96b8bafee..3a9a30868 100644
--- a/glib/gspawn-win32.c
+++ b/glib/gspawn-win32.c
@@ -253,8 +253,8 @@ protect_argv_string (const gchar *string)
 {
   const gchar *p = string;
   gchar *retval, *q;
-  gint len = 0;
-  gint pre_bslash = 0;
+  size_t len = 0;
+  size_t pre_bslash = 0;
   gboolean need_dblquotes = FALSE;
   while (*p)
     {