Detect overflow and error out. Reported by Morten Welinder.

* glib/gfileutils.c (get_contents_stdio): Detect overflow and error out. Reported by Morten Welinder. svn path=/trunk/; revision=7194
2025-02-24 03:02:10 +01:00 · 2008-07-16 21:42:48 +00:00 · 2008-07-16 21:42:48 +00:00 · 6c2c99aa0e
commit 6c2c99aa0e
parent c0dbb1c772
2 changed files with 23 additions and 1 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+2008-07-16  Matthias Clasen  <mclasen@redhat.com>
+
+	Bug 482413 - get_contents_stdio -- overflow and memory corruption
+
+	* glib/gfileutils.c (get_contents_stdio): Detect overflow and
+	error out. Reported by Morten Welinder. 
+
 2008-07-16  Matthias Clasen  <mclasen@redhat.com>

 	Bug 542332 – small fix for error message in GMarkup
--- a/glib/gfileutils.c
+++ b/glib/gfileutils.c
@ -577,13 +577,28 @@ get_contents_stdio (const gchar *display_filename,
        }

      memcpy (str + total_bytes, buf, bytes);
+
+      if (total_bytes + bytes < total_bytes) 
+        {
+          g_set_error (error,
+                       G_FILE_ERROR,
+                       G_FILE_ERROR_FAILED,
+                       _("File \"%s\" is too large"),
+                       display_filename);
+
+          goto error;
+        }
+
      total_bytes += bytes;
    }

  fclose (f);

  if (total_allocated == 0)
-    str = g_new (gchar, 1);
+    {
+      str = g_new (gchar, 1);
+      total_bytes = 0;
+    }

  str[total_bytes] = '\0';