From a6c36498ed0c6b8b79ddb8a2c39af16a70e456e1 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@gnome.org>
Date: Thu, 7 Nov 2024 14:08:11 +0000
Subject: [PATCH] ghostutils: Limit punycode decoding output length

It uses a `GArray` to build up the output, and the size of that is
limited to a `guint`, so add an assertion to make sure the code never
requests anything bigger.

Fixes a `-Wshorten-64-to-32` warning.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #3527
---
 glib/ghostutils.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/glib/ghostutils.c b/glib/ghostutils.c
index 65b5b9fe5..5c8d2c841 100644
--- a/glib/ghostutils.c
+++ b/glib/ghostutils.c
@@ -35,6 +35,7 @@
 #include "gmessages.h"
 #include "gstring.h"
 #include "gstrfuncs.h"
+#include "gtestutils.h"
 #include "glibintl.h"
 
 #ifdef G_PLATFORM_WIN32
@@ -587,8 +588,10 @@ punycode_decode (const gchar *input,
     split--;
   if (split > input)
     {
+      g_assert ((guint) (split - input) <= G_MAXUINT);
+
       output_chars = g_array_sized_new (FALSE, FALSE, sizeof (gunichar),
-					split - input);
+					(guint) (split - input));
       input_length -= (split - input) + 1;
       while (input < split)
 	{