Philip Withnall 5e5f75a77e gstrfuncs: Add internal g_memdup2() function ... This will replace the existing `g_memdup()` function for use within GLib. It has an unavoidable security flaw of taking its `byte_size` argument as a `guint` rather than as a `gsize`. Most callers will expect it to be a `gsize`, and may pass in large values which could silently be truncated, resulting in an undersize allocation compared to what the caller expects. This could lead to a classic buffer overflow vulnerability for many callers of `g_memdup()`. `g_memdup2()`, in comparison, takes its `byte_size` as a `gsize`. Spotted by Kevin Backhouse of GHSL. In GLib 2.68, `g_memdup2()` will be a new public API. In this version for backport to older stable releases, it’s a new `static inline` API in a private header, so that use of `g_memdup()` within GLib can be fixed without adding a new API in a stable release series. Signed-off-by: Philip Withnall <pwithnall@endlessos.org> Helps: GHSL-2021-045 Helps: #2319		2021-02-04 17:06:04 +00:00
..
reference	gstrfuncs: Add internal g_memdup2() function	2021-02-04 17:06:04 +00:00
CODEOWNERS	CODEOWNERS: Add myself as co-owner of Windows stuff	2019-08-27 12:57:32 +05:30
debugging.txt	tree: Fix various typos and outdated terminology	2020-06-12 15:01:08 +01:00
macros.txt	Meson: Add glib_checks and glib_asserts options	2020-04-09 09:17:35 -04:00