mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2025-12-19 22:55:16 +01:00
1909d8ea92
The number of invalid characters in the byte string (characters which would have to be percent-encoded) was only stored in an `int`, which gave the possibility of a long string largely full of invalid characters overflowing this and allowing an attacker-controlled buffer size to be allocated. This could be triggered by an attacker controlled file attribute (of type `G_FILE_ATTRIBUTE_TYPE_BYTE_STRING`), such as `G_FILE_ATTRIBUTE_THUMBNAIL_PATH` or `G_FILE_ATTRIBUTE_STANDARD_NAME`, being read by user code. Spotted by Codean Labs. Signed-off-by: Philip Withnall <pwithnall@gnome.org> Fixes: #3845
21 KiB
21 KiB