Detect overflow and error out. Reported by Morten Welinder.

        * glib/gfileutils.c (get_contents_stdio): Detect overflow and
        error out. Reported by Morten Welinder.

svn path=/trunk/; revision=7194

diff --git a/ChangeLog b/ChangeLog
index 97b9c53..cf522ff 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 2008-07-16  Matthias Clasen  <mclasen@redhat.com>
 
+       Bug 482413 - get_contents_stdio -- overflow and memory corruption
+
+       * glib/gfileutils.c (get_contents_stdio): Detect overflow and
+       error out. Reported by Morten Welinder. 
+
+2008-07-16  Matthias Clasen  <mclasen@redhat.com>
+
        Bug 542332 – small fix for error message in GMarkup
        
        * glib/gmarkup.c: Improve an error message. 

diff --git a/glib/gfileutils.c b/glib/gfileutils.c
index b91760b..20df737 100644 (file)
--- a/glib/gfileutils.c
+++ b/glib/gfileutils.c
@@ -577,13 +577,28 @@ get_contents_stdio (const gchar *display_filename,
         }
 
       memcpy (str + total_bytes, buf, bytes);
+
+      if (total_bytes + bytes < total_bytes) 
+        {
+          g_set_error (error,
+                       G_FILE_ERROR,
+                       G_FILE_ERROR_FAILED,
+                       _("File \"%s\" is too large"),
+                       display_filename);
+
+          goto error;
+        }
+
       total_bytes += bytes;
     }
 
   fclose (f);
 
   if (total_allocated == 0)
-    str = g_new (gchar, 1);
+    {
+      str = g_new (gchar, 1);
+      total_bytes = 0;
+    }
 
   str[total_bytes] = '\0';