From 6c2c99aa0ed3927f33ea02271d72deaef4c62ebd Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Wed, 16 Jul 2008 21:42:48 +0000 Subject: [PATCH] Detect overflow and error out. Reported by Morten Welinder. * glib/gfileutils.c (get_contents_stdio): Detect overflow and error out. Reported by Morten Welinder. svn path=/trunk/; revision=7194 --- ChangeLog | 7 +++++++ glib/gfileutils.c | 17 ++++++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 97b9c53..cf522ff 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ 2008-07-16 Matthias Clasen + Bug 482413 - get_contents_stdio -- overflow and memory corruption + + * glib/gfileutils.c (get_contents_stdio): Detect overflow and + error out. Reported by Morten Welinder. + +2008-07-16 Matthias Clasen + Bug 542332 – small fix for error message in GMarkup * glib/gmarkup.c: Improve an error message. diff --git a/glib/gfileutils.c b/glib/gfileutils.c index b91760b..20df737 100644 --- a/glib/gfileutils.c +++ b/glib/gfileutils.c @@ -577,13 +577,28 @@ get_contents_stdio (const gchar *display_filename, } memcpy (str + total_bytes, buf, bytes); + + if (total_bytes + bytes < total_bytes) + { + g_set_error (error, + G_FILE_ERROR, + G_FILE_ERROR_FAILED, + _("File \"%s\" is too large"), + display_filename); + + goto error; + } + total_bytes += bytes; } fclose (f); if (total_allocated == 0) - str = g_new (gchar, 1); + { + str = g_new (gchar, 1); + total_bytes = 0; + } str[total_bytes] = '\0'; -- 2.7.4