50 lines
1.3 KiB
Diff
50 lines
1.3 KiB
Diff
|
From 3d9cc103308bc50938b65acb9814850208133112 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Philip Withnall <pwithnall@gnome.org>
|
||
|
|
Date: Sun, 30 Mar 2025 21:49:05 +0100
|
||
|
|
Subject: [PATCH] gspawn-win32: Fix potential integer overflows in argv
|
||
|
|
handling
|
||
|
|
|
||
|
|
This can happen if a user passes a ludicrously long string to argv.
|
||
|
|
|
||
|
|
Spotted by chamalsl as #YWH-PGM9867-48.
|
||
|
|
|
||
|
|
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
|
||
|
|
---
|
||
|
|
glib/gspawn-win32-helper.c | 4 ++--
|
||
|
|
glib/gspawn-win32.c | 4 ++--
|
||
|
|
2 files changed, 4 insertions(+), 4 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/glib/gspawn-win32-helper.c b/glib/gspawn-win32-helper.c
|
||
|
|
index 35b25905cb..0dc56c0eec 100644
|
||
|
|
--- a/glib/gspawn-win32-helper.c
|
||
|
|
+++ b/glib/gspawn-win32-helper.c
|
||
|
|
@@ -80,8 +80,8 @@ protect_wargv (gint argc,
|
||
|
|
{
|
||
|
|
wchar_t *p = wargv[i];
|
||
|
|
wchar_t *q;
|
||
|
|
- gint len = 0;
|
||
|
|
- gint pre_bslash = 0;
|
||
|
|
+ size_t len = 0;
|
||
|
|
+ size_t pre_bslash = 0;
|
||
|
|
gboolean need_dblquotes = FALSE;
|
||
|
|
while (*p)
|
||
|
|
{
|
||
|
|
diff --git a/glib/gspawn-win32.c b/glib/gspawn-win32.c
|
||
|
|
index 96b8bafee6..3a9a308680 100644
|
||
|
|
--- a/glib/gspawn-win32.c
|
||
|
|
+++ b/glib/gspawn-win32.c
|
||
|
|
@@ -253,8 +253,8 @@ protect_argv_string (const gchar *string)
|
||
|
|
{
|
||
|
|
const gchar *p = string;
|
||
|
|
gchar *retval, *q;
|
||
|
|
- gint len = 0;
|
||
|
|
- gint pre_bslash = 0;
|
||
|
|
+ size_t len = 0;
|
||
|
|
+ size_t pre_bslash = 0;
|
||
|
|
gboolean need_dblquotes = FALSE;
|
||
|
|
while (*p)
|
||
|
|
{
|
||
|
|
--
|
||
|
|
GitLab
|
||
|
|
|