packages/glib2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!39 Upgrade to 2.66.8

Browse Source 
From: @weijin-deng
Reviewed-by: @dwl301
Signed-off-by: @dwl301
This commit is contained in:
openeuler-ci-bot 2021-05-20 14:58:02 +08:00 committed by Gitee
commit 8ae14d3197
12 changed files with 10 additions and 1419 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
backport-0001-CVE-2021-28153.patch
View File

@ -1,28 +0,0 @@
From 78420a75aeb70569a8cd79fa0fea7b786b6f785f Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 24 Feb 2021 17:33:38 +0000
Subject: [PATCH 1/5] glocalfileoutputstream: Fix a typo in a comment
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885
---
gio/glocalfileoutputstream.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
index f34c3e439..e3d31d6b3 100644
--- a/gio/glocalfileoutputstream.c
+++ b/gio/glocalfileoutputstream.c
@@ -854,7 +854,7 @@ handle_overwrite_open (const char *filename,
mode = mode_from_flags_or_info (flags, reference_info);
/* We only need read access to the original file if we are creating a backup.
- * We also add O_CREATE to avoid a race if the file was just removed */
+ * We also add O_CREAT to avoid a race if the file was just removed */
if (create_backup || readable)
open_flags = O_RDWR | O_CREAT | O_BINARY;
else
--
GitLab

43
backport-0002-CVE-2021-28153.patch
View File

@ -1,43 +0,0 @@
From 32d3d02a50e7dcec5f4cf7908e7ac88d575d8fc5 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 24 Feb 2021 17:34:32 +0000
Subject: [PATCH 2/5] tests: Stop using g_test_bug_base() in file tests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Since a following commit is going to add a new test which references
Gitlab, so it鈥檚 best to move the URI bases inside the test cases.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885
---
gio/tests/file.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/gio/tests/file.c b/gio/tests/file.c
index d8769656c..39d51dadb 100644
--- a/gio/tests/file.c
+++ b/gio/tests/file.c
@@ -686,7 +686,7 @@ test_replace_cancel (void)
guint count;
GError *error = NULL;
- g_test_bug ("629301");
+ g_test_bug ("https://bugzilla.gnome.org/629301");
path = g_dir_make_tmp ("g_file_replace_cancel_XXXXXX", &error);
g_assert_no_error (error);
@@ -1785,8 +1785,6 @@ main (int argc, char *argv[])
{
g_test_init (&argc, &argv, NULL);
- g_test_bug_base ("http://bugzilla.gnome.org/");
-
g_test_add_func ("/file/basic", test_basic);
g_test_add_func ("/file/build-filename", test_build_filename);
g_test_add_func ("/file/parent", test_parent);
--
GitLab

59
backport-0003-CVE-2021-28153.patch
View File

@ -1,59 +0,0 @@
From ce0eb088a68171eed3ac217cb92a72e36eb57d1b Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 10 Mar 2021 16:05:55 +0000
Subject: [PATCH 3/5] glocalfileoutputstream: Factor out a flag check
This clarifies the code a little. It introduces no functional changes.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885
---
gio/glocalfileoutputstream.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
index beb8fee..8b087f7 100644
--- a/gio/glocalfileoutputstream.c
+++ b/gio/glocalfileoutputstream.c
@@ -847,6 +847,7 @@ handle_overwrite_open (const char *filename,
int res;
int mode;
int errsv;
+ gboolean replace_destination_set = (flags & G_FILE_CREATE_REPLACE_DESTINATION);
mode = mode_from_flags_or_info (flags, reference_info);
@@ -953,8 +954,8 @@ handle_overwrite_open (const char *filename,
* The second strategy consist simply in copying the old file
* to a backup file and rewrite the contents of the file.
*/
-
- if ((flags & G_FILE_CREATE_REPLACE_DESTINATION) ||
+
+ if (replace_destination_set ||
(!(original_stat.st_nlink > 1) && !is_symlink))
{
char *dirname, *tmp_filename;
@@ -973,7 +974,7 @@ handle_overwrite_open (const char *filename,
/* try to keep permissions (unless replacing) */
- if ( ! (flags & G_FILE_CREATE_REPLACE_DESTINATION) &&
+ if (!replace_destination_set &&
(
#ifdef HAVE_FCHOWN
fchown (tmpfd, original_stat.st_uid, original_stat.st_gid) == -1 ||
@@ -1112,7 +1113,7 @@ handle_overwrite_open (const char *filename,
}
}
- if (flags & G_FILE_CREATE_REPLACE_DESTINATION)
+ if (replace_destination_set)
{
g_close (fd, NULL);
--
2.23.0

283
backport-0004-CVE-2021-28153.patch
View File

@ -1,283 +0,0 @@
From 317b3b587058a05dca95d56dac26568c5b098d33 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 24 Feb 2021 17:36:07 +0000
Subject: [PATCH 4/5] glocalfileoutputstream: Fix CREATE_REPLACE_DESTINATION
with symlinks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The `G_FILE_CREATE_REPLACE_DESTINATION` flag is equivalent to unlinking
the destination file and re-creating it from scratch. That did
previously work, but in the process the code would call `open(O_CREAT)`
on the file. If the file was a dangling symlink, this would create the
destination file (empty). That鈥檚 not an intended side-effect, and has
security implications if the symlink is controlled by a lower-privileged
process.
Fix that by not opening the destination file if it鈥檚 a symlink, and
adjusting the rest of the code to cope with
- the fact that `fd == -1` is not an error iff `is_symlink` is true,
- and that `original_stat` will contain the `lstat()` results for the
symlink now, rather than the `stat()` results for its target (again,
iff `is_symlink` is true).
This means that the target of the dangling symlink is no longer created,
which was the bug. The symlink itself continues to be replaced (as
before) with the new file 鈥<> this is the intended behaviour of
`g_file_replace()`.
The behaviour for non-symlink cases, or cases where the symlink was not
dangling, should be unchanged.
Includes a unit test.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Fixes: #2325
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885
---
gio/glocalfileoutputstream.c | 65 +++++++++++++++------
gio/tests/file.c | 108 +++++++++++++++++++++++++++++++++++
2 files changed, 156 insertions(+), 17 deletions(-)
diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
index 8b087f7..e6edb5e 100644
--- a/gio/glocalfileoutputstream.c
+++ b/gio/glocalfileoutputstream.c
@@ -875,16 +875,22 @@ handle_overwrite_open (const char *filename,
/* Could be a symlink, or it could be a regular ELOOP error,
* but then the next open will fail too. */
is_symlink = TRUE;
- fd = g_open (filename, open_flags, mode);
+ if (!replace_destination_set)
+ fd = g_open (filename, open_flags, mode);
}
-#else
- fd = g_open (filename, open_flags, mode);
- errsv = errno;
+#else /* if !O_NOFOLLOW */
/* This is racy, but we do it as soon as possible to minimize the race */
is_symlink = g_file_test (filename, G_FILE_TEST_IS_SYMLINK);
+
+ if (!is_symlink || !replace_destination_set)
+ {
+ fd = g_open (filename, open_flags, mode);
+ errsv = errno;
+ }
#endif
- if (fd == -1)
+ if (fd == -1 &&
+ (!is_symlink || !replace_destination_set))
{
char *display_name = g_filename_display_name (filename);
g_set_error (error, G_IO_ERROR,
@@ -894,13 +900,26 @@ handle_overwrite_open (const char *filename,
g_free (display_name);
return -1;
}
-
+
+ if (!is_symlink)
+ {
#ifdef G_OS_WIN32
- res = GLIB_PRIVATE_CALL (g_win32_fstat) (fd, &original_stat);
+ res = GLIB_PRIVATE_CALL (g_win32_fstat) (fd, &original_stat);
#else
- res = fstat (fd, &original_stat);
+ res = fstat (fd, &original_stat);
#endif
- errsv = errno;
+ errsv = errno;
+ }
+ else
+ {
+#ifdef G_OS_WIN32
+ res = GLIB_PRIVATE_CALL (g_win32_fstat) (filename, &original_stat);
+#else
+ res = fstat (filename, &original_stat);
+#endif
+ errsv = errno;
+ }
+
if (res != 0)
{
@@ -917,16 +936,27 @@ handle_overwrite_open (const char *filename,
if (!S_ISREG (original_stat.st_mode))
{
if (S_ISDIR (original_stat.st_mode))
- g_set_error_literal (error,
- G_IO_ERROR,
- G_IO_ERROR_IS_DIRECTORY,
- _("Target file is a directory"));
- else
- g_set_error_literal (error,
+ {
+ g_set_error_literal (error,
+ G_IO_ERROR,
+ G_IO_ERROR_IS_DIRECTORY,
+ _("Target file is a directory"));
+ goto err_out;
+ }
+ else if (!is_symlink ||
+#ifdef S_ISLNK
+ !S_ISLNK (original_stat.st_mode)
+#else
+ FALSE
+#endif
+ )
+ {
+ g_set_error_literal (error,
G_IO_ERROR,
G_IO_ERROR_NOT_REGULAR_FILE,
_("Target file is not a regular file"));
- goto err_out;
+ goto err_out;
+ }
}
if (etag != NULL)
@@ -1007,7 +1037,8 @@ handle_overwrite_open (const char *filename,
}
}
- g_close (fd, NULL);
+ if (fd >= 0)
+ g_close (fd, NULL);
*temp_filename = tmp_filename;
return tmpfd;
}
diff --git a/gio/tests/file.c b/gio/tests/file.c
index d51ac6d..51b665f 100644
--- a/gio/tests/file.c
+++ b/gio/tests/file.c
@@ -804,6 +804,113 @@ test_replace_cancel (void)
g_object_unref (tmpdir);
}
+static void
+test_replace_symlink (void)
+{
+#ifdef G_OS_UNIX
+ gchar *tmpdir_path = NULL;
+ GFile *tmpdir = NULL, *source_file = NULL, *target_file = NULL;
+ GFileOutputStream *stream = NULL;
+ const gchar *new_contents = "this is a test message which should be written to source and not target";
+ gsize n_written;
+ GFileEnumerator *enumerator = NULL;
+ GFileInfo *info = NULL;
+ gchar *contents = NULL;
+ gsize length = 0;
+ GError *local_error = NULL;
+
+ g_test_bug ("https://gitlab.gnome.org/GNOME/glib/-/issues/2325");
+ g_test_summary ("Test that G_FILE_CREATE_REPLACE_DESTINATION doesnt follow symlinks");
+
+ /* Create a fresh, empty working directory. */
+ tmpdir_path = g_dir_make_tmp ("g_file_replace_symlink_XXXXXX", &local_error);
+ g_assert_no_error (local_error);
+ tmpdir = g_file_new_for_path (tmpdir_path);
+
+ g_test_message ("Using temporary directory %s", tmpdir_path);
+ g_free (tmpdir_path);
+
+ /* Create symlink `source` which points to `target`. */
+ source_file = g_file_get_child (tmpdir, "source");
+ target_file = g_file_get_child (tmpdir, "target");
+ g_file_make_symbolic_link (source_file, "target", NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ /* Ensure that `target` doesnt exist */
+ g_assert_false (g_file_query_exists (target_file, NULL));
+
+ /* Replace the `source` symlink with a regular file using
+ * %G_FILE_CREATE_REPLACE_DESTINATION, which should replace it *without*
+ * following the symlink */
+ stream = g_file_replace (source_file, NULL, FALSE /* no backup */,
+ G_FILE_CREATE_REPLACE_DESTINATION, NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ g_output_stream_write_all (G_OUTPUT_STREAM (stream), new_contents, strlen (new_contents),
+ &n_written, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_assert_cmpint (n_written, ==, strlen (new_contents));
+
+ g_output_stream_close (G_OUTPUT_STREAM (stream), NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ g_clear_object (&stream);
+
+ /* At this point, there should still only be one file: `source`. It should
+ * now be a regular file. `target` should not exist. */
+ enumerator = g_file_enumerate_children (tmpdir,
+ G_FILE_ATTRIBUTE_STANDARD_NAME ","
+ G_FILE_ATTRIBUTE_STANDARD_TYPE,
+ G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ info = g_file_enumerator_next_file (enumerator, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_assert_nonnull (info);
+
+ g_assert_cmpstr (g_file_info_get_name (info), ==, "source");
+ g_assert_cmpint (g_file_info_get_file_type (info), ==, G_FILE_TYPE_REGULAR);
+
+ g_clear_object (&info);
+
+ info = g_file_enumerator_next_file (enumerator, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_assert_null (info);
+
+ g_file_enumerator_close (enumerator, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_clear_object (&enumerator);
+
+ /* Double-check that `target` doesnt exist */
+ g_assert_false (g_file_query_exists (target_file, NULL));
+
+ /* Check the content of `source`. */
+ g_file_load_contents (source_file,
+ NULL,
+ &contents,
+ &length,
+ NULL,
+ &local_error);
+ g_assert_no_error (local_error);
+ g_assert_cmpstr (contents, ==, new_contents);
+ g_assert_cmpuint (length, ==, strlen (new_contents));
+ g_free (contents);
+
+ /* Tidy up. */
+ g_file_delete (source_file, NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ g_file_delete (tmpdir, NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ g_clear_object (&target_file);
+ g_clear_object (&source_file);
+ g_clear_object (&tmpdir);
+#else /* if !G_OS_UNIX */
+ g_test_skip ("Symlink replacement tests can only be run on Unix")
+#endif
+}
+
static void
on_file_deleted (GObject *object,
GAsyncResult *result,
@@ -1752,6 +1859,7 @@ main (int argc, char *argv[])
g_test_add_data_func ("/file/async-create-delete/4096", GINT_TO_POINTER (4096), test_create_delete);
g_test_add_func ("/file/replace-load", test_replace_load);
g_test_add_func ("/file/replace-cancel", test_replace_cancel);
+ g_test_add_func ("/file/replace-symlink", test_replace_symlink);
g_test_add_func ("/file/async-delete", test_async_delete);
#ifdef G_OS_UNIX
g_test_add_func ("/file/copy-preserve-mode", test_copy_preserve_mode);
--
2.23.0

56
backport-0005-CVE-2021-28153.patch
View File

@ -1,56 +0,0 @@
From 6c6439261bc7a8a0627519848a7222b3e1bd4ffe Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 24 Feb 2021 17:42:24 +0000
Subject: [PATCH 5/5] glocalfileoutputstream: Add a missing O_CLOEXEC flag to
replace()
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885
---
gio/glocalfileoutputstream.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
index a2c7e3cc0..4c512ea81 100644
--- a/gio/glocalfileoutputstream.c
+++ b/gio/glocalfileoutputstream.c
@@ -63,6 +63,12 @@
#define O_BINARY 0
#endif
+#ifndef O_CLOEXEC
+#define O_CLOEXEC 0
+#else
+#define HAVE_O_CLOEXEC 1
+#endif
+
struct _GLocalFileOutputStreamPrivate {
char *tmp_filename;
char *original_filename;
@@ -1239,7 +1245,7 @@ _g_local_file_output_stream_replace (const char *filename,
sync_on_close = FALSE;
/* If the file doesn't exist, create it */
- open_flags = O_CREAT | O_EXCL | O_BINARY;
+ open_flags = O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC;
if (readable)
open_flags |= O_RDWR;
else
@@ -1269,8 +1275,11 @@ _g_local_file_output_stream_replace (const char *filename,
set_error_from_open_errno (filename, error);
return NULL;
}
-
-
+#if !defined(HAVE_O_CLOEXEC) && defined(F_SETFD)
+ else
+ fcntl (fd, F_SETFD, FD_CLOEXEC);
+#endif
+
stream = g_object_new (G_TYPE_LOCAL_FILE_OUTPUT_STREAM, NULL);
stream->priv->fd = fd;
stream->priv->sync_on_close = sync_on_close;
--
GitLab

36
backport-CVE-2020-35457.patch
View File

@ -1,36 +0,0 @@
From 63c5b62f0a984fac9a9700b12f54fe878e016a5d Mon Sep 17 00:00:00 2001
From: Philip Withnall <withnall@endlessm.com>
Date: Wed, 2 Sep 2020 12:38:09 +0100
Subject: [PATCH] goption: Add a precondition to avoid GOptionEntry list
overflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
reason:Add a precondition to avoid GOptionEntry list overflow
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Fixes: #2197
---
glib/goption.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/glib/goption.c b/glib/goption.c
index 9f5b977c4..bb9093a33 100644
--- a/glib/goption.c
+++ b/glib/goption.c
@@ -2422,6 +2422,8 @@ g_option_group_add_entries (GOptionGroup *group,
for (n_entries = 0; entries[n_entries].long_name != NULL; n_entries++) ;
+ g_return_if_fail (n_entries <= G_MAXSIZE - group->n_entries);
+
group->entries = g_renew (GOptionEntry, group->entries, group->n_entries + n_entries);
/* group->entries could be NULL in the trivial case where we add no
--
GitLab

60
backport-CVE-2021-27218.patch
View File

@ -1,60 +0,0 @@
From acb7b0ec69f26a7df10af3992359890b09f076e8 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <qdlacz@gmail.com>
Date: Wed, 10 Feb 2021 23:51:07 +0100
Subject: [PATCH] gbytearray: Do not accept too large byte arrays
GByteArray uses guint for storing the length of the byte array, but it
also has a constructor (g_byte_array_new_take) that takes length as a
gsize. gsize may be larger than guint (64 bits for gsize vs 32 bits
for guint). It is possible to call the function with a value greater
than G_MAXUINT, which will result in silent length truncation. This
may happen as a result of unreffing GBytes into GByteArray, so rather
be loud about it.
(Test case tweaked by Philip Withnall.)
---
glib/garray.c | 6 ++++++
glib/gbytes.c | 4 ++++
2 files changed, 10 insertions(+)
diff --git a/glib/garray.c b/glib/garray.c
index de720210c..2b66f16a6 100644
--- a/glib/garray.c
+++ b/glib/garray.c
@@ -2261,6 +2261,10 @@ g_byte_array_steal (GByteArray *array,
* Create byte array containing the data. The data will be owned by the array
* and will be freed with g_free(), i.e. it could be allocated using g_strdup().
*
+ * Do not use it if @len is greater than %G_MAXUINT. #GByteArray
+ * stores the length of its data in #guint, which may be shorter than
+ * #gsize.
+ *
* Since: 2.32
*
* Returns: (transfer full): a new #GByteArray
@@ -2272,6 +2276,8 @@ g_byte_array_new_take (guint8 *data,
GByteArray *array;
GRealArray *real;
+ g_return_val_if_fail (len <= G_MAXUINT, NULL);
+
array = g_byte_array_new ();
real = (GRealArray *)array;
g_assert (real->data == NULL);
diff --git a/glib/gbytes.c b/glib/gbytes.c
index 00fd79155..aaadf451b 100644
--- a/glib/gbytes.c
+++ b/glib/gbytes.c
@@ -519,6 +519,10 @@ g_bytes_unref_to_data (GBytes *bytes,
* g_bytes_new(), g_bytes_new_take() or g_byte_array_free_to_bytes(). In all
* other cases the data is copied.
*
+ * Do not use it if @bytes contains more than %G_MAXUINT
+ * bytes. #GByteArray stores the length of its data in #guint, which
+ * may be shorter than #gsize, that @bytes is using.
+ *
* Returns: (transfer full): a new mutable #GByteArray containing the same byte data
*
* Since: 2.32
--
GitLab

808
backport-CVE-2021-27219.patch
View File

@ -1,808 +0,0 @@
From f8cf0b8672209e0b829542e194e302f1de169929 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 13:30:52 +0000
Subject: [PATCH 01/11] gstrfuncs: Add g_memdup2() function
This will replace the existing `g_memdup()` function, which has an
unavoidable security flaw of taking its `byte_size` argument as a
`guint` rather than as a `gsize`. Most callers will expect it to be a
`gsize`, and may pass in large values which could silently be truncated,
resulting in an undersize allocation compared to what the caller
expects.
This could lead to a classic buffer overflow vulnerability for many
callers of `g_memdup()`.
`g_memdup2()`, in comparison, takes its `byte_size` as a `gsize`.
Spotted by Kevin Backhouse of GHSL.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: GHSL-2021-045
Helps: #2319
reason:Fix CVE-2021-27219
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/20cfc75d148e3be0c026cc7eff3a9cdb72bf5c56
diff -Naur a/docs/reference/glib/glib-sections.txt b/docs/reference/glib/glib-sections.txt
--- a/docs/reference/glib/glib-sections.txt 2021-03-06 09:46:03.657000000 +0800
+++ b/docs/reference/glib/glib-sections.txt 2021-03-05 14:58:36.022000000 +0800
@@ -1275,6 +1275,7 @@
<SUBSECTION>
g_memmove
g_memdup
+g_memdup2
<SUBSECTION>
GMemVTable
diff -Naur a/gio/gdatainputstream.c b/gio/gdatainputstream.c
--- a/gio/gdatainputstream.c 2021-03-06 09:46:03.661000000 +0800
+++ b/gio/gdatainputstream.c 2021-03-05 15:10:26.335000000 +0800
@@ -856,7 +856,7 @@
scan_for_chars (GDataInputStream *stream,
gsize *checked_out,
const char *stop_chars,
- gssize stop_chars_len)
+ gsize stop_chars_len)
{
GBufferedInputStream *bstream;
const char *buffer;
@@ -952,7 +952,7 @@
gsize checked;
gchar *stop_chars;
- gssize stop_chars_len;
+ gsize stop_chars_len;
gsize length;
} GDataInputStreamReadData;
@@ -1078,12 +1078,16 @@
{
GDataInputStreamReadData *data;
GTask *task;
+ gsize stop_chars_len_unsigned;
data = g_slice_new0 (GDataInputStreamReadData);
- if (stop_chars_len == -1)
- stop_chars_len = strlen (stop_chars);
- data->stop_chars = g_memdup (stop_chars, stop_chars_len);
- data->stop_chars_len = stop_chars_len;
+ if (stop_chars_len < 0)
+ stop_chars_len_unsigned = strlen (stop_chars);
+ else
+ stop_chars_len_unsigned = (gsize) stop_chars_len;
+
+ data->stop_chars = g_memdup2 (stop_chars, stop_chars_len_unsigned);
+ data->stop_chars_len = stop_chars_len_unsigned;
data->last_saw_cr = FALSE;
task = g_task_new (stream, cancellable, callback, user_data);
@@ -1338,17 +1342,20 @@
gssize found_pos;
gssize res;
char *data_until;
+ gsize stop_chars_len_unsigned;
g_return_val_if_fail (G_IS_DATA_INPUT_STREAM (stream), NULL);
if (stop_chars_len < 0)
- stop_chars_len = strlen (stop_chars);
+ stop_chars_len_unsigned = strlen (stop_chars);
+ else
+ stop_chars_len_unsigned = (gsize) stop_chars_len;
bstream = G_BUFFERED_INPUT_STREAM (stream);
checked = 0;
- while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len)) == -1)
+ while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len_unsigned)) == -1)
{
if (g_buffered_input_stream_get_available (bstream) ==
g_buffered_input_stream_get_buffer_size (bstream))
diff -Naur a/gio/gdbusconnection.c b/gio/gdbusconnection.c
--- a/gio/gdbusconnection.c 2021-03-06 09:46:03.663000000 +0800
+++ b/gio/gdbusconnection.c 2021-03-05 15:14:19.973000000 +0800
@@ -3997,7 +3997,7 @@
/* Don't waste memory by copying padding - remember to update this
* when changing struct _GDBusInterfaceVTable in gdbusconnection.h
*/
- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer));
+ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer));
}
static void
@@ -4014,7 +4014,7 @@
/* Don't waste memory by copying padding - remember to update this
* when changing struct _GDBusSubtreeVTable in gdbusconnection.h
*/
- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer));
+ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer));
}
static void
diff -Naur a/gio/gdbusinterfaceskeleton.c b/gio/gdbusinterfaceskeleton.c
--- a/gio/gdbusinterfaceskeleton.c 2021-03-06 09:46:03.663000000 +0800
+++ b/gio/gdbusinterfaceskeleton.c 2021-03-05 15:36:52.369000000 +0800
@@ -701,7 +701,7 @@
* properly before building the hooked_vtable, so we create it
* once at the last minute.
*/
- interface_->priv->hooked_vtable = g_memdup (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable));
+ interface_->priv->hooked_vtable = g_memdup2 (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable));
interface_->priv->hooked_vtable->method_call = skeleton_intercept_handle_method_call;
}
diff -Naur a/gio/gfile.c b/gio/gfile.c
--- a/gio/gfile.c 2021-03-06 09:46:03.666000000 +0800
+++ b/gio/gfile.c 2021-03-05 15:44:25.759000000 +0800
@@ -7884,7 +7884,7 @@
g_main_context_invoke_full (g_task_get_context (task),
g_task_get_priority (task),
measure_disk_usage_invoke_progress,
- g_memdup (&progress, sizeof progress),
+ g_memdup2 (&progress, sizeof progress),
g_free);
}
@@ -7902,7 +7902,7 @@
data->progress_callback ? measure_disk_usage_progress : NULL, task,
&result.disk_usage, &result.num_dirs, &result.num_files,
&error))
- g_task_return_pointer (task, g_memdup (&result, sizeof result), g_free);
+ g_task_return_pointer (task, g_memdup2 (&result, sizeof result), g_free);
else
g_task_return_error (task, error);
}
@@ -7926,7 +7926,7 @@
task = g_task_new (file, cancellable, callback, user_data);
g_task_set_source_tag (task, g_file_real_measure_disk_usage_async);
- g_task_set_task_data (task, g_memdup (&data, sizeof data), g_free);
+ g_task_set_task_data (task, g_memdup2 (&data, sizeof data), g_free);
g_task_set_priority (task, io_priority);
g_task_run_in_thread (task, measure_disk_usage_thread);
diff -Naur a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
--- a/gio/gkeyfilesettingsbackend.c 2021-03-06 09:46:03.670000000 +0800
+++ b/gio/gkeyfilesettingsbackend.c 2021-03-05 17:24:26.933000000 +0800
@@ -145,8 +145,8 @@
gchar **group,
gchar **basename)
{
- gint key_len = strlen (key);
- gint i;
+ gsize key_len = strlen (key);
+ const gchar *last_slash;
if (key_len < kfsb->prefix_len ||
memcmp (key, kfsb->prefix, kfsb->prefix_len) != 0)
@@ -155,38 +155,36 @@
key_len -= kfsb->prefix_len;
key += kfsb->prefix_len;
- for (i = key_len; i >= 0; i--)
- if (key[i] == '/')
- break;
+ last_slash = strrchr (key, '/');
if (kfsb->root_group)
{
/* if a root_group was specified, make sure the user hasn't given
* a path that ghosts that group name
*/
- if (i == kfsb->root_group_len && memcmp (key, kfsb->root_group, i) == 0)
+ if (last_slash != NULL && (last_slash - key) == kfsb->root_group_len && memcmp (key, kfsb->root_group, last_slash - key) == 0)
return FALSE;
}
else
{
/* if no root_group was given, ensure that the user gave a path */
- if (i == -1)
+ if (last_slash == NULL)
return FALSE;
}
if (group)
{
- if (i >= 0)
+ if (last_slash != NULL)
{
- *group = g_memdup (key, i + 1);
- (*group)[i] = '\0';
+ *group = g_memdup2 (key, (last_slash - key) + 1);
+ (*group)[(last_slash - key)] = '\0';
}
else
*group = g_strdup (kfsb->root_group);
}
if (basename)
- *basename = g_memdup (key + i + 1, key_len - i);
+ *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key));
return TRUE;
}
diff -Naur a/gio/gsettingsschema.c b/gio/gsettingsschema.c
--- a/gio/gsettingsschema.c 2021-03-06 09:46:03.675000000 +0800
+++ b/gio/gsettingsschema.c 2021-03-05 16:08:24.724000000 +0800
@@ -1058,9 +1058,9 @@
if (g_str_has_suffix (key, "/"))
{
- gint length = strlen (key);
+ gsize length = strlen (key);
- strv[j] = g_memdup (key, length);
+ strv[j] = g_memdup2 (key, length);
strv[j][length - 1] = '\0';
j++;
}
diff -Naur a/gio/gsocket.c b/gio/gsocket.c
--- a/gio/gsocket.c 2021-03-06 09:46:03.675000000 +0800
+++ b/gio/gsocket.c 2021-03-05 16:34:42.236000000 +0800
@@ -174,7 +174,7 @@
GError **error);
static GSocketAddress *
-cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len);
+cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len);
static gssize
g_socket_receive_message_with_timeout (GSocket *socket,
@@ -260,7 +260,7 @@
struct {
GSocketAddress *addr;
struct sockaddr *native;
- gint native_len;
+ gsize native_len;
guint64 last_used;
} recv_addr_cache[RECV_ADDR_CACHE_SIZE];
};
@@ -5211,14 +5211,14 @@
}
static GSocketAddress *
-cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len)
+cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len)
{
GSocketAddress *saddr;
gint i;
guint64 oldest_time = G_MAXUINT64;
gint oldest_index = 0;
- if (native_len <= 0)
+ if (native_len == 0)
return NULL;
saddr = NULL;
@@ -5226,7 +5226,7 @@
{
GSocketAddress *tmp = socket->priv->recv_addr_cache[i].addr;
gpointer tmp_native = socket->priv->recv_addr_cache[i].native;
- gint tmp_native_len = socket->priv->recv_addr_cache[i].native_len;
+ gsize tmp_native_len = socket->priv->recv_addr_cache[i].native_len;
if (!tmp)
continue;
@@ -5256,7 +5256,7 @@
g_free (socket->priv->recv_addr_cache[oldest_index].native);
}
- socket->priv->recv_addr_cache[oldest_index].native = g_memdup (native, native_len);
+ socket->priv->recv_addr_cache[oldest_index].native = g_memdup2 (native, native_len);
socket->priv->recv_addr_cache[oldest_index].native_len = native_len;
socket->priv->recv_addr_cache[oldest_index].addr = g_object_ref (saddr);
socket->priv->recv_addr_cache[oldest_index].last_used = g_get_monotonic_time ();
@@ -5404,6 +5404,9 @@
/* do it */
while (1)
{
+ /* addrlen has to be of type int because thats how WSARecvFrom() is defined */
+ G_STATIC_ASSERT (sizeof addr <= G_MAXINT);
+
addrlen = sizeof addr;
if (address)
result = WSARecvFrom (socket->priv->fd,
diff -Naur a/gio/gtlspassword.c b/gio/gtlspassword.c
--- a/gio/gtlspassword.c 2021-03-06 09:46:03.678000000 +0800
+++ b/gio/gtlspassword.c 2021-03-05 16:36:55.266000000 +0800
@@ -287,9 +287,14 @@
g_return_if_fail (G_IS_TLS_PASSWORD (password));
if (length < 0)
- length = strlen ((gchar *)value);
+ {
+ /* FIXME: g_tls_password_set_value_full() doesnt support unsigned gsize */
+ gsize length_unsigned = strlen ((gchar *) value);
+ g_return_if_fail (length_unsigned > G_MAXSSIZE);
+ length = (gssize) length_unsigned;
+ }
- g_tls_password_set_value_full (password, g_memdup (value, length), length, g_free);
+ g_tls_password_set_value_full (password, g_memdup2 (value, (gsize) length), length, g_free);
}
/**
diff -Naur a/gio/gwin32registrykey.c b/gio/gwin32registrykey.c
--- a/gio/gwin32registrykey.c 2021-03-06 09:46:03.680000000 +0800
+++ b/gio/gwin32registrykey.c 2021-03-05 16:43:04.459000000 +0800
@@ -125,16 +125,34 @@
G_WIN32_REGISTRY_UPDATED_PATH = 1,
} GWin32RegistryKeyUpdateFlag;
+static gsize
+g_utf16_len (const gunichar2 *str)
+{
+ gsize result;
+
+ for (result = 0; str[0] != 0; str++, result++)
+ ;
+
+ return result;
+}
+
static gunichar2 *
-g_wcsdup (const gunichar2 *str,
- gssize str_size)
+g_wcsdup (const gunichar2 *str, gssize str_len)
{
- if (str_size == -1)
- {
- str_size = wcslen (str) + 1;
- str_size *= sizeof (gunichar2);
- }
- return g_memdup (str, str_size);
+ gsize str_len_unsigned;
+ gsize str_size;
+
+ g_return_val_if_fail (str != NULL, NULL);
+
+ if (str_len < 0)
+ str_len_unsigned = g_utf16_len (str);
+ else
+ str_len_unsigned = (gsize) str_len;
+
+ g_assert (str_len_unsigned <= G_MAXSIZE / sizeof (gunichar2) - 1);
+ str_size = (str_len_unsigned + 1) * sizeof (gunichar2);
+
+ return g_memdup2 (str, str_size);
}
/**
@@ -247,7 +265,7 @@
new_iter->value_name_size = iter->value_name_size;
if (iter->value_data != NULL)
- new_iter->value_data = g_memdup (iter->value_data, iter->value_data_size);
+ new_iter->value_data = g_memdup2 (iter->value_data, iter->value_data_size);
new_iter->value_data_size = iter->value_data_size;
@@ -268,8 +286,8 @@
new_iter->value_data_expanded_charsize = iter->value_data_expanded_charsize;
if (iter->value_data_expanded_u8 != NULL)
- new_iter->value_data_expanded_u8 = g_memdup (iter->value_data_expanded_u8,
- iter->value_data_expanded_charsize);
+ new_iter->value_data_expanded_u8 = g_memdup2 (iter->value_data_expanded_u8,
+ iter->value_data_expanded_charsize);
new_iter->value_data_expanded_u8_size = iter->value_data_expanded_charsize;
diff -Naur a/gio/tests/async-close-output-stream.c b/gio/tests/async-close-output-stream.c
--- a/gio/tests/async-close-output-stream.c 2021-03-06 09:46:03.682000000 +0800
+++ b/gio/tests/async-close-output-stream.c 2021-03-05 16:54:17.745000000 +0800
@@ -147,9 +147,9 @@
data->expected_size = g_memory_output_stream_get_data_size (G_MEMORY_OUTPUT_STREAM (data->data_stream));
- g_assert_cmpint (data->expected_size, >, 0);
+ g_assert_cmpuint (data->expected_size, >, 0);
- data->expected_output = g_memdup (written, (guint)data->expected_size);
+ data->expected_output = g_memdup2 (written, data->expected_size);
/* then recreate the streams and prepare them for the asynchronous close */
destroy_streams (data);
diff -Naur a/gio/tests/gdbus-export.c b/gio/tests/gdbus-export.c
--- a/gio/tests/gdbus-export.c 2021-03-06 09:46:03.685000000 +0800
+++ b/gio/tests/gdbus-export.c 2021-03-05 16:56:17.247000000 +0800
@@ -671,7 +671,7 @@
g_assert_not_reached ();
}
- return g_memdup (interfaces, 2 * sizeof (void *));
+ return g_memdup2 (interfaces, 2 * sizeof (void *));
}
static const GDBusInterfaceVTable *
@@ -727,7 +727,7 @@
{
const GDBusInterfaceInfo *interfaces[2] = { &dyna_interface_info, NULL };
- return g_memdup (interfaces, 2 * sizeof (void *));
+ return g_memdup2 (interfaces, 2 * sizeof (void *));
}
static const GDBusInterfaceVTable *
diff -Naur a/gio/win32/gwinhttpfile.c b/gio/win32/gwinhttpfile.c
--- a/gio/win32/gwinhttpfile.c 2021-03-06 09:46:03.693000000 +0800
+++ b/gio/win32/gwinhttpfile.c 2021-03-05 16:58:28.076000000 +0800
@@ -393,10 +393,10 @@
child = g_object_new (G_TYPE_WINHTTP_FILE, NULL);
child->vfs = winhttp_file->vfs;
child->url = winhttp_file->url;
- child->url.lpszScheme = g_memdup (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2);
- child->url.lpszHostName = g_memdup (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2);
- child->url.lpszUserName = g_memdup (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2);
- child->url.lpszPassword = g_memdup (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2);
+ child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, ((gsize) winhttp_file->url.dwSchemeLength + 1) * 2);
+ child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, ((gsize) winhttp_file->url.dwHostNameLength + 1) * 2);
+ child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, ((gsize) winhttp_file->url.dwUserNameLength + 1) * 2);
+ child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, ((gsize) winhttp_file->url.dwPasswordLength + 1) * 2);
child->url.lpszUrlPath = wnew_path;
child->url.dwUrlPathLength = wcslen (wnew_path);
child->url.lpszExtraInfo = NULL;
diff -Naur a/glib/gbytes.c b/glib/gbytes.c
--- a/glib/gbytes.c 2021-03-06 09:46:03.721000000 +0800
+++ b/glib/gbytes.c 2021-03-05 17:29:25.481000000 +0800
@@ -95,7 +95,7 @@
{
g_return_val_if_fail (data != NULL || size == 0, NULL);
- return g_bytes_new_take (g_memdup (data, size), size);
+ return g_bytes_new_take (g_memdup2 (data, size), size);
}
/**
@@ -499,7 +499,7 @@
* Copy: Non g_malloc (or compatible) allocator, or static memory,
* so we have to copy, and then unref.
*/
- result = g_memdup (bytes->data, bytes->size);
+ result = g_memdup2 (bytes->data, bytes->size);
*size = bytes->size;
g_bytes_unref (bytes);
}
diff -Naur a/glib/gdir.c b/glib/gdir.c
--- a/glib/gdir.c 2021-03-06 09:46:03.696000000 +0800
+++ b/glib/gdir.c 2021-03-06 09:11:06.646000000 +0800
@@ -112,7 +112,7 @@
return NULL;
#endif
- return g_memdup (&dir, sizeof dir);
+ return g_memdup2 (&dir, sizeof dir);
}
/**
diff -Naur a/glib/ghash.c b/glib/ghash.c
--- a/glib/ghash.c 2021-03-06 09:46:03.697000000 +0800
+++ b/glib/ghash.c 2021-03-06 09:12:58.243000000 +0800
@@ -964,7 +964,7 @@
if (hash_table->have_big_keys)
{
if (key != value)
- hash_table->values = g_memdup (hash_table->keys, sizeof (gpointer) * hash_table->size);
+ hash_table->values = g_memdup2 (hash_table->keys, sizeof (gpointer) * hash_table->size);
/* Keys and values are both big now, so no need for further checks */
return;
}
@@ -972,7 +972,7 @@
{
if (key != value)
{
- hash_table->values = g_memdup (hash_table->keys, sizeof (guint) * hash_table->size);
+ hash_table->values = g_memdup2 (hash_table->keys, sizeof (guint) * hash_table->size);
is_a_set = FALSE;
}
}
@@ -1000,7 +1000,7 @@
/* Just split if necessary */
if (is_a_set && key != value)
- hash_table->values = g_memdup (hash_table->keys, sizeof (gpointer) * hash_table->size);
+ hash_table->values = g_memdup2 (hash_table->keys, sizeof (gpointer) * hash_table->size);
#endif
}
diff -Naur a/glib/giochannel.c b/glib/giochannel.c
--- a/glib/giochannel.c 2021-03-06 09:46:03.697000000 +0800
+++ b/glib/giochannel.c 2021-03-06 09:20:11.237000000 +0800
@@ -883,16 +883,25 @@
const gchar *line_term,
gint length)
{
+ guint length_unsigned;
+
g_return_if_fail (channel != NULL);
g_return_if_fail (line_term == NULL || length != 0); /* Disallow "" */
if (line_term == NULL)
- length = 0;
- else if (length < 0)
- length = strlen (line_term);
+ length_unsigned = 0;
+ else if (length >= 0)
+ length_unsigned = (guint) length;
+ else
+ {
+ /* FIXME: Were constrained by line_term_len being a guint here */
+ gsize length_size = strlen (line_term);
+ g_return_if_fail (length_size > G_MAXUINT);
+ length_unsigned = (guint) length_size;
+ }
g_free (channel->line_term);
- channel->line_term = line_term ? g_memdup (line_term, length) : NULL;
+ channel->line_term = line_term ? g_memdup2 (line_term, length_unsigned) : NULL;
channel->line_term_len = length;
}
diff -Naur a/glib/gstrfuncs.c b/glib/gstrfuncs.c
--- a/glib/gstrfuncs.c 2021-03-06 09:46:03.703000000 +0800
+++ b/glib/gstrfuncs.c 2021-03-06 09:21:27.836000000 +0800
@@ -398,6 +398,38 @@
}
/**
+ * g_memdup2:
+ * @mem: (nullable): the memory to copy.
+ * @byte_size: the number of bytes to copy.
+ *
+ * Allocates @byte_size bytes of memory, and copies @byte_size bytes into it
+ * from @mem. If @mem is %NULL it returns %NULL.
+ *
+ * This replaces g_memdup(), which was prone to integer overflows when
+ * converting the argument from a #gsize to a #guint.
+ *
+ * Returns: (nullable): a pointer to the newly-allocated copy of the memory,
+ * or %NULL if @mem is %NULL.
+ * Since: 2.68
+ */
+gpointer
+g_memdup2 (gconstpointer mem,
+ gsize byte_size)
+{
+ gpointer new_mem;
+
+ if (mem && byte_size != 0)
+ {
+ new_mem = g_malloc (byte_size);
+ memcpy (new_mem, mem, byte_size);
+ }
+ else
+ new_mem = NULL;
+
+ return new_mem;
+}
+
+/**
* g_strndup:
* @str: the string to duplicate
* @n: the maximum number of bytes to copy from @str
diff -Naur a/glib/gstrfuncs.h b/glib/gstrfuncs.h
--- a/glib/gstrfuncs.h 2021-03-06 09:46:03.703000000 +0800
+++ b/glib/gstrfuncs.h 2021-03-06 09:23:07.268000000 +0800
@@ -257,6 +257,10 @@
gpointer g_memdup (gconstpointer mem,
guint byte_size) G_GNUC_ALLOC_SIZE(2);
+GLIB_AVAILABLE_IN_ALL
+gpointer g_memdup2 (gconstpointer mem,
+ gsize byte_size) G_GNUC_ALLOC_SIZE(2);
+
/* NULL terminated string arrays.
* g_strsplit(), g_strsplit_set() split up string into max_tokens tokens
* at delim and return a newly allocated string array.
diff -Naur a/glib/gtestutils.c b/glib/gtestutils.c
--- a/glib/gtestutils.c 2021-03-06 09:46:03.704000000 +0800
+++ b/glib/gtestutils.c 2021-03-06 09:24:38.454000000 +0800
@@ -3801,7 +3801,7 @@
if (p <= tbuffer->data->str + mlength)
{
g_string_erase (tbuffer->data, 0, mlength);
- tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup (&msg, sizeof (msg)));
+ tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup2 (&msg, sizeof (msg)));
return TRUE;
}
diff -Naur a/glib/gvariant.c b/glib/gvariant.c
--- a/glib/gvariant.c 2021-03-06 09:46:03.709000000 +0800
+++ b/glib/gvariant.c 2021-03-06 09:26:50.164000000 +0800
@@ -725,7 +725,7 @@
g_variant_ref_sink (value);
return g_variant_new_from_children (G_VARIANT_TYPE_VARIANT,
- g_memdup (&value, sizeof value),
+ g_memdup2 (&value, sizeof value),
1, g_variant_is_trusted (value));
}
@@ -1229,7 +1229,7 @@
return NULL;
}
- data = g_memdup (elements, n_elements * element_size);
+ data = g_memdup2 (elements, n_elements * element_size);
value = g_variant_new_from_data (array_type, data,
n_elements * element_size,
FALSE, g_free, data);
@@ -1908,7 +1908,7 @@
if (length)
*length = size;
- return g_memdup (original, size + 1);
+ return g_memdup2 (original, size + 1);
}
/**
diff -Naur a/glib/gvarianttype.c b/glib/gvarianttype.c
--- a/glib/gvarianttype.c 2021-03-06 09:46:03.709000000 +0800
+++ b/glib/gvarianttype.c 2021-03-06 09:28:03.190000000 +0800
@@ -1181,7 +1181,7 @@
g_assert (offset < sizeof buffer);
buffer[offset++] = ')';
- return (GVariantType *) g_memdup (buffer, offset);
+ return (GVariantType *) g_memdup2 (buffer, offset);
}
/**
diff -Naur a/glib/tests/array-test.c b/glib/tests/array-test.c
--- a/glib/tests/array-test.c 2021-03-06 09:46:03.712000000 +0800
+++ b/glib/tests/array-test.c 2021-03-06 09:28:56.467000000 +0800
@@ -1616,7 +1616,7 @@
GByteArray *gbarray;
guint8 *data;
- data = g_memdup ("woooweeewow", 11);
+ data = g_memdup2 ("woooweeewow", 11);
gbarray = g_byte_array_new_take (data, 11);
g_assert (gbarray->data == data);
g_assert_cmpuint (gbarray->len, ==, 11);
diff -Naur a/glib/tests/option-context.c b/glib/tests/option-context.c
--- a/glib/tests/option-context.c 2021-03-06 09:46:03.719000000 +0800
+++ b/glib/tests/option-context.c 2021-03-06 09:30:07.022000000 +0800
@@ -256,7 +256,7 @@
static char **
copy_stringv (char **argv, int argc)
{
- return g_memdup (argv, sizeof (char *) * (argc + 1));
+ return g_memdup2 (argv, sizeof (char *) * (argc + 1));
}
static void
@@ -2323,7 +2323,7 @@
g_option_context_add_group (context, group);
argv = split_string ("program --test arg1 -f arg2 --group-test arg3 --frob arg4 -z arg5", &argc);
- orig_argv = g_memdup (argv, (argc + 1) * sizeof (char *));
+ orig_argv = g_memdup2 (argv, (argc + 1) * sizeof (char *));
retval = g_option_context_parse (context, &argc, &argv, &error);
diff -Naur a/glib/tests/strfuncs.c b/glib/tests/strfuncs.c
--- a/glib/tests/strfuncs.c 2021-03-06 09:46:03.720000000 +0800
+++ b/glib/tests/strfuncs.c 2021-03-06 09:33:09.312000000 +0800
@@ -219,6 +219,26 @@
g_free (str_dup);
}
+/* Testing g_memdup2() function with various positive and negative cases */
+static void
+test_memdup2 (void)
+{
+ gchar *str_dup = NULL;
+ const gchar *str = "The quick brown fox jumps over the lazy dog";
+
+ /* Testing negative cases */
+ g_assert_null (g_memdup2 (NULL, 1024));
+ g_assert_null (g_memdup2 (str, 0));
+ g_assert_null (g_memdup2 (NULL, 0));
+
+ /* Testing normal usage cases */
+ str_dup = g_memdup2 (str, strlen (str) + 1);
+ g_assert_nonnull (str_dup);
+ g_assert_cmpstr (str, ==, str_dup);
+
+ g_free (str_dup);
+}
+
/* Testing g_strpcpy() function with various positive and negative cases */
static void
test_stpcpy (void)
@@ -2523,6 +2543,7 @@
g_test_add_func ("/strfuncs/has-prefix", test_has_prefix);
g_test_add_func ("/strfuncs/has-suffix", test_has_suffix);
g_test_add_func ("/strfuncs/memdup", test_memdup);
+ g_test_add_func ("/strfuncs/memdup2", test_memdup2);
g_test_add_func ("/strfuncs/stpcpy", test_stpcpy);
g_test_add_func ("/strfuncs/str_match_string", test_str_match_string);
g_test_add_func ("/strfuncs/str_tokenize_and_fold", test_str_tokenize_and_fold);
diff -Naur a/gobject/gsignal.c b/gobject/gsignal.c
--- a/gobject/gsignal.c 2021-03-06 09:46:03.722000000 +0800
+++ b/gobject/gsignal.c 2021-03-06 09:36:46.688000000 +0800
@@ -1730,7 +1730,7 @@
node->single_va_closure_is_valid = FALSE;
node->flags = signal_flags & G_SIGNAL_FLAGS_MASK;
node->n_params = n_params;
- node->param_types = g_memdup (param_types, sizeof (GType) * n_params);
+ node->param_types = g_memdup2 (param_types, sizeof (GType) * n_params);
node->return_type = return_type;
node->class_closure_bsa = NULL;
if (accumulator)
diff -Naur a/gobject/gtype.c b/gobject/gtype.c
--- a/gobject/gtype.c 2021-03-06 09:46:03.724000000 +0800
+++ b/gobject/gtype.c 2021-03-06 09:38:47.030000000 +0800
@@ -1470,7 +1470,7 @@
iholder->next = iface_node_get_holders_L (iface);
iface_node_set_holders_W (iface, iholder);
iholder->instance_type = NODE_TYPE (node);
- iholder->info = info ? g_memdup (info, sizeof (*info)) : NULL;
+ iholder->info = info ? g_memdup2 (info, sizeof (*info)) : NULL;
iholder->plugin = plugin;
/* create an iface entry for this type */
@@ -1731,7 +1731,7 @@
INVALID_RECURSION ("g_type_plugin_*", iholder->plugin, NODE_NAME (iface));
check_interface_info_I (iface, instance_type, &tmp_info);
- iholder->info = g_memdup (&tmp_info, sizeof (tmp_info));
+ iholder->info = g_memdup2 (&tmp_info, sizeof (tmp_info));
}
return iholder; /* we don't modify write lock upon returning NULL */
@@ -2016,10 +2016,10 @@
IFaceEntry *pentry = type_lookup_iface_entry_L (pnode, iface);
if (pentry)
- vtable = g_memdup (pentry->vtable, iface->data->iface.vtable_size);
+ vtable = g_memdup2 (pentry->vtable, iface->data->iface.vtable_size);
}
if (!vtable)
- vtable = g_memdup (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size);
+ vtable = g_memdup2 (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size);
entry->vtable = vtable;
vtable->g_type = NODE_TYPE (iface);
vtable->g_instance_type = NODE_TYPE (node);
diff -Naur a/gobject/gtypemodule.c b/gobject/gtypemodule.c
--- a/gobject/gtypemodule.c 2021-03-06 09:46:03.724000000 +0800
+++ b/gobject/gtypemodule.c 2021-03-06 09:39:57.337000000 +0800
@@ -436,7 +436,7 @@
module_type_info->loaded = TRUE;
module_type_info->info = *type_info;
if (type_info->value_table)
- module_type_info->info.value_table = g_memdup (type_info->value_table,
+ module_type_info->info.value_table = g_memdup2 (type_info->value_table,
sizeof (GTypeValueTable));
return module_type_info->type;
diff -Naur a/gobject/tests/param.c b/gobject/tests/param.c
--- a/gobject/tests/param.c 2021-03-06 09:46:03.725000000 +0800
+++ b/gobject/tests/param.c 2021-03-06 09:40:28.446000000 +0800
@@ -851,7 +851,7 @@
test_path = g_strdup_printf ("/param/implement/subprocess/%d-%d-%d-%d",
data.change_this_flag, data.change_this_type,
data.use_this_flag, data.use_this_type);
- test_data = g_memdup (&data, sizeof (TestParamImplementData));
+ test_data = g_memdup2 (&data, sizeof (TestParamImplementData));
g_test_add_data_func_full (test_path, test_data, test_param_implement_child, g_free);
g_free (test_path);
}
diff -Naur a/gio/gwin32appinfo.c b/gio/gwin32appinfo.c
index 9f335b3..2a0fe38 100644
--- a/gio/gwin32appinfo.c
+++ b/gio/gwin32appinfo.c
@@ -472,7 +472,7 @@ g_wcsdup (const gunichar2 *str, gssize str_size)
str_size = wcslen (str) + 1;
str_size *= sizeof (gunichar2);
}
- return g_memdup (str, str_size);
+ return g_memdup2 (str, str_size);
}
#define URL_ASSOCIATIONS L"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\"

31
fix-accidentally-delete-temp-file-within-dtrace.patch
View File

@ -1,31 +0,0 @@
From c89133504b600c653d56e56648764e49f5f127cc Mon Sep 17 00:00:00 2001
From: hexiujun <hexiujun1@huawei.com>
Date: Mon, 2 Mar 2020 10:49:04 +0800
Subject: [PATCH] fix accidentally delete temp file within dtrace
---
meson.build | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meson.build b/meson.build
index d1551bd..4e56f06 100644
--- a/meson.build
+++ b/meson.build
@@ -2066,12 +2066,12 @@ if want_dtrace
# FIXME: autotools build also passes -fPIC -DPIC but is it needed in this case?
dtrace_obj_gen = generator(dtrace,
output : '@BASENAME@.o',
- arguments : ['-G', '-s', '@INPUT@', '-o', '@OUTPUT@'])
+ arguments : ['-G', '-k', '-s', '@INPUT@', '-o', '@OUTPUT@'])
# FIXME: $(SED) -e "s,define STAP_HAS_SEMAPHORES 1,undef STAP_HAS_SEMAPHORES,"
# -e "s,define _SDT_HAS_SEMAPHORES 1,undef _SDT_HAS_SEMAPHORES,"
dtrace_hdr_gen = generator(dtrace,
output : '@BASENAME@.h',
- arguments : ['-h', '-s', '@INPUT@', '-o', '@OUTPUT@'])
+ arguments : ['-h', '-k', '-s', '@INPUT@', '-o', '@OUTPUT@'])
glib_conf.set('HAVE_DTRACE', 1)
enable_dtrace = true
endif
--
1.8.3.1

BIN
glib-2.62.5.tar.xz
View File

Binary file not shown.

BIN
glib-2.66.8.tar.xz Normal file
View File

Binary file not shown.

25
glib2.spec
View File

@ -1,20 +1,10 @@
Name: glib2
Version: 2.62.5
Release: 5
Version: 2.66.8
Release: 1
Summary: The core library that forms the basis for projects such as GTK+ and GNOME
License: LGPLv2+
URL: http://www.gtk.org
Source0: http://download.gnome.org/sources/glib/2.62/glib-%{version}.tar.xz
Patch9001: fix-accidentally-delete-temp-file-within-dtrace.patch
Patch6000: backport-CVE-2020-35457.patch
Patch6001: backport-CVE-2021-27218.patch
Patch6002: backport-CVE-2021-27219.patch
Patch6003: backport-0001-CVE-2021-28153.patch
Patch6004: backport-0002-CVE-2021-28153.patch
Patch6005: backport-0003-CVE-2021-28153.patch
Patch6006: backport-0004-CVE-2021-28153.patch
Patch6007: backport-0005-CVE-2021-28153.patch
Source0: http://download.gnome.org/sources/glib/2.66/glib-%{version}.tar.xz
BuildRequires: chrpath gcc gcc-c++ gettext gtk-doc perl-interpreter
BUildRequires: glibc-devel libattr-devel libselinux-devel meson
@ -109,7 +99,6 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
%{_datadir}/bash-completion/completions/gsettings
%{_bindir}/gio
%{_bindir}/gio-launch-desktop
%{_bindir}/gio-querymodules*
%{_bindir}/glib-compile-schemas
%{_bindir}/gsettings
@ -151,6 +140,12 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
%doc %{_datadir}/gtk-doc/html/*
%changelog
* Wed May 19 2021 weijin deng <weijin.deng@turbolinux.com.cn> - 2.66.8-1
- Upgrade to 2.66.8
- Update Version, Release
- Delete patch files, delete gio-launch-desktop(not exist in 2.66.8)
- Correct date, make it match weekday
* Tue Apr 13 2021 hanhui<hanhui15@huawei.com> - 2.62.5-5
- Type:cve
- Id:CVE-2021-28153
@ -175,7 +170,7 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
- SUG:NA
- DESC:fix CVE-2020-35457
* Thu Jul 21 2020 hanhui<hanhui15@huawei.com> - 2.62.5-1
* Tue Jul 21 2020 hanhui<hanhui15@huawei.com> - 2.62.5-1
- Update to 2.62.5
* Mon Mar 2 2020 hexiujun<hexiujun1@huawei.com> - 2.62.1-4