[jackhill/guix/guix.git] / gnu / packages / patches / glib-CVE-2021-27219-06.patch

From f9ee2275cbc312c0b4cdbc338a4fbb76eb36fb9a Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 13:49:00 +0000
Subject: [PATCH 06/11] gdatainputstream: Handle stop_chars_len internally as
 gsize

Previously it was handled as a `gssize`, which meant that if the
`stop_chars` string was longer than `G_MAXSSIZE` there would be an
overflow.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
 gio/gdatainputstream.c | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/gio/gdatainputstream.c b/gio/gdatainputstream.c
index 2e7750cb5..2cdcbda19 100644
--- a/gio/gdatainputstream.c
+++ b/gio/gdatainputstream.c
@@ -27,6 +27,7 @@
 #include "gioenumtypes.h"
 #include "gioerror.h"
 #include "glibintl.h"
+#include "gstrfuncsprivate.h"
 
 #include <string.h>
 
@@ -856,7 +857,7 @@ static gssize
 scan_for_chars (GDataInputStream *stream,
 		gsize            *checked_out,
 		const char       *stop_chars,
-                gssize            stop_chars_len)
+                gsize             stop_chars_len)
 {
   GBufferedInputStream *bstream;
   const char *buffer;
@@ -952,7 +953,7 @@ typedef struct
   gsize checked;
 
   gchar *stop_chars;
-  gssize stop_chars_len;
+  gsize stop_chars_len;
   gsize length;
 } GDataInputStreamReadData;
 
@@ -1078,12 +1079,17 @@ g_data_input_stream_read_async (GDataInputStream    *stream,
 {
   GDataInputStreamReadData *data;
   GTask *task;
+  gsize stop_chars_len_unsigned;
 
   data = g_slice_new0 (GDataInputStreamReadData);
-  if (stop_chars_len == -1)
-    stop_chars_len = strlen (stop_chars);
-  data->stop_chars = g_memdup (stop_chars, stop_chars_len);
-  data->stop_chars_len = stop_chars_len;
+
+  if (stop_chars_len < 0)
+    stop_chars_len_unsigned = strlen (stop_chars);
+  else
+    stop_chars_len_unsigned = (gsize) stop_chars_len;
+
+  data->stop_chars = g_memdup2 (stop_chars, stop_chars_len_unsigned);
+  data->stop_chars_len = stop_chars_len_unsigned;
   data->last_saw_cr = FALSE;
 
   task = g_task_new (stream, cancellable, callback, user_data);
@@ -1338,17 +1344,20 @@ g_data_input_stream_read_upto (GDataInputStream  *stream,
   gssize found_pos;
   gssize res;
   char *data_until;
+  gsize stop_chars_len_unsigned;
 
   g_return_val_if_fail (G_IS_DATA_INPUT_STREAM (stream), NULL);
 
   if (stop_chars_len < 0)
-    stop_chars_len = strlen (stop_chars);
+    stop_chars_len_unsigned = strlen (stop_chars);
+  else
+    stop_chars_len_unsigned = (gsize) stop_chars_len;
 
   bstream = G_BUFFERED_INPUT_STREAM (stream);
 
   checked = 0;
 
-  while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len)) == -1)
+  while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len_unsigned)) == -1)
     {
       if (g_buffered_input_stream_get_available (bstream) ==
           g_buffered_input_stream_get_buffer_size (bstream))
-- 
2.30.1
Commit	Line	Data
21b3b755 MW	1	From f9ee2275cbc312c0b4cdbc338a4fbb76eb36fb9a Mon Sep 17 00:00:00 2001
	2	From: Philip Withnall <pwithnall@endlessos.org>
	3	Date: Thu, 4 Feb 2021 13:49:00 +0000
	4	Subject: [PATCH 06/11] gdatainputstream: Handle stop_chars_len internally as
	5	gsize
	6
	7	Previously it was handled as a `gssize`, which meant that if the
	8	`stop_chars` string was longer than `G_MAXSSIZE` there would be an
	9	overflow.
	10
	11	Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
	12	Helps: #2319
	13	---
	14	gio/gdatainputstream.c \| 25 +++++++++++++++++--------
	15	1 file changed, 17 insertions(+), 8 deletions(-)
	16
	17	diff --git a/gio/gdatainputstream.c b/gio/gdatainputstream.c
	18	index 2e7750cb5..2cdcbda19 100644
	19	--- a/gio/gdatainputstream.c
	20	+++ b/gio/gdatainputstream.c
	21	@@ -27,6 +27,7 @@
	22	#include "gioenumtypes.h"
	23	#include "gioerror.h"
	24	#include "glibintl.h"
	25	+#include "gstrfuncsprivate.h"
	26
	27	#include <string.h>
	28
	29	@@ -856,7 +857,7 @@ static gssize
	30	scan_for_chars (GDataInputStream *stream,
	31	gsize *checked_out,
	32	const char *stop_chars,
	33	- gssize stop_chars_len)
	34	+ gsize stop_chars_len)
	35	{
	36	GBufferedInputStream *bstream;
	37	const char *buffer;
	38	@@ -952,7 +953,7 @@ typedef struct
	39	gsize checked;
	40
	41	gchar *stop_chars;
	42	- gssize stop_chars_len;
	43	+ gsize stop_chars_len;
	44	gsize length;
	45	} GDataInputStreamReadData;
	46
	47	@@ -1078,12 +1079,17 @@ g_data_input_stream_read_async (GDataInputStream *stream,
	48	{
	49	GDataInputStreamReadData *data;
	50	GTask *task;
	51	+ gsize stop_chars_len_unsigned;
	52
	53	data = g_slice_new0 (GDataInputStreamReadData);
	54	- if (stop_chars_len == -1)
	55	- stop_chars_len = strlen (stop_chars);
	56	- data->stop_chars = g_memdup (stop_chars, stop_chars_len);
	57	- data->stop_chars_len = stop_chars_len;
	58	+
	59	+ if (stop_chars_len < 0)
	60	+ stop_chars_len_unsigned = strlen (stop_chars);
	61	+ else
	62	+ stop_chars_len_unsigned = (gsize) stop_chars_len;
	63	+
	64	+ data->stop_chars = g_memdup2 (stop_chars, stop_chars_len_unsigned);
65	+ data->stop_chars_len = stop_chars_len_unsigned;
66	data->last_saw_cr = FALSE;
67
68	task = g_task_new (stream, cancellable, callback, user_data);
69	@@ -1338,17 +1344,20 @@ g_data_input_stream_read_upto (GDataInputStream *stream,
70	gssize found_pos;
71	gssize res;
72	char *data_until;
73	+ gsize stop_chars_len_unsigned;
74
75	g_return_val_if_fail (G_IS_DATA_INPUT_STREAM (stream), NULL);
76
77	if (stop_chars_len < 0)
78	- stop_chars_len = strlen (stop_chars);
79	+ stop_chars_len_unsigned = strlen (stop_chars);
80	+ else
81	+ stop_chars_len_unsigned = (gsize) stop_chars_len;
82
83	bstream = G_BUFFERED_INPUT_STREAM (stream);
84
85	checked = 0;
86
87	- while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len)) == -1)
88	+ while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len_unsigned)) == -1)
89	{
90	if (g_buffered_input_stream_get_available (bstream) ==
91	g_buffered_input_stream_get_buffer_size (bstream))
92	--
93	2.30.1
94