Hi all, GLib 2.67.3 will be released shortly with a new g_memdup2() API to replace the old g_memdup() API. Please port to using g_memdup2() as soon as possible: g_memdup() will be deprecated in GLib 2.67.4.
The old API took the size of the memory to duplicate as a guint, whereas most memory functions take memory sizes as a gsize. This made it easy to accidentally pass a gsize to g_memdup(). For large values, that would lead to a silent truncation of the size from 64 to 32 bits, and result in a heap area being returned which is significantly smaller than what the caller expects. This can likely be exploited in various modules to cause a heap buffer overflow. Details here: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1926 GLib 2.66.6 will also be released shortly, which will fix the bug internally in GLib. It will not export g_memdup2() as a new public API though. You’ll need to depend on GLib ≥2.67.3 for that, or copy the `static inline` version of g_memdup2() from here: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1927/diffs Sorry for the short notice about this. Due to some oversights, the vulnerability was made public today at the same time as we first heard about it. Thanks to Kevin Backhouse from GHSL for finding it and providing a detailed report. Philip
signature.asc
Description: This is a digitally signed message part
_______________________________________________ desktop-devel-list mailing list desktop-devel-list@gnome.org https://mail.gnome.org/mailman/listinfo/desktop-devel-list
