Overview

File glib2-CVE-2025-13601-2.patch of Package glib2

From 7e5489cb921d0531ee4ebc9938da30a02084b2fa Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@gnome.org>
Date: Thu, 13 Nov 2025 18:31:43 +0000
Subject: [PATCH] fuzzing: Add fuzz tests for g_filename_{to,from}_uri()

These functions could be called on untrusted input data, and since they
do URI escaping/unescaping, they have non-trivial string handling code.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

See: #3827
---
 fuzzing/fuzz_filename_from_uri.c | 40 ++++++++++++++++++++++++++++++++
 fuzzing/fuzz_filename_to_uri.c   | 40 ++++++++++++++++++++++++++++++++
 fuzzing/meson.build              |  2 ++
 3 files changed, 82 insertions(+)
 create mode 100644 fuzzing/fuzz_filename_from_uri.c
 create mode 100644 fuzzing/fuzz_filename_to_uri.c

diff -urpN glib-2.62.6.orig/fuzzing/fuzz_filename_from_uri.c glib-2.62.6/fuzzing/fuzz_filename_from_uri.c
--- glib-2.62.6.orig/fuzzing/fuzz_filename_from_uri.c	1969-12-31 18:00:00.000000000 -0600
+++ glib-2.62.6/fuzzing/fuzz_filename_from_uri.c	2025-12-11 15:48:14.646506942 -0600
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2025 GNOME Foundation, Inc.
+ *
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  unsigned char *nul_terminated_data = NULL;
+  char *filename = NULL;
+  GError *local_error = NULL;
+
+  fuzz_set_logging_func ();
+
+  /* ignore @size (g_filename_from_uri() doesn’t support it); ensure @data is nul-terminated */
+  nul_terminated_data = (unsigned char *) g_strndup ((const char *) data, size);
+  filename = g_filename_from_uri ((const char *) nul_terminated_data, NULL, &local_error);
+  g_free (nul_terminated_data);
+
+  g_free (filename);
+  g_clear_error (&local_error);
+
+  return 0;
+}
diff -urpN glib-2.62.6.orig/fuzzing/fuzz_filename_to_uri.c glib-2.62.6/fuzzing/fuzz_filename_to_uri.c
--- glib-2.62.6.orig/fuzzing/fuzz_filename_to_uri.c	1969-12-31 18:00:00.000000000 -0600
+++ glib-2.62.6/fuzzing/fuzz_filename_to_uri.c	2025-12-11 15:48:14.646882633 -0600
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2025 GNOME Foundation, Inc.
+ *
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  unsigned char *nul_terminated_data = NULL;
+  char *uri = NULL;
+  GError *local_error = NULL;
+
+  fuzz_set_logging_func ();
+
+  /* ignore @size (g_filename_to_uri() doesn’t support it); ensure @data is nul-terminated */
+  nul_terminated_data = (unsigned char *) g_strndup ((const char *) data, size);
+  uri = g_filename_to_uri ((const char *) nul_terminated_data, NULL, &local_error);
+  g_free (nul_terminated_data);
+
+  g_free (uri);
+  g_clear_error (&local_error);
+
+  return 0;
+}
diff -urpN glib-2.62.6.orig/fuzzing/meson.build glib-2.62.6/fuzzing/meson.build
--- glib-2.62.6.orig/fuzzing/meson.build	2020-03-18 08:16:11.000000000 -0500
+++ glib-2.62.6/fuzzing/meson.build	2025-12-11 15:49:01.150736514 -0600
@@ -1,6 +1,8 @@
 fuzz_targets = [
   'fuzz_bookmark',
   'fuzz_dbus_message',
+  'fuzz_filename_from_uri',
+  'fuzz_filename_to_uri',
   'fuzz_key',
   'fuzz_variant_binary',
   'fuzz_variant_text',
openSUSE Build Service is sponsored by
Places