Overview

File glib2-CVE-2025-7039.patch of Package glib2

From 61e963284889ddb4544e6f1d5261c16120f6fcc3 Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@redhat.com>
Date: Tue, 1 Jul 2025 10:58:07 -0500
Subject: [PATCH] gfileutils: fix computation of temporary file name

We need to ensure that the value we use to index into the letters array
is always positive.

Fixes #3716
---
diff -urp glib-2.70.5.orig/glib/gfileutils.c glib-2.70.5/glib/gfileutils.c
--- glib-2.70.5.orig/glib/gfileutils.c	2022-03-17 08:58:37.000000000 -0500
+++ glib-2.70.5/glib/gfileutils.c	2025-10-31 16:10:23.846488112 -0500
@@ -1475,9 +1475,9 @@ get_tmp_file (gchar            *tmpl,
   static const char letters[] =
     "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
   static const int NLETTERS = sizeof (letters) - 1;
-  glong value;
-  gint64 now_us;
-  static int counter = 0;
+  guint64 value;
+  guint64 now_us;
+  static guint counter = 0;
 
   g_return_val_if_fail (tmpl != NULL, -1);
 
@@ -1496,7 +1496,7 @@ get_tmp_file (gchar            *tmpl,
 
   for (count = 0; count < 100; value += 7777, ++count)
     {
-      glong v = value;
+      guint64 v = value;
 
       /* Fill in the random bits.  */
       XXXXXX[0] = letters[v % NLETTERS];
openSUSE Build Service is sponsored by
Places