Overview

File glib2-CVE-2025-7039.patch of Package glib2

From 61e963284889ddb4544e6f1d5261c16120f6fcc3 Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@redhat.com>
Date: Tue, 1 Jul 2025 10:58:07 -0500
Subject: [PATCH] gfileutils: fix computation of temporary file name

We need to ensure that the value we use to index into the letters array
is always positive.

Fixes #3716
---
 glib/gfileutils.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/glib/gfileutils.c b/glib/gfileutils.c
index c7d3339d1..286b1b154 100644
--- a/glib/gfileutils.c
+++ b/glib/gfileutils.c
@@ -1538,9 +1538,9 @@ get_tmp_file (gchar            *tmpl,
   static const char letters[] =
     "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
   static const int NLETTERS = sizeof (letters) - 1;
-  gint64 value;
-  gint64 now_us;
-  static int counter = 0;
+  guint64 value;
+  guint64 now_us;
+  static guint counter = 0;
 
   g_return_val_if_fail (tmpl != NULL, -1);
 
@@ -1559,7 +1559,7 @@ get_tmp_file (gchar            *tmpl,
 
   for (count = 0; count < 100; value += 7777, ++count)
     {
-      gint64 v = value;
+      guint64 v = value;
 
       /* Fill in the random bits.  */
       XXXXXX[0] = letters[v % NLETTERS];
-- 
2.51.1
openSUSE Build Service is sponsored by
Places