Overview

File glib2-CVE-2025-7039.patch of Package glib2.41656

From 61e963284889ddb4544e6f1d5261c16120f6fcc3 Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@redhat.com>
Date: Tue, 1 Jul 2025 10:58:07 -0500
Subject: [PATCH] gfileutils: fix computation of temporary file name

We need to ensure that the value we use to index into the letters array
is always positive.

Fixes #3716
---
diff -urp glib-2.48.2.orig/glib/gfileutils.c glib-2.48.2/glib/gfileutils.c
--- glib-2.48.2.orig/glib/gfileutils.c	2016-08-17 11:07:39.000000000 -0500
+++ glib-2.48.2/glib/gfileutils.c	2025-10-31 17:41:17.376557341 -0500
@@ -1273,9 +1273,9 @@ get_tmp_file (gchar            *tmpl,
   static const char letters[] =
     "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
   static const int NLETTERS = sizeof (letters) - 1;
-  glong value;
+  guint64 value;
   GTimeVal tv;
-  static int counter = 0;
+  static guint64 counter = 0;
 
   g_return_val_if_fail (tmpl != NULL, -1);
 
@@ -1294,7 +1294,7 @@ get_tmp_file (gchar            *tmpl,
 
   for (count = 0; count < 100; value += 7777, ++count)
     {
-      glong v = value;
+      guint64 v = value;
 
       /* Fill in the random bits.  */
       XXXXXX[0] = letters[v % NLETTERS];
openSUSE Build Service is sponsored by
Places