Overview

File libgepub-CVE-2025-6196.patch of Package libgepub.39494

diff -urp libgepub-0.6.0.orig/libgepub/gepub-archive.c libgepub-0.6.0/libgepub/gepub-archive.c
--- libgepub-0.6.0.orig/libgepub/gepub-archive.c	2018-03-15 02:39:19.000000000 -0500
+++ libgepub-0.6.0/libgepub/gepub-archive.c	2025-06-23 12:32:56.707090794 -0500
@@ -134,7 +134,7 @@ gepub_archive_read_entry (GepubArchive *
 {
     struct archive_entry *entry;
     guchar *buffer;
-    gint size;
+    int64_t size;
 
     if (!gepub_archive_open (archive))
         return NULL;
@@ -146,7 +146,20 @@ gepub_archive_read_entry (GepubArchive *
     }
 
     size = archive_entry_size (entry);
+
+    // Validate size
+    if (size > G_MAXSIZE) {
+        gepub_archive_close (archive);
+        return NULL;
+    }
+
+    // Allocate buffer with additional error handling
     buffer = g_malloc0 (size);
+    if (!buffer) {
+        gepub_archive_close (archive);
+        return NULL;
+    }
+
     archive_read_data (archive->archive, buffer, size);
 
     gepub_archive_close (archive);
openSUSE Build Service is sponsored by
Places