Overview

File glib2-CVE-2026-1485.patch of Package glib2

From ee5acb2cefc643450509374da2600cd3bf49a109 Mon Sep 17 00:00:00 2001
From: Marco Trevisan <mail@3v1n0.net>
Date: Fri, 23 Jan 2026 19:05:44 +0100
Subject: [PATCH] gio/gcontenttype-fdo: Do not overflow if header is longer
 than MAXINT
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In case the header size is longer than MAXINT we may read and write to
invalid locations

Spotted by treeplus.
Thanks to the Sovereign Tech Resilience programme from the Sovereign
Tech Agency.

ID: #YWH-PGM9867-169
Closes: #3871


(cherry picked from commit aacda5b07141b944408c79e83bcbed3b2e1e6e45)

Co-authored-by: Marco Trevisan (TreviƱo) <mail@3v1n0.net>
---
 gio/gcontenttype-fdo.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gio/gcontenttype-fdo.c b/gio/gcontenttype-fdo.c
index 230cea1823..11323973ac 100644
--- a/gio/gcontenttype-fdo.c
+++ b/gio/gcontenttype-fdo.c
@@ -817,7 +817,7 @@ tree_match_free (TreeMatch *match)
 static TreeMatch *
 parse_header (gchar *line)
 {
-  gint len;
+  size_t len;
   gchar *s;
   TreeMatch *match;
 
-- 
GitLab
openSUSE Build Service is sponsored by
Places