Overview
Request 876844 accepted
- Add glib2-CVE-2021-27218.patch: g_byte_array_new_take takes a
gsize as length but stores in a guint, this patch will refuse if
the length is larger than guint. (bsc#1182328,
glgo#GNOME/glib!1944)
- Add glib2-CVE-2021-27219-add-g_memdup2.patch: g_memdup takes a
guint as parameter and sometimes leads into an integer overflow,
so add a g_memdup2 function which uses gsize to replace it.
(bsc#1182362, glgo#GNOME/glib!1927, glgo#GNOME/glib!1933,
glgo#GNOME/glib!1943)
You have an extra glib2-add-g_mem_dup2.patch which would be added to the repository, although it is not used.
Request History
AZhou created request
- Add glib2-CVE-2021-27218.patch: g_byte_array_new_take takes a
gsize as length but stores in a guint, this patch will refuse if
the length is larger than guint. (bsc#1182328,
glgo#GNOME/glib!1944)
- Add glib2-CVE-2021-27219-add-g_memdup2.patch: g_memdup takes a
guint as parameter and sometimes leads into an integer overflow,
so add a g_memdup2 function which uses gsize to replace it.
(bsc#1182362, glgo#GNOME/glib!1927, glgo#GNOME/glib!1933,
glgo#GNOME/glib!1943)
AZhou accepted request
LGTM, thanks!