Detect overflow and error out. Reported by Morten Welinder.

        * glib/gfileutils.c (get_contents_stdio): Detect overflow and
        error out. Reported by Morten Welinder.

svn path=/trunk/; revision=7194

diff --git a/ChangeLog b/ChangeLog
index 97b9c53fbb3e264e213a4c77eaee231b90bf8b2d..cf522ffcf3c050ef02cec7a4f065ed82bd03ac61 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2008-07-16  Matthias Clasen  <mclasen@redhat.com>
+
+       Bug 482413 - get_contents_stdio -- overflow and memory corruption
+
+       * glib/gfileutils.c (get_contents_stdio): Detect overflow and
+       error out. Reported by Morten Welinder. 
+
 2008-07-16  Matthias Clasen  <mclasen@redhat.com>
 
        Bug 542332 – small fix for error message in GMarkup

diff --git a/glib/gfileutils.c b/glib/gfileutils.c
index b91760b65147cca47f3d3541238a8653f4fe1d44..20df7373e7250e493c5fcf38665e9344f1b535d6 100644 (file)
--- a/glib/gfileutils.c
+++ b/glib/gfileutils.c
@@ -577,13 +577,28 @@ get_contents_stdio (const gchar *display_filename,
         }
 
       memcpy (str + total_bytes, buf, bytes);
+
+      if (total_bytes + bytes < total_bytes) 
+        {
+          g_set_error (error,
+                       G_FILE_ERROR,
+                       G_FILE_ERROR_FAILED,
+                       _("File \"%s\" is too large"),
+                       display_filename);
+
+          goto error;
+        }
+
       total_bytes += bytes;
     }
 
   fclose (f);
 
   if (total_allocated == 0)
-    str = g_new (gchar, 1);
+    {
+      str = g_new (gchar, 1);
+      total_bytes = 0;
+    }
 
   str[total_bytes] = '\0';