GNOME.org
 

[babl] babl: properly handle large files on 32 bit systems

commit e952b997bc3a83f11ed183b01d365f8903f61f3f
Author: Tobias Stoeckmann <tobias stoeckmann org>
Date:   Fri Oct 13 18:39:02 2017 +0200

    babl: properly handle large files on 32 bit systems
    
    If large file support is enabled on 32 bit systems, it is possible
    to trigger an out of boundary write with files larger than 2 GB.
    
    Always check if fseek and ftell are successful and if the file is
    small enough to fit into memory.
    
    Signed-off-by: Tobias Stoeckmann <tobias stoeckmann org>

 babl/babl-util.c |   12 ++++++++++--
 1 files changed, 10 insertions(+), 2 deletions(-)
---
diff --git a/babl/babl-util.c b/babl/babl-util.c
index 23c1513..60b695d 100644
--- a/babl/babl-util.c
+++ b/babl/babl-util.c
@@ -116,10 +116,18 @@ _babl_file_get_contents (const char  *path,
   if (!file)
     return -1;
 
-  fseek (file, 0, SEEK_END);
-  size = ftell (file);
+  if (fseek (file, 0, SEEK_END) == -1 || (size = ftell (file)) == -1)
+    {
+      fclose (file);
+      return -1;
+    }
   if (length) *length = size;
   rewind (file);
+  if ((size_t) size > SIZE_MAX - 8)
+    {
+      fclose (file);
+      return -1;
+    }
   buffer = calloc(size + 8, 1);
 
   if (!buffer)
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]