Port your module from g_memdup() to g_memdup2() now

Hi all,

GLib 2.67.3 will be released shortly with a new g_memdup2() API to
replace the old g_memdup() API. Please port to using g_memdup2() as
soon as possible: g_memdup() will be deprecated in GLib 2.67.4.

The old API took the size of the memory to duplicate as a guint,
whereas most memory functions take memory sizes as a gsize. This made
it easy to accidentally pass a gsize to g_memdup(). For large values,
that would lead to a silent truncation of the size from 64 to 32 bits,
and result in a heap area being returned which is significantly smaller
than what the caller expects. This can likely be exploited in various
modules to cause a heap buffer overflow.

Details here:

GLib 2.66.6 will also be released shortly, which will fix the bug
internally in GLib. It will not export g_memdup2() as a new public API
though. You’ll need to depend on GLib ≥2.67.3 for that, or copy the
`static inline` version of g_memdup2() from here:


Sorry for the short notice about this. Due to some oversights, the
vulnerability was made public today at the same time as we first heard
about it.

Thanks to Kevin Backhouse from GHSL for finding it and providing a
detailed report.


Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]