wok-current annotate glib/stuff/glib-CVE-2008-4316.diff @ rev 3006

Add libdrm (Direct rendering)
author Christophe Lincoln <pankso@slitaz.org>
date Mon May 11 22:18:57 2009 +0200 (2009-05-11)
parents
children
rev   line source
pankso@2589 1 --- glib/gbase64.c 2009/02/23 04:30:06 7897
pankso@2589 2 +++ glib/gbase64.c 2009/03/12 13:30:55 7973
pankso@2589 3 @@ -54,8 +54,9 @@
pankso@2589 4 *
pankso@2589 5 * The output buffer must be large enough to fit all the data that will
pankso@2589 6 * be written to it. Due to the way base64 encodes you will need
pankso@2589 7 - * at least: @len * 4 / 3 + 6 bytes. If you enable line-breaking you will
pankso@2589 8 - * need at least: @len * 4 / 3 + @len * 4 / (3 * 72) + 7 bytes.
pankso@2589 9 + * at least: (@len / 3 + 1) * 4 + 4 bytes (+ 4 may be needed in case of
pankso@2589 10 + * non-zero state). If you enable line-breaking you will need at least:
pankso@2589 11 + * ((@len / 3 + 1) * 4 + 4) / 72 + 1 bytes of extra space.
pankso@2589 12 *
pankso@2589 13 * @break_lines is typically used when putting base64-encoded data in emails.
pankso@2589 14 * It breaks the lines at 72 columns instead of putting all of the text on
pankso@2589 15 @@ -233,8 +234,14 @@
pankso@2589 16 g_return_val_if_fail (data != NULL, NULL);
pankso@2589 17 g_return_val_if_fail (len > 0, NULL);
pankso@2589 18
pankso@2589 19 - /* We can use a smaller limit here, since we know the saved state is 0 */
pankso@2589 20 - out = g_malloc (len * 4 / 3 + 4);
pankso@2589 21 + /* We can use a smaller limit here, since we know the saved state is 0,
pankso@2589 22 + +1 is needed for trailing \0, also check for unlikely integer overflow */
pankso@2589 23 + if (len >= ((G_MAXSIZE - 1) / 4 - 1) * 3)
pankso@2589 24 + g_error("%s: input too large for Base64 encoding (%"G_GSIZE_FORMAT" chars)",
pankso@2589 25 + G_STRLOC, len);
pankso@2589 26 +
pankso@2589 27 + out = g_malloc ((len / 3 + 1) * 4 + 1);
pankso@2589 28 +
pankso@2589 29 outlen = g_base64_encode_step (data, len, FALSE, out, &state, &save);
pankso@2589 30 outlen += g_base64_encode_close (FALSE, out + outlen, &state, &save);
pankso@2589 31 out[outlen] = '\0';
pankso@2589 32 @@ -275,7 +282,8 @@
pankso@2589 33 *
pankso@2589 34 * The output buffer must be large enough to fit all the data that will
pankso@2589 35 * be written to it. Since base64 encodes 3 bytes in 4 chars you need
pankso@2589 36 - * at least: @len * 3 / 4 bytes.
pankso@2589 37 + * at least: (@len / 4) * 3 + 3 bytes (+ 3 may be needed in case of non-zero
pankso@2589 38 + * state).
pankso@2589 39 *
pankso@2589 40 * Return value: The number of bytes of output that was written
pankso@2589 41 *
pankso@2589 42 @@ -358,7 +366,8 @@
pankso@2589 43 gsize *out_len)
pankso@2589 44 {
pankso@2589 45 guchar *ret;
pankso@2589 46 - gint input_length, state = 0;
pankso@2589 47 + gsize input_length;
pankso@2589 48 + gint state = 0;
pankso@2589 49 guint save = 0;
pankso@2589 50
pankso@2589 51 g_return_val_if_fail (text != NULL, NULL);
pankso@2589 52 @@ -368,7 +377,9 @@
pankso@2589 53
pankso@2589 54 g_return_val_if_fail (input_length > 1, NULL);
pankso@2589 55
pankso@2589 56 - ret = g_malloc0 (input_length * 3 / 4);
pankso@2589 57 + /* We can use a smaller limit here, since we know the saved state is 0,
pankso@2589 58 + +1 used to avoid calling g_malloc0(0), and hence retruning NULL */
pankso@2589 59 + ret = g_malloc0 ((input_length / 4) * 3 + 1);
pankso@2589 60
pankso@2589 61 *out_len = g_base64_decode_step (text, input_length, ret, &state, &save);
pankso@2589 62