-
Convert all the call sites which use `g_memdup()`’s length argument trivially (for example, by passing a `sizeof()` or an existing `gsize` variable), so that they use `g_memdup2()` instead. In almost all of these cases the use of `g_memdup()` would not have caused problems, but it will soon be deprecated, so best port away from it In particular, this fixes an overflow within `g_bytes_new()`, identified as GHSL-2021-045 (aka CVE-2021-27219) by GHSL team member Kevin Backhouse. Adapted for GLib 2.58 by Simon McVittie. Signed-off-by: Philip Withnall <pwithnall@endlessos.org> Fixes: CVE-2021-27219 Fixes: GHSL-2021-045 Helps: #2319 (cherry picked from commit 0736b7c1 ) [Backport to 2.58: Omit changes to ghash.c, will be a separate commit] [Backport to 2.58: Omit changes to giochannel.c, not needed in this branch] [Backport to 2.58: Omit changes to uri test, not needed in this branch] Signed-off-by: Simon McVittie <smcv@collabora.com>
0ace82d7