Fix buffer read overflows in GUri (!1559) · Merge requests · GNOME / GLib

Philip Withnall requested to merge pwithnall/glib:ossfuzz-23815-23818-uri-overflows into master Jul 01, 2020

See the commit messages for details.

This is not a security issue as GUri has not been included in a stable GLib release yet. It needs to be fixed before 2.66 though.

The corresponding fix in libsoup is here: libsoup!126 (merged). It is not a security issue as the libsoup API only exposes nul-terminated strings, which prevent the read off the end of the buffer.

Spotted by oss-fuzz as oss-fuzz#23815 and oss-fuzz#23818.

Fix buffer read overflows in GUri

Merge request reports