gstrfuncs: Deprecate g_memdup() in favour of g_memdup2()
Unfortunately, g_memdup()
accepts its size argument as a guint
,
unlike most other functions which deal with memory sizes — they all use
gsize
. gsize
is 64 bits on 64-bit machines, while guint
is only 32
bits. This can lead to a silent (with default compiler warnings)
truncation of the value provided by the caller. For large values, this
will result in the returned heap allocation being significantly smaller
than the caller expects, which will then lead to buffer overflow
reads/writes.
Any code using g_memdup()
should immediately port to g_memdup2()
and
check the pointer arithmetic around their call site to ensure there
aren’t other overflows.
Signed-off-by: Philip Withnall pwithnall@endlessos.org Fixes: #2319 (closed)
Edited by Philip Withnall