Skip to content

gstrfuncs: Deprecate g_memdup() in favour of g_memdup2()

Philip Withnall requested to merge pwithnall/glib:2319-memdup-deprecation into master

Unfortunately, g_memdup() accepts its size argument as a guint, unlike most other functions which deal with memory sizes — they all use gsize. gsize is 64 bits on 64-bit machines, while guint is only 32 bits. This can lead to a silent (with default compiler warnings) truncation of the value provided by the caller. For large values, this will result in the returned heap allocation being significantly smaller than the caller expects, which will then lead to buffer overflow reads/writes.

Any code using g_memdup() should immediately port to g_memdup2() and check the pointer arithmetic around their call site to ensure there aren’t other overflows.

Signed-off-by: Philip Withnall Fixes: #2319 (closed)

Edited by Philip Withnall

Merge request reports