gvariant-parser: Speed up maybe_wrapper() by an order of magnitude (!3061) · Merge requests · GNOME / GLib

Philip Withnall requested to merge pwithnall/glib:2782-variant-maybe-wrapper-speedup into main Nov 07, 2022

This further helps with the potential denial of service problem in issue #2782 (closed) / oss-fuzz#49462 / oss-fuzz#20177.

Instead of allocating a new GVariant for each nesting level of maybe-types, allocate a single GVariant and give it the fully-nested maybe type as its type.

This prevents attackers from triggering O(size of container × typedecl depth) allocations.

This is a follow up to commit 3e313438.

Signed-off-by: Philip Withnall pwithnall@endlessos.org Fixes: #2782 (closed) oss-fuzz#20177 oss-fuzz#49462

Closes #2782 (closed)

gvariant-parser: Speed up maybe_wrapper() by an order of magnitude

Merge request reports