Backport !3061 “gvariant-parser: Speed up maybe_wrapper() by an order of magnitude” to glib-2-74 (!3063) · Merge requests · GNOME / GLib

Philip Withnall requested to merge pwithnall/glib:backport-3061-variant-maybe-wrapper-speedup-glib-2-74 into glib-2-74 Nov 08, 2022

This further helps with the potential denial of service problem in issue #2782 (closed) / oss-fuzz#49462 / oss-fuzz#20177.

Instead of allocating a new GVariant for each nesting level of maybe-types, allocate a single GVariant and give it the fully-nested maybe type as its type. This has to be done in serialised form.

This prevents attackers from triggering O(size of container × typedecl depth) allocations.

This is a follow up to commit 3e313438, and includes a test.

Signed-off-by: Philip Withnall pwithnall@endlessos.org Fixes: #2782 (closed) oss-fuzz#20177 oss-fuzz#49462

Trivial backport of !3061 (merged) to glib-2-74.

Backport !3061 “gvariant-parser: Speed up maybe_wrapper() by an order of magnitude” to glib-2-74

Merge request reports