xdgmimecache not robust against corrupt cache files
@pwithnall
Submitted by Philip Withnall Link to original bug (#756100)
Description
It looks like xdgmimecache.c is not robust against corrupt cache files, which could lead to it indexing off the end of the mmap buffer and into arbitrary memory.
For example, cache_alias_lookup() reads its list_offset from the mmap buffer, then immediately uses that as an index into the buffer. If the list_offset is corrupt, the second read would be for an arbitrary location.
Along the same lines as making tzdata file handling more robust in the face of corruption (bug #756026), would it be worthwhile to make xdgmimecache more robust? If so, I can put together a patch, but I’m not going to put time into it if this is not something which people care about.
(The problems were spotted by Coverity, CIDs 1325320 onwards.)
Version: 2.41.x