gstrfuncs: Add g_memdup2() function

This will replace the existing `g_memdup()` function, which has an unavoidable security flaw of taking its `byte_size` argument as a `guint` rather than as a `gsize`. Most callers will expect it to be a `gsize`, and may pass in large values which could silently be truncated, resulting in an undersize allocation compared to what the caller expects. This could lead to a classic buffer overflow vulnerability for many callers of `g_memdup()`. `g_memdup2()`, in comparison, takes its `byte_size` as a `gsize`. Spotted by Kevin Backhouse of GHSL. Signed-off-by: Philip Withnall <pwithnall@endlessos.org> Helps: GHSL-2021-045 Helps: #2319
author: Philip Withnall <pwithnall@endlessos.org> 2021-02-04 13:30:52 +0000
committer: Philip Withnall <pwithnall@endlessos.org> 2021-02-04 14:13:03 +0000
commit: f8cf0b8672209e0b829542e194e302f1de169929 (patch)
tree: 638f0e4bc5ce8111818735d6d1f13de50123e181 /docs/reference/glib/glib-sections.txt
parent: 8385664f47dc7b1dea207989ce0065e48c559fe7 (diff)
download: glib-f8cf0b8672209e0b829542e194e302f1de169929.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/docs/reference/glib/glib-sections.txt b/docs/reference/glib/glib-sections.txt
index d0121801a..2e219cf0c 100644
--- a/docs/reference/glib/glib-sections.txt
+++ b/docs/reference/glib/glib-sections.txt
@@ -1341,6 +1341,7 @@ g_newa
 <SUBSECTION>
 g_memmove
 g_memdup
+g_memdup2
 
 <SUBSECTION>
 GMemVTable
author	Philip Withnall <pwithnall@endlessos.org>	2021-02-04 13:30:52 +0000
committer	Philip Withnall <pwithnall@endlessos.org>	2021-02-04 14:13:03 +0000
commit	f8cf0b8672209e0b829542e194e302f1de169929 (patch)
tree	638f0e4bc5ce8111818735d6d1f13de50123e181 /docs/reference/glib/glib-sections.txt
parent	8385664f47dc7b1dea207989ce0065e48c559fe7 (diff)
download	glib-f8cf0b8672209e0b829542e194e302f1de169929.tar.gz