From 0cbad673215ec8a049b7fe2ff44b0beed31b376e Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 16:12:24 +0000
Subject: [PATCH 05/11] gwinhttpfile: Avoid arithmetic overflow when
 calculating a size
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The members of `URL_COMPONENTS` (`winhttp_file->url`) are `DWORD`s, i.e.
32-bit unsigned integers. Adding to and multiplying them may cause them
to overflow the unsigned integer bounds, even if the result is passed to
`g_memdup2()` which accepts a `gsize`.

Cast the `URL_COMPONENTS` members to `gsize` first to ensure that the
arithmetic is done in terms of `gsize`s rather than unsigned integers.

Spotted by Sebastian Dröge.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
 gio/win32/gwinhttpfile.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/gio/win32/gwinhttpfile.c b/gio/win32/gwinhttpfile.c
index 040ee8564..246ec0578 100644
--- a/gio/win32/gwinhttpfile.c
+++ b/gio/win32/gwinhttpfile.c
@@ -394,10 +394,</td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=0236b036a4c08d64e04e5143c545dabb38f9689d'>refs</a><a href='/guix/log/gnu/build/shepherd.scm'>log</a><a href='/guix/tree/gnu/build/shepherd.scm?id=0236b036a4c08d64e04e5143c545dabb38f9689d'>tree</a><a href='/guix/commit/gnu/build/shepherd.scm?id=0236b036a4c08d64e04e5143c545dabb38f9689d'>commit</a><a class='active' href='/guix/diff/gnu/build/shepherd.scm?id=0236b036a4c08d64e04e5143c545dabb38f9689d&amp;id2=6ca41feda895cfed4f43d93face37f2eeee0db40'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/build/shepherd.scm'>
<input type='hidden' name='id' value='0236b036a4c08d64e04e5143c545dabb38f9689d'/><input type='hidden' name='id2' value='6ca41feda895cfed4f43d93face37f2eeee0db40'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/diff/?id=0236b036a4c08d64e04e5143c545dabb38f9689d&amp;id2=6ca41feda895cfed4f43d93face37f2eeee0db40'>root</a>/<a href='/guix/diff/gnu?id=0236b036a4c08d64e04e5143c545dabb38f9689d&amp;id2=6ca41feda895cfed4f43d93face37f2eeee0db40'>gnu</a>/<a href='/guix/diff/gnu/build?id=0236b036a4c08d64e04e5143c545dabb38f9689d&amp;id2=6ca41feda895cfed4f43d93face37f2eeee0db40'>build</a>/<a href='/guix/diff/gnu/build/shepherd.scm?id=0236b036a4c08d64e04e5143c545dabb38f9689d&amp;id2=6ca41feda895cfed4f43d93face37f2eeee0db40'>shepherd.scm</a></div><div class='content'><div class='cgit-panel'><b>diff options</b><form method='get'><input type='hidden' name='id' value='0236b036a4c08d64e04e5143c545dabb38f9689d'/><input type='hidden' name='id2' value='6ca41feda895cfed4f43d93face37f2eeee0db40'/><table><tr><td colspan='2'/></tr><tr><td class='label'>context:</td><td class='ctrl'><select name='context' onchange='this.form.submit();'><option value='1'>1</option><option value='2'>2</option><option value='3' selected='selected'>3</option><option value='4'>4</option><option value='5'>5</option><option value='6'>6</option><option value='7'>7</option><option value='8'>8</option><option value='9'>9</option><option value='10'>10</option><option value='15'>15</option><option value='20'>20</option><option value='25'>25</option><option value='30'>30</option><option value='35'>35</option><option value='40'>40</option></select></td></tr><tr><td class='label'>space:</td><td class='ctrl'><select name='ignorews' onchange='this.form.submit();'><option value='0' selected='selected'>include</option><option value='1'>ignore</option></select></td></tr><tr><td class='label'>mode:</td><td class='ctrl'><select name='dt' onchange='this.form.submit();'><option value='0' selected='selected'>unified</option><option value='1'>ssdiff</option><option value='2'>stat only</option></select></td></tr><tr><td/><td class='ctrl'><noscript><input type='submit' value='reload'/></noscript></td></tr></table></form></div><div class='diffstat-header'><a href='/guix/diff/?id=0236b036a4c08d64e04e5143c545dabb38f9689d&amp;id2=6ca41feda895cfed4f43d93face37f2eeee0db40'>Diffstat</a> (limited to 'gnu/build/shepherd.scm')</div><table summary='diffstat' class='diffstat'></table><div class='diffstat-summary'>0 files changed, 0 insertions, 0 deletions</div><table summary='diff' class='diff'><tr><td></td></tr></table></div> <!-- class=content -->
                         <div class=footer>generated by
                             <a href="https://git.zx2c4.com/cgit/about/">
                                 cgit
                             </a>
                         </div>
                        </div> <!-- id=cgit -->
</body>
</html>