Bug 573966

Summary: glib2: integer overflow safe version of g_new
Product: Red Hat Enterprise Linux 6 Reporter: Tomas Hoger <thoger>
Component: glib2Assignee: Matthias Clasen <mclasen>
Status: CLOSED CURRENTRELEASE QA Contact: desktop-bugs <desktop-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.0CC: cmeadors, vbenes
Target Milestone: rcKeywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: glib2-2.22.5-2.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-11-15 13:58:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 589990    

Description Tomas Hoger 2010-03-16 10:35:28 UTC 
Description of problem:
Include a g_new version that has checks to protect against memory allocation integer overflows.  See upstream bug for details and the patch:

  https://bugzilla.gnome.org/show_bug.cgi?id=608196
Comment 1 RHEL Program Management 2010-03-16 10:54:25 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 4 RHEL Program Management 2010-05-11 14:22:43 UTC 
Quality Engineering Management has reviewed and declined this request.  You may
appeal this decision by reopening this request.
Comment 5 Tomas Hoger 2010-05-11 14:27:56 UTC 
Incorrect flag setting, it seems.
Comment 7 Vladimir Benes 2010-09-15 12:46:15 UTC 
fix approved and tested upstream
patch included in the newest version: gmalloc-overflow.patch  [ OK ]

marking as SanityOnly
Comment 8 Vladimir Benes 2010-09-15 12:47:49 UTC 
Could you please paste here a snip of code to verify this overflow? We can then automate the check.

thanks
Comment 9 Tomas Hoger 2010-09-15 19:04:52 UTC 
Upstream commit adding overflow checks included test file.  Is it not sufficient?

  http://git.gnome.org/browse/glib/log/glib/tests/mem-overflow.c
Comment 10 releng-rhel@redhat.com 2010-11-15 13:58:20 UTC 
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.