Fedora Account System
Red Hat Associate
Red Hat Customer
A heap-buffer-overflow READ occurs in g_io_channel_read_line_backend() at giochannel.c:1831 when a custom line terminator of length > 1 is set via g_io_channel_set_line_term(). The memcmp call reads line_term_len bytes from nextchar, but the loop condition nextchar < lastchar only guarantees 1 byte is available. When nextchar is within line_term_len - 1 bytes of lastchar, memcmp reads past the GString buffer into ASan redzone / unallocated memory.