Fix memory allocation issues in pasteboard get_types()

WebPlatformForEmbedded / libwpe

General-purpose library specifically developed for the WPE-flavored port of WebKit.

BSD 2-Clause "Simplified" License

49 stars 36 forks source link

Fix memory allocation issues in pasteboard get_types() #113

Closed mcatanzaro closed 2 years ago

mcatanzaro commented 2 years ago

The get_types() implementation has two flaws. First, the use of calloc() is vulnerable to overflow if length is huge. Second, we attempt to zero the allocation, but only zero the first element by mistake.

These issues were found by the Ubuntu Security Team. Thank you!

aperezdc commented 2 years ago

Merged in the libwpe-1.12 branch as commit c42ffffc76001c4d31f4647bbb659d8b24a91b91