GNOME Bugzilla – Bug 568765
maximum line length for GDataInputStream
Last modified: 2018-05-24 11:41:48 UTC
GDataInputStream should have a way to set the maximum line length for read_line (and maybe something similar for read_until). When reading from a malicious network server, the server could potentially send you a very very long line and eat up all your memory.
*** Bug 568792 has been marked as a duplicate of this bug. ***
GDataInputStream extends GBufferedInputStream, and we can set the size of a GBufferedInputStream's buffer : a sane, safe and expected behavior is that the length of a line should not be greater than the size of the buffer. Same rule could apply for GIOChannel's g_io_channel_read_line(), although it could be more useful to make the length parameter a I/O one to take the desired maximum length of the line on input, and to be updated with the effective length of the line on output. For now, these GLib/GIO *_read_line*() function are useless and dangerous for networked program and they should be advertised as such in the documentation (increasing the size of the buffer when it is full and without checking any limits is not an acceptable behavior for a public API).
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/glib/issues/188.