GNOME Bugzilla – Bug 756100
xdgmimecache not robust against corrupt cache files
Last modified: 2018-05-24 18:15:58 UTC
It looks like xdgmimecache.c is not robust against corrupt cache files, which could lead to it indexing off the end of the mmap buffer and into arbitrary memory. For example, cache_alias_lookup() reads its list_offset from the mmap buffer, then immediately uses that as an index into the buffer. If the list_offset is corrupt, the second read would be for an arbitrary location. Along the same lines as making tzdata file handling more robust in the face of corruption (bug #756026), would it be worthwhile to make xdgmimecache more robust? If so, I can put together a patch, but I’m not going to put time into it if this is not something which people care about. (The problems were spotted by Coverity, CIDs 1325320 onwards.)
I don't think a drive-by patch is very interesting. If you really wanted to make this robust, you need a comprehensive testsuite with a fuzzer setup. Not sure if that is really worth it. Not like you're downloading these cache files from untrusted sources...
(In reply to Matthias Clasen from comment #1) > I don't think a drive-by patch is very interesting. If you really wanted to > make this robust, you need a comprehensive testsuite with a fuzzer setup. > Not sure if that is really worth it. Not like you're downloading these cache > files from untrusted sources... Indeed, it would need a test suite. Not necessarily a fuzzer, but definitely a test suite. I’ll see if I can find time sometime.
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/glib/issues/1089.