babl: properly handle large files on 32 bit systems

If large file support is enabled on 32 bit systems, it is possible
to trigger an out of boundary write with files larger than 2 GB.

Always check if fseek and ftell are successful and if the file is
small enough to fit into memory.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

diff --git a/babl/babl-util.c b/babl/babl-util.c
index 23c1513f9760eaf76113944a46609cffe35d50de..60b695df1f90f189763bfc4e7b924763c688f7ec 100644 (file)
--- a/babl/babl-util.c
+++ b/babl/babl-util.c
@@ -116,10 +116,18 @@ _babl_file_get_contents (const char  *path,
   if (!file)
     return -1;
 
-  fseek (file, 0, SEEK_END);
-  size = ftell (file);
+  if (fseek (file, 0, SEEK_END) == -1 || (size = ftell (file)) == -1)
+    {
+      fclose (file);
+      return -1;
+    }
   if (length) *length = size;
   rewind (file);
+  if ((size_t) size > SIZE_MAX - 8)
+    {
+      fclose (file);
+      return -1;
+    }
   buffer = calloc(size + 8, 1);
 
   if (!buffer)