From e952b997bc3a83f11ed183b01d365f8903f61f3f Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Fri, 13 Oct 2017 18:39:02 +0200
Subject: [PATCH] babl: properly handle large files on 32 bit systems

If large file support is enabled on 32 bit systems, it is possible
to trigger an out of boundary write with files larger than 2 GB.

Always check if fseek and ftell are successful and if the file is
small enough to fit into memory.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 babl/babl-util.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/babl/babl-util.c b/babl/babl-util.c
index 23c1513..60b695d 100644
--- a/babl/babl-util.c
+++ b/babl/babl-util.c
@@ -116,10 +116,18 @@ _babl_file_get_contents (const char  *path,
   if (!file)
     return -1;
 
-  fseek (file, 0, SEEK_END);
-  size = ftell (file);
+  if (fseek (file, 0, SEEK_END) == -1 || (size = ftell (file)) == -1)
+    {
+      fclose (file);
+      return -1;
+    }
   if (length) *length = size;
   rewind (file);
+  if ((size_t) size > SIZE_MAX - 8)
+    {
+      fclose (file);
+      return -1;
+    }
   buffer = calloc(size + 8, 1);
 
   if (!buffer)
-- 
2.30.2