From 4387ec70a79c62e29f0b8055f08de7bfb2799f8a Mon Sep 17 00:00:00 2001
From: compile_success <980965867@qq.com>
Date: Sat, 27 Feb 2021 15:07:25 +0800
Subject: [PATCH] fix CVE-2020-35457

---
 backport-CVE-2020-35457.patch | 36 +++++++++++++++++++++++++++++++++++
 glib2.spec                    |  9 ++++++++-
 2 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2020-35457.patch

diff --git a/backport-CVE-2020-35457.patch b/backport-CVE-2020-35457.patch
new file mode 100644
index 0000000..66b1b28
--- /dev/null
+++ b/backport-CVE-2020-35457.patch
@@ -0,0 +1,36 @@
+From 63c5b62f0a984fac9a9700b12f54fe878e016a5d Mon Sep 17 00:00:00 2001
+From: Philip Withnall <withnall@endlessm.com>
+Date: Wed, 2 Sep 2020 12:38:09 +0100
+Subject: [PATCH] goption: Add a precondition to avoid GOptionEntry list
+ overflow
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+reason:Add a precondition to avoid GOptionEntry list overflow
+Conflict:NA
+Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d
+
+Signed-off-by: Philip Withnall <withnall@endlessm.com>
+
+Fixes: #2197
+---
+ glib/goption.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/glib/goption.c b/glib/goption.c
+index 9f5b977c4..bb9093a33 100644
+--- a/glib/goption.c
++++ b/glib/goption.c
+@@ -2422,6 +2422,8 @@ g_option_group_add_entries (GOptionGroup       *group,
+ 
+   for (n_entries = 0; entries[n_entries].long_name != NULL; n_entries++) ;
+ 
++  g_return_if_fail (n_entries <= G_MAXSIZE - group->n_entries);
++
+   group->entries = g_renew (GOptionEntry, group->entries, group->n_entries + n_entries);
+ 
+   /* group->entries could be NULL in the trivial case where we add no
+-- 
+GitLab
+
diff --git a/glib2.spec b/glib2.spec
index 0e8eb53..728a1c1 100644
--- a/glib2.spec
+++ b/glib2.spec
@@ -1,12 +1,13 @@
 Name:           glib2
 Version:        2.62.5
-Release:        1
+Release:        2
 Summary:        The core library that forms the basis for projects such as GTK+ and GNOME
 License:        LGPLv2+
 URL:            http://www.gtk.org
 Source0:        http://download.gnome.org/sources/glib/2.62/glib-%{version}.tar.xz
 
 Patch9001:      fix-accidentally-delete-temp-file-within-dtrace.patch
+Patch6000:      backport-CVE-2020-35457.patch
 
 BuildRequires:  chrpath gcc gcc-c++ gettext gtk-doc perl-interpreter
 BUildRequires:  glibc-devel libattr-devel libselinux-devel meson
@@ -143,6 +144,12 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
 %doc %{_datadir}/gtk-doc/html/*
 
 %changelog
+* Sat Feb 27 2021 zhujunhao<zhujunhao8@huawei.com> - 2.62.5-3
+- Type:cve
+- Id:CVE-2020-35457
+- SUG:NA
+- DESC:fix CVE-2020-35457
+
 * Thu Apr 16 2020 hexiujun<hexiujun1@huawei.com> - 2.62.5-1
 - Update to 2.62.5
 
-- 
Gitee