diff --git a/backport-CVE-2021-27218.patch b/backport-CVE-2021-27218.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d8db9fb7100d98addee3cc857564b08166ce5da9
--- /dev/null
+++ b/backport-CVE-2021-27218.patch
@@ -0,0 +1,122 @@
+From acb7b0ec69f26a7df10af3992359890b09f076e8 Mon Sep 17 00:00:00 2001
+From: Krzesimir Nowak <qdlacz@gmail.com>
+Date: Wed, 10 Feb 2021 23:51:07 +0100
+Subject: [PATCH] gbytearray: Do not accept too large byte arrays
+
+GByteArray uses guint for storing the length of the byte array, but it
+also has a constructor (g_byte_array_new_take) that takes length as a
+gsize. gsize may be larger than guint (64 bits for gsize vs 32 bits
+for guint). It is possible to call the function with a value greater
+than G_MAXUINT, which will result in silent length truncation. This
+may happen as a result of unreffing GBytes into GByteArray, so rather
+be loud about it.
+
+(Test case tweaked by Philip Withnall.)
+Reference: https://gitlab.gnome.org/GNOME/glib/-/commit/acb7b0ec69f26a7df10af3992359890b09f076e8.patch
+---
+ glib/garray.c      |  6 ++++++
+ glib/gbytes.c      |  4 ++++
+ glib/tests/bytes.c | 34 +++++++++++++++++++++++++++++++++-
+ 3 files changed, 43 insertions(+), 1 deletion(-)
+
+diff --git a/glib/garray.c b/glib/garray.c
+index 38f64b8..d303946 100644
+--- a/glib/garray.c
++++ b/glib/garray.c
+@@ -2010,6 +2010,10 @@ g_byte_array_new (void)
+  * Create byte array containing the data. The data will be owned by the array
+  * and will be freed with g_free(), i.e. it could be allocated using g_strdup().
+  *
++ * Do not use it if @len is greater than %G_MAXUINT. #GByteArray
++ * stores the length of its data in #guint, which may be shorter than
++ * #gsize.
++ *
+  * Since: 2.32
+  *
+  * Returns: (transfer full): a new #GByteArray
+@@ -2021,6 +2025,8 @@ g_byte_array_new_take (guint8 *data,
+   GByteArray *array;
+   GRealArray *real;
+ 
++  g_return_val_if_fail (len <= G_MAXUINT, NULL);
++
+   array = g_byte_array_new ();
+   real = (GRealArray *)array;
+   g_assert (real->data == NULL);
+diff --git a/glib/gbytes.c b/glib/gbytes.c
+index 7b72886..d56abe6 100644
+--- a/glib/gbytes.c
++++ b/glib/gbytes.c
+@@ -519,6 +519,10 @@ g_bytes_unref_to_data (GBytes *bytes,
+  * g_bytes_new(), g_bytes_new_take() or g_byte_array_free_to_bytes(). In all
+  * other cases the data is copied.
+  *
++ * Do not use it if @bytes contains more than %G_MAXUINT
++ * bytes. #GByteArray stores the length of its data in #guint, which
++ * may be shorter than #gsize, that @bytes is using.
++ *
+  * Returns: (transfer full): a new mutable #GByteArray containing the same byte data
+  *
+  * Since: 2.32
+diff --git a/glib/tests/bytes.c b/glib/tests/bytes.c
+index 5ea5c2b..7a196a3 100644
+--- a/glib/tests/bytes.c
++++ b/glib/tests/bytes.c
+@@ -10,7 +10,6 @@
+  */
+ 
+ #undef G_DISABLE_ASSERT
+-#undef G_LOG_DOMAIN
+ 
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -333,6 +332,38 @@ test_to_array_transferred (void)
+   g_byte_array_unref (array);
+ }
+ 
++static void
++test_to_array_transferred_oversize (void)
++{
++  g_test_message ("g_bytes_unref_to_array() can only take GBytes up to "
++                  "G_MAXUINT in length; test that longer ones are rejected");
++
++  if (sizeof (guint) >= sizeof (gsize))
++    {
++      g_test_skip ("Skipping test as guint is not smaller than gsize");
++    }
++  else if (g_test_undefined ())
++    {
++      GByteArray *array = NULL;
++      GBytes *bytes = NULL;
++      gpointer data = g_memdup2 (NYAN, N_NYAN);
++      gsize len = ((gsize) G_MAXUINT) + 1;
++
++      bytes = g_bytes_new_take (data, len);
++      g_test_expect_message (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL,
++                             "g_byte_array_new_take: assertion 'len <= G_MAXUINT' failed");
++      array = g_bytes_unref_to_array (g_steal_pointer (&bytes));
++      g_test_assert_expected_messages ();
++      g_assert_null (array);
++
++      g_free (data);
++    }
++  else
++    {
++      g_test_skip ("Skipping test as testing undefined behaviour is disabled");
++    }
++}
++
+ static void
+ test_to_array_two_refs (void)
+ {
+@@ -408,6 +439,7 @@ main (int argc, char *argv[])
+   g_test_add_func ("/bytes/to-data/two-refs", test_to_data_two_refs);
+   g_test_add_func ("/bytes/to-data/non-malloc", test_to_data_non_malloc);
+   g_test_add_func ("/bytes/to-array/transfered", test_to_array_transferred);
++  g_test_add_func ("/bytes/to-array/transferred/oversize", test_to_array_transferred_oversize);
+   g_test_add_func ("/bytes/to-array/two-refs", test_to_array_two_refs);
+   g_test_add_func ("/bytes/to-array/non-malloc", test_to_array_non_malloc);
+   g_test_add_func ("/bytes/null", test_null);
+-- 
+2.23.0
+
diff --git a/glib2.spec b/glib2.spec
index a4ddd575ea98840b537d8ce8f3d962bea54ff1d9..ef3462fda8a8c640cca7a5528aec1232a27970ae 100644
--- a/glib2.spec
+++ b/glib2.spec
@@ -1,6 +1,6 @@
 Name:           glib2
 Version:        2.62.5
-Release:        2
+Release:        3
 Summary:        The core library that forms the basis for projects such as GTK+ and GNOME
 License:        LGPLv2+
 URL:            http://www.gtk.org
@@ -8,6 +8,7 @@ Source0:        http://download.gnome.org/sources/glib/2.62/glib-%{version}.tar.
 
 Patch9001:      fix-accidentally-delete-temp-file-within-dtrace.patch
 Patch6000:      backport-CVE-2020-35457.patch 
+Patch6001:      backport-CVE-2021-27218.patch
 
 BuildRequires:  chrpath gcc gcc-c++ gettext gtk-doc perl-interpreter
 BUildRequires:  glibc-devel libattr-devel libselinux-devel meson
@@ -144,6 +145,12 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
 %doc %{_datadir}/gtk-doc/html/*
 
 %changelog
+* Sat Feb 27 2021 wangye<wangye70@huawei.com> - 2.62.5-3
+- Type:CVE
+- Id:NA
+- SUG:NA
+- DESC:fix CVE-2021-27218
+
 * Sat Feb 27 2021 zhujunhao<zhujunhao8@huawei.com> - 2.62.5-2
 - Type:cve
 - Id:CVE-2020-35457