diff --git a/backport-CVE-2025-4056.patch b/backport-CVE-2025-4056.patch
new file mode 100644
index 0000000000000000000000000000000000000000..3459a0332764480d631ad343363a270b0d1955f0
--- /dev/null
+++ b/backport-CVE-2025-4056.patch
@@ -0,0 +1,49 @@
+From 3d9cc103308bc50938b65acb9814850208133112 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Sun, 30 Mar 2025 21:49:05 +0100
+Subject: [PATCH] gspawn-win32: Fix potential integer overflows in argv
+ handling
+
+This can happen if a user passes a ludicrously long string to argv.
+
+Spotted by chamalsl as #YWH-PGM9867-48.
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+---
+ glib/gspawn-win32-helper.c | 4 ++--
+ glib/gspawn-win32.c        | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/glib/gspawn-win32-helper.c b/glib/gspawn-win32-helper.c
+index 35b25905cb..0dc56c0eec 100644
+--- a/glib/gspawn-win32-helper.c
++++ b/glib/gspawn-win32-helper.c
+@@ -80,8 +80,8 @@ protect_wargv (gint       argc,
+     {
+       wchar_t *p = wargv[i];
+       wchar_t *q;
+-      gint len = 0;
+-      gint pre_bslash = 0;
++      size_t len = 0;
++      size_t pre_bslash = 0;
+       gboolean need_dblquotes = FALSE;
+       while (*p)
+ 	{
+diff --git a/glib/gspawn-win32.c b/glib/gspawn-win32.c
+index 96b8bafee6..3a9a308680 100644
+--- a/glib/gspawn-win32.c
++++ b/glib/gspawn-win32.c
+@@ -253,8 +253,8 @@ protect_argv_string (const gchar *string)
+ {
+   const gchar *p = string;
+   gchar *retval, *q;
+-  gint len = 0;
+-  gint pre_bslash = 0;
++  size_t len = 0;
++  size_t pre_bslash = 0;
+   gboolean need_dblquotes = FALSE;
+   while (*p)
+     {
+-- 
+GitLab
+
diff --git a/glib2.spec b/glib2.spec
index 7df8dece3cbda2f5c85e1b3a3b9687f98e9138f4..98a00ac00081e0ed6f764893b3a582dc96d86576 100644
--- a/glib2.spec
+++ b/glib2.spec
@@ -1,6 +1,6 @@
 Name:           glib2
 Version:        2.72.2
-Release:        19
+Release:        20
 Summary:        The core library that forms the basis for projects such as GTK+ and GNOME
 License:        LGPLv2+
 URL:            http://www.gtk.org
@@ -89,6 +89,7 @@ patch6075:      backport-gcontextspecificgroup-Wait-until-stop_func-is-done.patc
 patch6076:      backport-gsocketclient-Fix-a-use-after-free-in-g_socket_client_connected_callback.patch
 patch6077:      backport-gdbusmessage-Clean-the-cached-arg0-when-setting-the-message-body.patch
 patch6078:      backport-CVE-2024-52533.patch
+patch6079:      backport-CVE-2025-4056.patch
 
 BuildRequires:  chrpath gcc gcc-c++ gettext perl-interpreter
 BUildRequires:  glibc-devel libattr-devel libselinux-devel meson
@@ -275,6 +276,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
 %endif
 
 %changelog
+* Wed May 7 2025 hanhuihui <hanhuihui5@huawei.com> - 2.72.2-20
+- fix CVE-2025-4056
+
 * Tue Nov 12 2024 liningjie <liningjie@xfusion.com> - 2.72.2-19
 - Fix CVE-2024-52533