diff --git a/backport-CVE-2025-4056.patch b/backport-CVE-2025-4056.patch
new file mode 100644
index 0000000000000000000000000000000000000000..3459a0332764480d631ad343363a270b0d1955f0
--- /dev/null
+++ b/backport-CVE-2025-4056.patch
@@ -0,0 +1,49 @@
+From 3d9cc103308bc50938b65acb9814850208133112 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Sun, 30 Mar 2025 21:49:05 +0100
+Subject: [PATCH] gspawn-win32: Fix potential integer overflows in argv
+ handling
+
+This can happen if a user passes a ludicrously long string to argv.
+
+Spotted by chamalsl as #YWH-PGM9867-48.
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+---
+ glib/gspawn-win32-helper.c | 4 ++--
+ glib/gspawn-win32.c        | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/glib/gspawn-win32-helper.c b/glib/gspawn-win32-helper.c
+index 35b25905cb..0dc56c0eec 100644
+--- a/glib/gspawn-win32-helper.c
++++ b/glib/gspawn-win32-helper.c
+@@ -80,8 +80,8 @@ protect_wargv (gint       argc,
+     {
+       wchar_t *p = wargv[i];
+       wchar_t *q;
+-      gint len = 0;
+-      gint pre_bslash = 0;
++      size_t len = 0;
++      size_t pre_bslash = 0;
+       gboolean need_dblquotes = FALSE;
+       while (*p)
+ 	{
+diff --git a/glib/gspawn-win32.c b/glib/gspawn-win32.c
+index 96b8bafee6..3a9a308680 100644
+--- a/glib/gspawn-win32.c
++++ b/glib/gspawn-win32.c
+@@ -253,8 +253,8 @@ protect_argv_string (const gchar *string)
+ {
+   const gchar *p = string;
+   gchar *retval, *q;
+-  gint len = 0;
+-  gint pre_bslash = 0;
++  size_t len = 0;
++  size_t pre_bslash = 0;
+   gboolean need_dblquotes = FALSE;
+   while (*p)
+     {
+-- 
+GitLab
+
diff --git a/glib2.spec b/glib2.spec
index 1a6f9e2e6538c6714388c07e380aa5d6f43a49ef..270f2cfbd78862325d2e63dd2e06df60470b8ce8 100644
--- a/glib2.spec
+++ b/glib2.spec
@@ -1,6 +1,6 @@
 Name:           glib2
 Version:        2.78.3
-Release:        6
+Release:        7
 Summary:        The core library that forms the basis for projects such as GTK+ and GNOME
 License:        LGPLv2+
 URL:            https://www.gtk.org
@@ -19,6 +19,7 @@ Patch6005:  backport-gcontextspecificgroup-Wait-until-stop_func-is-done.patch
 Patch6006:  backport-gresources-fix-memory-leak-from-libelf.patch
 Patch6007:  Correct-translation-information.patch
 Patch6008:  backport-CVE-2024-52533.patch
+patch6009:  backport-CVE-2025-4056.patch
 
 BuildRequires:  chrpath gcc gcc-c++ gettext perl-interpreter
 BUildRequires:  glibc-devel libattr-devel libselinux-devel meson
@@ -203,6 +204,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
 %endif
 
 %changelog
+* Wed May 7 2025 hanhuihui <hanhuihui5@huawei.com> - 2.78.3-7
+- fix CVE-2025-4056
+
 * Tue Nov 12 2024 liningjie <liningjie@xfusion.com> - 2.78.3-6
 - Fix CVE-2024-52533