From 285db475ecaa4d2cc39ce326b4c63aacb87ca6ad Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex@linutronix.de>
Date: Tue, 22 Aug 2023 19:57:48 +0200
Subject: [PATCH] glib/gfileutils.c: use 64 bits for value in get_tmp_file()

On 32 bit systems 'long' value will overflow in 2038 and become negative.
As it is used to index into letters array, and % operation preserves signs,
data corruption will then occur.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>

CVE: CVE-2025-7039
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/285db475ecaa4d2cc39ce326b4c63aacb87ca6ad]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 glib/gfileutils.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/glib/gfileutils.c b/glib/gfileutils.c
index 9646c696e..bd3cc179a 100644
--- a/glib/gfileutils.c
+++ b/glib/gfileutils.c
@@ -1475,7 +1475,7 @@ get_tmp_file (gchar            *tmpl,
   static const char letters[] =
     "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
   static const int NLETTERS = sizeof (letters) - 1;
-  glong value;
+  gint64 value;
   gint64 now_us;
   static int counter = 0;
 
@@ -1496,7 +1496,7 @@ get_tmp_file (gchar            *tmpl,
 
   for (count = 0; count < 100; value += 7777, ++count)
     {
-      glong v = value;
+      gint64 v = value;
 
       /* Fill in the random bits.  */
       XXXXXX[0] = letters[v % NLETTERS];