-
Miloslav Trmač authored
This usage is clearly errorneous, so we should tell the users they are making a mistake. Besides, this allows an attacker to cause a high number of heap allocations with attacker-controlled sizes ( http://googleprojectzero.blogspot.cz/2014/08/the-poisoned-nul-byte-2014-edition.html ), making some exploits easier. (To be clear, this is not a pkexec vulnerability, and we will not refuse attacker-affected malloc() usage as a matter of policy; but this commit is both user-friendly and adding some hardening.) https://bugs.freedesktop.org/show_bug.cgi?id=83093
6c992bc8