Protect against overly long strings

Checking against upper limit of USHRT_MAX must happen before truncating
size_t to int. On 64 bit systems with strings larger than 2 GB this
could otherwise lead to negative ints or ints smaller than USHRT_MAX.

In XParseColor this could lead to out of boundary access with strings
starting with a # (color sequence). A modulo 12 operation is performed
to validate the string length, but with an overflown length, the for
loop would eventually read behind terminating '\0' character.

Signed-off-by: Tobias Stoeckmann <>
4 jobs for strlen in 20 minutes and 33 seconds (queued for 23 minutes)
Status Job ID Name Coverage
passed check-commits #10286361


passed container-prep #10286362


passed build #10286363


failed check-merge-request #10286364
allowed to fail


Name Stage Failure
check-merge-request Deploy
  File "/usr/local/lib/python3.9/site-packages/gitlab/", line 289, in wrapped_f
raise error(e.error_message, e.response_code, e.response_body) from e
gitlab.exceptions.GitlabGetError: 404: 404 Project Not Found
Uploading artifacts for failed job
Uploading artifacts...
WARNING: results.xml: no matching files
ERROR: No files to upload
Cleaning up file based variables
ERROR: Job failed: exit code 1