""" The sized constructors, reserve(), and rehash() methods of absl::{flat,node}_hash_{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container's backing store. Subsequent accesses to the container might then access out-of-bounds memory. The fix is in two parts: 1) Update max_size() to return the maximum number of items that can be stored in the container 2) Validate the size arguments to the constructors, reserve(), and rehash() methods, and abort the program when the argument is invalid We've looked at uses of these containers in Google codebases like Chrome, and determined this vulnerability is likely to be difficult to exploit. This is primarily because container sizes are rarely attacker-controlled. """ Fixed in: 20250127.1 Commit: https://github.com/abseil/abseil-cpp/commit/5a0e2cb5e3958dd90bb8569a2766622cb74d90c1
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=525ebf61cdd8d06f978517f222f9c22b2d2df390 commit 525ebf61cdd8d06f978517f222f9c22b2d2df390 Author: Paul Zander <negril.nx+gentoo@gmail.com> AuthorDate: 2025-04-06 18:49:39 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-04-11 09:47:05 +0000 dev-cpp/abseil-cpp: add 20250127.1 Bug: https://bugs.gentoo.org/953451 Signed-off-by: Paul Zander <negril.nx+gentoo@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> dev-cpp/abseil-cpp/Manifest | 1 + dev-cpp/abseil-cpp/abseil-cpp-20250127.1.ebuild | 103 ++++++++++++++++++++++++ 2 files changed, 104 insertions(+)
