From 736795df19ee72ba521ac538f72ceffd57e5ac10 Mon Sep 17 00:00:00 2001
From: Przemyslaw Gorszkowski <pgorszkowski@igalia.com>
Date: Mon, 16 Dec 2024 12:19:51 +0100
Subject: [PATCH] Secure parsing of WEBKIT_WPE_BMALLOC_MICROSECONDS_SLEEP env
 var

---
 Source/bmalloc/bmalloc/Mutex.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Source/bmalloc/bmalloc/Mutex.cpp b/Source/bmalloc/bmalloc/Mutex.cpp
index 82d4ac9e4d16..639991c0fa98 100644
--- a/Source/bmalloc/bmalloc/Mutex.cpp
+++ b/Source/bmalloc/bmalloc/Mutex.cpp
@@ -31,6 +31,7 @@
 #include <mach/mach_traps.h>
 #include <mach/thread_switch.h>
 #endif
+#include <cstring>
 #include <thread>
 #include <unistd.h>
 
@@ -46,7 +47,8 @@ static inline void yield()
     static std::once_flag onceFlag;
     std::call_once(onceFlag, [] {
         const char* env = getenv("WEBKIT_WPE_BMALLOC_MICROSECONDS_SLEEP");
-        if (env) {
+        const auto envLen = strlen(env);
+        if (env && envLen <= 5 && env[envLen] == '\0') {
             int value;
             if (sscanf(env, "%d", &value) == 1 && value > 0)
                 bmallocMicrosecondsSleep = value;