Commit Graph

91 Commits

Author SHA1 Message Date
Stefan Sperling
052ad6098d Fix use-after-free triggered by gnome-session-binary
ostream_flush_cb() was calling flush_data_list_complete() with a single
element list with an item that had already been freed. This was observed
on OpenBSD where memory is overwritten with 0xdf during free():

    error=0x0) at ../glib-2.58.3/gio/gdbusprivate.c:1156
1156          g_mutex_lock (&f->mutex);
(gdb) p /x *f
$74 = {mutex = {p = 0xdfdfdfdfdfdfdfdf, i = {0xdfdfdfdf, 0xdfdfdfdf}},
  cond = { p = 0xdfdfdfdfdfdfdfdf, i = {0xdfdfdfdf, 0xdfdfdfdf}},
  number_to_wait_for = 0xdfdfdfdfdfdfdfdf, error = 0x0}

This happened because the thread freeing the element didn't properly wait
for the asynchronous flush operation to finish.
Gnome's developer docs say: "g_cond_wait() must always be used in a loop"
https://developer.gnome.org/glib/stable/glib-Threads.html#g-cond-wait
2019-03-25 07:44:13 +01:00
Vasily Galkin
8c7670f0e1 gdbus, win32: autolaunch bus with gdbus.exe instead of rundll32
This is a bit of breaking change:
After this commit the apps relying of win32 dbus autolaunching,
need to install gdbus.exe alongside with libgio-2.0-0.dll.

A new command for gdbus tool is used for running server:
gdbus.exe _win32_run_session_bus

To implement it gdbus.exe uses the same exported function
g_win32_run_session_bus that earlier was used by rundll.
So (private) ABI was not changed.

It runs the bus syncronously, exiting after inactivity timeout -
all exactly like it was runed earlier with the help of rundll32.

While private exported function may have _some_
version compatibility issues between gdbus.exe and libgio-2.0-0.dll
compiling dbus server registration logic directly into gdbus.exe
can lead to _more hidden and more complex_ compatibility issues
since the names and behaviour of syncronization objects
used to publish server address would be required compatible between
gdbus.exe and libgio-2.0-0.dll.

So using "private" exported function to call
looks like more safe behaviour.

gdbus.exe binary was selected for this task since
it has corresponding name and at least for msys2 is shippied
in same package with libgio-2.0-0.dll

turn_off_the_starting_cursor function is also kept as is,
however it is not obvious if it is still needed
(by now I failed reproducing original issue).

Explicit g_warnings added to help with possible
problematic cases for absent or incompatible gdbus.exe

Mainloop is created after successful daemon creation
Before this change the function leaked mainloop on daemon creation fail
2019-03-12 21:53:29 +03:00
Vasily Galkin
4342dbbe4d gdbus, win32: move most W32 dbus autolaunch code to gdbusprivate
This allows referencig them from more than single .c file.

Implementation moved without changes
from gdbusaddress.c to gdbusprivate.c

g_win32_run_session_bus signature also kept, so ABI unchanged.
2019-03-07 15:56:44 +03:00
Christoph Reiter
067992f8de gdbus: Fix a potential use-after-free on connection close. Fixes #1686
512e9b3b34 added a call to schedule_pending_close() in the read
callback after the reference to the worker is already gone. In case this was
the last reference to the worker this resulted in a use-after-free.

6f3d57d2ee made this more likely to happen because on connection close
the worker cancel action is now async while the reference to the worker
gets dropped right away.

Move the call to schedule_pending_close() before the unref.

Fixes #1686
2019-02-14 14:19:55 +01:00
Richard Hughes
cd7bba985e gdbusproxy: Add G_DBUS_DEBUG=proxy support
(Turned into a merge request by Philip Withnall; unmodified from
original patch on https://bugzilla.gnome.org/show_bug.cgi?id=654905.)

https://gitlab.gnome.org/GNOME/glib/issues/424
2019-01-25 14:30:32 +00:00
Philip Withnall
9b4c50f63d all: Remove trailing newlines from g_message()/g_warning()/g_error()s
All those logging functions already add a newline to any message they
print, so there’s no need to add a trailing newline in the message
passed to them.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Reviewed-by: nobody
2018-04-27 16:46:19 +01:00
Руслан Ижбулатов
aab83f7475 gdbus: make hexencode() a shared function to avoid duplication
https://bugzilla.gnome.org/show_bug.cgi?id=794170
2018-03-13 12:09:01 +00:00
Sébastien Wilmet
3bf4a720c3 gio/: LGPLv2+ -> LGPLv2.1+
Sub-directories inside gio/ already processed in a previous commit:
- fam/
- gdbus-2.0/ (which contains only codegen/)
- gvdb/
- inotify/
- tests/
- win32/
- xdgmime/

Other sub-directories inside gio/:
- completion/: no license headers
- kqueue/: not LGPL, BSD-style license

https://bugzilla.gnome.org/show_bug.cgi?id=776504
2017-05-29 19:53:34 +02:00
Chun-wei Fan
7f41633efd gio/gdbusprivate.c: Include missed headers
This ensures the needed GTYPE_*'s can be found during the build
2017-05-27 00:23:54 +08:00
Colin Walters
a0ed9bc8d6 gdbus: Init more types to work around gtype thread issue
See https://bugzilla.gnome.org/show_bug.cgi?id=674885#c85

In this pass I also went through and added more types from GDBusConnection.
2017-05-22 09:20:45 -04:00
Colin Walters
ff7f32f643 gdbusprivate: Include a few headers to fix win32 build
Followup to previous commit.

See: https://bugzilla.gnome.org/show_bug.cgi?id=674885
2017-03-27 14:46:06 -04:00
Colin Walters
5b4b827e99 gdbus: Initialize types earlier to break proxy <-> connection deadlock
This will help us break generic GType deadlocks between people using
GDBus in different threads (which is supported), not just by GType
usage in the GDBus thread.

This should fix the common cases we're seeing in the wild, although I
have some lingering concerns that if someone e.g. referenced
e.g. `G_TYPE_DBUS_AUTH_MECHANISM_SHA1` etc. we'd need to add those
too.

https://bugzilla.gnome.org/show_bug.cgi?id=674885
2017-03-27 09:42:47 -04:00
Fabrice Bellet
c457ec053d gdbus: make sure to stay locked when sending message
This patch fixes a case where schedule_writing_unlocked() was called
without holding the write lock. The bug was introduced in commit
512e9b3b.

https://bugzilla.gnome.org/show_bug.cgi?id=778002
2017-02-05 14:20:06 +01:00
Christian Hergert
18a33f72db introspection: use (nullable) or (optional) instead of (allow-none)
If we have an input parameter (or return value) we need to use (nullable).
However, if it is an (inout) or (out) parameter, (optional) is sufficient.

It looks like (nullable) could be used for everything according to the
Annotation documentation, but (optional) is more specific.
2016-11-22 14:14:37 -08:00
Philip Withnall
3613b7a366 gio: Add source tags to various GTasks constructed in GLib
This makes them easier to identify when debugging and profiling.

This patch was somewhat less than interesting to write.

https://bugzilla.gnome.org/show_bug.cgi?id=767765
2016-06-29 15:16:52 +01:00
Dan Winship
f10b6550ff gio: (belatedly) port gdbus from GSimpleAsyncResult to GTask
https://bugzilla.gnome.org/show_bug.cgi?id=661767
2015-04-04 10:16:45 -04:00
Ryan Lortie
eff505ed3c docs: more cleanups for GIO 2015-03-12 16:43:02 -04:00
Marc-André Lureau
512e9b3b34 gdbus: delay closing stream after read finish
Closing the stream on the writing side my race with a pending read. This
patch ensures that closing is delayed after reading is finished.

https://bugzilla.gnome.org/show_bug.cgi?id=743990
2015-02-17 16:16:52 -05:00
Rico Tzschichholz
e0e52b60ea docs: Fix broken gtk-doc formatting 2014-08-18 14:08:41 +02:00
Bastien Nocera
8792609e15 gio: Add names to idles and timeouts
This isn't too useful for some of the "return result in idle"
functions, but it's better than nothing.

https://bugzilla.gnome.org/show_bug.cgi?id=726872
2014-03-27 12:53:00 +01:00
Daniel Mustieles
078dbda148 Updated FSF's address 2014-01-31 14:31:55 +01:00
Dan Winship
158dde0507 Replace #ifdef HAVE_UNISTD_H checks with #ifdef G_OS_UNIX
In Windows development environments that have it, <unistd.h> is mostly
just a wrapper around several other native headers (in particular,
<io.h>, which contains read(), close(), etc, and <process.h>, which
contains getpid()). But given that some Windows dev environments don't
have <unistd.h>, everything that uses those functions on Windows
already needed to include the correct Windows header as well, and so
there is never any point to including <unistd.h> on Windows.

Also, remove some <unistd.h> includes (and a few others) that were
unnecessary even on unix.

https://bugzilla.gnome.org/show_bug.cgi?id=710519
2013-11-20 09:25:39 -05:00
Jan Schmidt
0167c3340d gio: Fix -Werror format string errors from mismatched ints. 2013-09-27 10:52:50 +10:00
Colin Walters
f398bec5bc Add g_close(), use it
There are two benefits to this:

1) We can centralize any operating system specific knowledge of
   close-vs-EINTR handling.  For example, while on Linux we should never
   retry, if someone cared enough later about HP-UX, they could come by
   and change this one spot.
2) For places that do care about the return value and want to provide
   the caller with a GError, this function makes it convenient to do so.

Note that gspawn.c had an incorrect EINTR loop-retry around close().

https://bugzilla.gnome.org/show_bug.cgi?id=682819
2013-01-29 09:46:04 -05:00
Dan Winship
f248c86b0a win32: move some code into #ifdef G_OS_UNIX
Fix various bits of code/declarations that are only used by G_OS_UNIX
but were still visible to G_OS_WIN32.

https://bugzilla.gnome.org/show_bug.cgi?id=688109
2012-11-15 14:19:05 -05:00
Paul Menzel
606aa26acf gio/*: Fix spelling of determining
$ sed -i s,determing,determining,g gio/gdrive.c
$ sed -i s,determing,determining,g gio/gdbusprivate.c

http://www.merriam-webster.com/dictionary/determining

For some reason according to `git log --follow` the whole file was created during some translation update.

    commit c45b813504
    Author: Timo Jyrinki <timo@debian.org>
    Date:   Mon Mar 12 11:02:04 2012 +0200

        Finnish translation update from http://l10n.laxstrom.name/wiki/Gnome_3.4 translation sprint
2012-11-13 13:54:40 +00:00
Matthias Clasen
e27367f341 Exterminate 'the the' 2012-08-18 23:15:58 -04:00
Alexander Larsson
5fb44f70dc win32: Implement _g_dbus_get_machine_id using machine guid
This is what libdbus uses, so we're compatible.
2012-04-20 15:02:48 +02:00
Ryan Lortie
e3c7fdd7a4 GDBus: make use of reliable async cancellation
Call g_simple_async_result_set_check_cancellable() after all
GSimpleAsyncResult creation in order to take advantage of the new
reliable cancellation feature.

The guarantee of reliable cancellation fixes a bug in dbusmenu (which
was already assuming that cancellation was reliable).  See this bug:
https://bugs.launchpad.net/ubuntu/+source/libdbusmenu/+bug/953562

https://bugzilla.gnome.org/show_bug.cgi?id=672013

Signed-off-by: David Zeuthen <davidz@redhat.com>
2012-03-15 14:01:35 -04:00
Ravi Sankar Guntur
0ed2cdb0d9 Use g_queue_free_full() convenience function.
https://bugzilla.gnome.org/show_bug.cgi?id=667331

Signed-off-by: Ravi Sankar Guntur <ravi.g@samsung.com>
2012-01-09 19:27:39 -05:00
Simon McVittie
968ef5f5ff GDBusWorker: continue_writing: initialize flush_async_data if closing
This was a regression in commit f41178c6c: flush_async_data wasn't
necessarily NULL in the "don't flush" case.

Also move initialization of these variables up so that it's
unconditional, since that's easier to verify than checking
that each branch gets it right.

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=664617
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
2011-11-23 11:20:15 +00:00
Simon McVittie
bae9928246 _g_dbus_worker_flush_sync: always flush if we need to
We didn't previously flush in a couple of cases where we should have
done:

* a write is running when flush is called: we should flush after it
  finishes

* writes have been made since the last flush, but none are pending or
  running right now: we should flush the underlying transport straight
  away

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=662395
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Cosimo Alfarano <cosimo.alfarano@collabora.co.uk>
2011-11-21 18:12:30 +00:00
Simon McVittie
f41178c6c7 GDBusWorker: move flush async op into continue_writing()
This makes it easier to schedule a flush, by putting it on the same code
path as writing and closing.

Also change message_written to expect the lock to be held, since all
that's left in that function either wants to hold the lock or doesn't
care, and it's silly to release the lock immediately before calling
message_written, which just takes it again.

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=662395
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Cosimo Alfarano <cosimo.alfarano@collabora.co.uk>
2011-11-21 18:10:11 +00:00
Simon McVittie
301332168b schedule_write_in_worker_thread: require caller to lock; rename accordingly
When we use this function to schedule a flush, it'll be called
with the lock held. Releasing and immediately re-taking the lock would
be pointless.

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=662395
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Cosimo Alfarano <cosimo.alfarano@collabora.co.uk>
2011-11-21 17:42:58 +00:00
Simon McVittie
56eb16ff50 GDBusWorker: rename some functions
maybe_write_next_message now also closes, and I'm about to make it
consider whether to flush as well, so its name is increasingly
inappropriate. Similarly, write_message_in_idle_cb is a wrapper around
it which could do any of those things.

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=662395
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Cosimo Alfarano <cosimo.alfarano@collabora.co.uk>
2011-11-21 17:40:51 +00:00
Simon McVittie
18482ab17e GDBusWorker: distinguish between 3 sorts of output that might be pending
If the user calls flush_sync() with no messages in the queue, but an
async write call pending, then we ought to flush after that async write
returns (although we don't currently do that). If it was an async close
or flush that was pending, there's no need to flush (again) afterwards.
So, we need to distinguish.

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=662395
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Cosimo Alfarano <cosimo.alfarano@collabora.co.uk>
2011-11-21 17:21:35 +00:00
Alexandre Rostovtsev
dc89b51c2d _g_dbus_get_machine_id(): check /etc/machine-id too
machine-id can be in /etc or in /var/lib/dbus.

[amended with slightly revised error handling -smcv]

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=663928
2011-11-17 23:09:50 -05:00
Simon McVittie
0f01bef4b4 GDBusWorker: tolerate read errors while closing
My previous fix for GNOME#662100 was incomplete: it seems that with some
timings, the stream can be closed with an async read in-flight. This
can make the read fail immediately with G_IO_ERROR_CLOSED instead of
becoming cancelled.

This happens reliably on an embedded device, and rarely on my laptop;
repeating the test 100 times in quick succession reliably reproduces
the bug on my laptop.

It seems as though what we really want is to ignore read errors, once
we've established that we want to close the connection anyway - this
means that after asking to close, you're immune to exit-on-close,
which seems like a good rule.

An additional subtlety is that continuing to read after we know we
want to close is still required, otherwise we'll never emit ::closed.

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=662100
Bug-NB: NB#287088
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Colin Walters <walters@verbum.org>
2011-11-11 16:05:21 +00:00
Simon McVittie
214d249f40 GDBusWorker: debug on read errors if transport debugging is enabled
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=662100
Bug-NB: NB#287088
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Colin Walters <walters@verbum.org>
2011-11-11 16:05:19 +00:00
Simon McVittie
5e0492da50 GDBusWorker: if a read was cancelled it means we closed the connection
This was a regression caused by my previous work on GDBusWorker thread-safety
(Bug #651268). The symptom is that if you disconnect a GDBusConnection
locally, the default implementation of GDBusConnection::closed
terminates your process, even though it shouldn't do that for
locally-closed connections; this is because GDBusWorker didn't think a
cancelled read was a local close.

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=662100
Bug-NB: NB#287088
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: David Zeuthen <davidz@redhat.com>
2011-10-19 10:49:56 +01:00
Ryan Lortie
430c5635f2 g_thread_new: never fail
Remove the GError argument from g_thread_new() and abort on failure.
Introduce g_thread_try() for those who want to handle failure.
2011-10-13 01:00:57 -04:00
Ryan Lortie
015f4b4513 thread: nuke the concept of 'joinable'
And remove the 'joinable' argument from g_thread_new() and
g_thread_new_full().

Change the wording in the docs.  Clarify expectations for
(deprecated) g_thread_create().
2011-10-13 00:43:33 -04:00
Ryan Lortie
26a6b3c6ff gdbusprivate: fix a missed g_mutex_free()
This should have been changed to g_mutex_clear()
2011-10-04 20:08:14 -04:00
Ryan Lortie
5f48e2cde5 GDBus: switch to struct-embedded GMutex and GCond
Now that we have those, we should use them.

https://bugzilla.gnome.org/show_bug.cgi?id=660739
2011-10-04 11:13:46 -04:00
Matthias Clasen
0d1a92ca3d Add new thread creation API
Deprecate both g_thread_create functions and add
g_thread_new() and g_thread_new_full(). The new functions
expect a name for the thread.

Change GThreadPool, GMainContext and GDBus to create named threads.

https://bugzilla.gnome.org/show_bug.cgi?id=660635
2011-10-02 22:11:58 -04:00
Simon McVittie
e34e8a25a0 _g_dbus_worker_new: hold a ref until we have done the initial read
Otherwise, we could use-after-free the GDBusWorker, if its last-unref
is immediately after _g_dbus_worker_new returns (before the worker thread
does its initial read).

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=651268
Bug-NB: NB#271520
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Signed-off-by: David Zeuthen <davidz@redhat.com>
2011-09-16 12:00:22 -04:00
Simon McVittie
698eeb3ef6 GDBusWorker: as a precaution, access 'stopped' boolean atomically
This member is written in _g_dbus_worker_stop from arbitrary threads, and
read by the worker thread, so it should be accessed atomically.

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=651268
Bug-NB: NB#271520
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Signed-off-by: David Zeuthen <davidz@redhat.com>
2011-09-16 12:00:22 -04:00
Simon McVittie
c180ea13ae GDBusWorker: annotate more functions with lock/pending state
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=651268
Bug-NB: NB#271520
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Signed-off-by: David Zeuthen <davidz@redhat.com>
2011-09-16 12:00:22 -04:00
Simon McVittie
8097e2de85 GDBusConnection: delegate to the worker to close the stream
We can't safely close the output part of the I/O stream until any
pending write or flush has been completed. In the worst case, this could
lead to an assertion failure in the worker (when the close wins the
race) or not closing the stream at all (when the write wins the race).

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=651268
Bug-NB: NB#271520
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Signed-off-by: David Zeuthen <davidz@redhat.com>
2011-09-16 12:00:22 -04:00
Simon McVittie
a8f75f21b4 GDBusWorker: combine num_writes_pending with flush_pending
num_writes_pending was a counter, but it only took values 0 or 1, so make
it a boolean: it would never make sense to be trying to write out two
messages at the same time (they'd get interleaved).

Similarly, we can never be writing and flushing at the same time (that'd
mean we were flushing halfway through a message, which would be pointless)
so combine it with flush_pending too, calling the result output_pending.

Also assert that it takes the expected value whenever we change it,
and document the locking discipline used for it, including a subtle
case in write_message_in_idle_cb where it's not obvious at first glance
why we don't need the lock.

(Having the combined boolean at the top of the block of write-related
struct members improves struct packing on 64-bit platforms, by packing
read_num_ancillary_messages and output_pending into one word.)

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=651268
Bug-NB: NB#271520
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Signed-off-by: David Zeuthen <davidz@redhat.com>
2011-09-16 12:00:22 -04:00