Commit Graph

31208 Commits

Author SHA1 Message Date
Barnabás Pőcze
7a528d0ff0 girepository: gi_object_info_find_signal(): Avoid repeated allocations
Previously `gi_object_info_find_signal()` used `gi_object_info_get_signal()`
to retrieve the *i*th signal and compare its name to the desired name.
However, `gi_object_info_get_signal()` returns an allocated object.
If the names were not matching, the allocated object was simply dropped,
and this resulted in a lot of unnecessary allocations compared to the
desired number of allocations, which is one.

To avoid much of the overhead pertaining to the creation of these allocated
`GISignalInfo` objects, introduce a new function that inspects the signal
blobs directly and returns an allocated `GISignalInfo` object just for the
matching signal. The function is largely a copy-and-paste of `gi_base_info_find_vfunc()`,
which does the same thing, only for virtual functions.

See https://gitlab.gnome.org/GNOME/gobject-introspection/-/merge_requests/504
2024-11-23 19:25:17 +01:00
Philip Withnall
2713d68ad2
guri: Fix paths starting with ‘//’ when parsing
This fixes cases where calling `g_uri_to_string()` immediately after a
successful call to `g_uri_parse()` would cause an assertion failure for
URIs like `data:/.//` or `data:.///`.

These appear to be valid URIs. Their paths are normalised to `//` during
parsing as a result of the `remove_dot_segments()` algorithm. This then
falls foul of the restriction from
https://datatracker.ietf.org/doc/html/rfc3986#section-3 that

> When authority is not present, the path cannot begin with two slash
> characters ("//").

This is already encoded in an assertion at the top of
`g_uri_join_internal()`.

The approach of prefixing the path with `/.` should be harmless: it
guarantees the path starts with `/`, prevents `//` being a prefix, and
should always be removed by `remove_dot_segments()` when re-parsing the
URI. It’s the same approach as taken in the WhatWG URL spec for a
similar (but different) situation:
https://url.spec.whatwg.org/#url-serializing (see step 3).

See also: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/415?commit_id=79cfd65c9bd8024cd45dd725c284766329873709

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-11-23 11:54:34 +00:00
Philip Withnall
2b155f86dd Merge branch 'update-macos-min' into 'main'
Raise minimum supported macOS version to 10.13 (High Sierra)

Closes #3441

See merge request GNOME/glib!4405
2024-11-21 11:13:04 +00:00
John Ralls
9bbb1acd7d Raise minimum supported macOS version to 10.13 (High Sierra).
Allows removing all macOS version ifdefs.

Closes https://gitlab.gnome.org/GNOME/glib/-/issues/3441
2024-11-20 18:15:34 -08:00
Michael Catanzaro
b21bc8d49f Merge branch 'wip/hughsie/gbytes-null' into 'main'
glib/gbytes: Be more careful when saving a GBytes of NULL

See merge request GNOME/glib!4406
2024-11-20 16:08:40 +00:00
Richard Hughes
9ddc97314b
glib/gbytes: Be more careful when saving a GBytes of NULL
In 1e3b010 the behaviour of `g_bytes_new (NULL, 0)` was changed; before the
`g_bytes_get_data()` would return NULL as expected, but now it returns a pointer
outside the single GBytes allocation.

This breaks the fwupd self tests as we use a GBytes of NULL to signify that
the emulation data exists, but it has no content.

Catch this case and restore the old behaviour.
2024-11-20 14:06:36 +00:00
Michael Catanzaro
3e87611232 Merge branch 'wip/pwithnall/3493-unicode-with-strlen' into 'main'
gutf8: Drop ifunc code and always call strlen() when validating UTF-8

Closes #3493, #3511, and #3526

See merge request GNOME/glib!4404
2024-11-19 20:53:26 +00:00
Philip Withnall
ccee4c2342 Merge branch 'feature/gresource-static-validate-args' into 'main'
gio/gresource: validate args of g_static_resource_init

Closes #3517

See merge request GNOME/glib!4372
2024-11-19 18:10:18 +00:00
Philip Withnall
96205fc7fe
gutf8: Drop ifunc code and always call strlen() when validating UTF-8
This fixes a heap buffer overflow read in `g_utf8_validate()` and
`g_str_is_ascii()`, at the cost of always calling `strlen()` on the
input string if its length isn’t known already.

The overflow read was not a security vulnerability, but getting valgrind
and asan to understand that, across all platforms and build
configurations, doesn’t seem to be possible with the resources available
to us. In particular, the `ifunc` approach doesn’t work on muslc, and
doesn’t work when statically linked.

The UTF-8 validation code should still be faster than the old approach
(GLib 2.82 and older), as `strlen()` is SIMD-accelerated in glibc, and
UTF-8 validation is SIMD accelerated in GLib. The combination of the two
should still be faster than the bytewise read loop we used to have.

Unfortunately, correctness and testability have to be prioritised over
absolute performance.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Fixes: #3493
Fixes: #3511
Fixes: #3526
2024-11-19 14:19:38 +00:00
Philip Withnall
dfe252429c Merge branch 'uninstalled_variables' into 'main'
meson: Add variables to -uninstalled.pc files

See merge request GNOME/glib!4399
2024-11-19 12:01:06 +00:00
Philip Withnall
0a48bfe79a
tests: Factor out a function to convert FD to path
This could potentially eventually become a public GLib API, but there
doesn’t seem to be a huge need for it right now (e.g. this file contains
the only use of `/proc/self/fd/%d` in GLib), so let’s keep it private
for now and avoid committing to API stability just yet.

This gives time for other platforms to add their platform-specific
implementations for it too, if they need. I’ve added a couple of
pointers to what I *think* the right APIs might be, from my research,
but I have not prototyped those implementations.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-11-19 11:54:25 +00:00
Philip Withnall
f399369078 Merge branch 'wip/smcv/debian-12.8' into 'main'
Revert "CI: Rebuild a slightly newer version of ninja for debian-stable-i386"

See merge request GNOME/glib!4403
2024-11-19 11:42:25 +00:00
Simon McVittie
55a1d3af0d Revert "CI: Rebuild a slightly newer version of ninja for debian-stable-i386"
The Debian 12.8 point release included a version of ninja that is
equivalent to the one we were building from source here.

This reverts commit dbd7280c5e.

Signed-off-by: Simon McVittie <smcv@debian.org>
2024-11-19 09:47:58 +00:00
Emmanuele Bassi
3dffcd2569 Merge branch 'testutils-docs' into 'main'
testutils: Documentation improvements

See merge request GNOME/glib!4401
2024-11-18 19:29:40 +00:00
Emmanuele Bassi
f0e06b181d testutils: More documentation improvements
Convert examples to gi-docgen syntax too.

Review feedback by Emmanuele Bassi.
2024-11-18 19:02:40 +00:00
Sebastian Geiger
ccf4403e39 gio/gresource: validate args of g_static_resource_init
Signed-off-by: Sebastian Geiger <sbastig@gmx.net>
2024-11-17 13:18:06 +01:00
Philip Withnall
a85cc64b4b Merge branch 'trailing-garbage-ignored' into 'main'
converteroutputstream: Consume extra data at end

Closes #3532

See merge request GNOME/glib!4394
2024-11-16 07:46:25 +00:00
Benjamin Otte
33b9338fb0 converteroutputstream: Raise error for data at end
When a conversion is finished, the code would return 0 from its write
vfunc. This is disallowed by the API of g_output_stream_write() and
causes g_output_stream_splice() as used by g_converter_convert_bytes()
to turn into an infinite loop.

Instead, raise a G_IO_ERROR_MESSAGE_TOO_LARGE error so that the calling
code can decide how to deal with it.

Testcase included.

Closes #3532
2024-11-16 07:46:24 +00:00
Matthias Clasen
164486b7ea testutils: Some more docs tweaks
These changes are largely to bring the style closer to
what is recommended in

https://developer.gnome.org/documentation/guidelines/devel-docs.html
2024-11-15 13:59:52 -05:00
Matthias Clasen
ff22358396 testutils: Documentation improvements
Apply gi-docgen formatting, remove gtk-doc syntax and make reference
work again.
2024-11-15 11:49:09 -05:00
Philip Withnall
e6a24e631e Merge branch 'refstring-disable-assert-fix' into 'main'
grefstring: Mark a variable as potentially unused

See merge request GNOME/glib!4398
2024-11-14 12:53:13 +00:00
Xavier Claessens
0b776bc20c meson: Add variables to -uninstalled.pc files
This allows building a glib project within glib's devenv. Otherwise
Meson won't find glib tools.
2024-11-13 11:07:12 -05:00
Philip Withnall
55966083e6
grefstring: Mark a variable as potentially unused
It is unused when compiling with `G_DISABLE_ASSERT`. That’s fine, but we
definitely want the `g_hash_table_remove()` call to still be made.

Fixes this CI failure: https://gitlab.gnome.org/GNOME/glib/-/jobs/4483098

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-11-13 13:52:31 +00:00
Philip Withnall
7dacfa7799 Merge branch 'wip/hadess/test-warning-fix' into 'main'
appmonitor: Fix warning building test

See merge request GNOME/glib!4395
2024-11-13 13:40:45 +00:00
Philip Withnall
91b2b659d3 Merge branch 'procfs' into 'main'
Replace procfs linuxism with kinfo freebsdism

See merge request GNOME/glib!4393
2024-11-13 13:29:01 +00:00
Gleb Popov
6d67568da3 Replace procfs linuxism with kinfo freebsdism 2024-11-13 13:29:01 +00:00
Bastien Nocera
48b980ca7d appmonitor: Fix warning building test
gio/tests/appmonitor.c: In function ‘timeout_cb’:
gio/tests/appmonitor.c:95:14: warning: null pointer dereference [-Wnull-dereference]
   95 |   *timed_out = TRUE;
2024-11-13 14:24:50 +01:00
Philip Withnall
6faed43505 Merge branch 'amolenaar/content-type-works' into 'main'
macos: content-type tests do succeed

Closes #1251

See merge request GNOME/glib!4390
2024-11-10 15:29:22 +00:00
Arjan Molenaar
6e4b70e062 macos: content-type tests should succeed 2024-11-09 13:42:47 +01:00
Philip Withnall
558cb16f19 Merge branch 'amolenaar/content-type' into 'main'
macos: Add extra content type tests

See merge request GNOME/glib!4389
2024-11-08 22:34:38 +00:00
Arjan Molenaar
bc8b7041a9 macos: Add extra content type tests 2024-11-08 22:34:38 +00:00
Philip Withnall
a162d7a9e9 Merge branch 'non-fatal-assertions-option' into 'main'
test utils: Make nonfatal assertions an option

See merge request GNOME/glib!4384
2024-11-08 15:26:48 +00:00
Matthias Clasen
2a15b2cc61 Add a test for nonfatal assertions
Testing this in a normal testcaes is a bit tricky, since
triggering a non-fatal assertion has the side-effect of
marking the test as failed.

So just don't run any testcases here, but check the side-effect
manually. Since we don't produce TAP output when not using
g_test_run(), tell meson that we're using the exitcode protocol.
2024-11-08 14:38:22 +00:00
Matthias Clasen
b161cb9252 Add macros for all g_test_init options
Add macros, and use them.
2024-11-08 14:38:22 +00:00
Philip Withnall
2ecb445537 Merge branch 'refstring-intern-release-race' into 'main'
refstring: Fix race between releasing and re-acquiring an interned GRefString

See merge request GNOME/glib!4232
2024-11-08 12:31:40 +00:00
Sebastian Dröge
1c78ed95d4 refstring: Fix race between releasing and re-acquiring an interned GRefString
There is a race between releasing and re-acquiring an interned
GRefString if this happens on two threads at the same time. This can
result in already freed memory to be returned from
g_ref_string_new_intern().

| Thread 1                       | Thread 2                      |
| ------------------------------ | ----------------------------- |
| g_ref_string_release()         | g_ref_string_new_intern()     |
| g_atomic_rc_box_release_full() | g_mutex_lock()                |
|                                | g_hash_table_lookup()         |
| remove_if_interned()           | g_ref_string_acquire()        |
| g_mutex_lock()                 | g_mutex_unlock()              |
| g_hash_table_remove()          |                               |
| g_mutex_unlock()               |                               |
| g_free()                       |                               |
|                                | return res; // this is freed  |

This use-after-free usually also gives a critical warning because
g_atomic_ref_count_inc() checks for the refcount having been 0
before incrementing.

It is not possible to safely implement weak references via garcbox.

To avoid this race do not implement weak references via garcbox but
instead implement the allocation of the string manually with a manually
managed reference count. This allows to safely resurrect the interned
string if the above race happens, and also avoids other races.

As a side-effect this also

  * reduces the allocation size in addition to the actual string length
    from 32 bytes to 16 bytes on 64 bit platforms and keeps it at 16 bytes
    on 32 bit platforms,

  * doesn't lock a mutex when freeing non-interned GRefStrings.
2024-11-08 13:44:41 +02:00
Sebastian Dröge
dc197cd7f3 arcbox: Document that implementing weak references via the clear_func is not safe 2024-11-08 10:28:07 +02:00
Matthias Clasen
90f4e562be test utils: Make nonfatal assertions an option
We have a mechanism for turning on optional features of the GLib
test harness by passing options to g_test_init(). Use it for the
non-fatal assertions as well.
2024-11-07 11:10:40 -05:00
Philip Withnall
536dfca9be Merge branch '3524-missing-annotations' into 'main'
Add missing `(array zero-terminated=1)` annotations

Closes #3524

See merge request GNOME/glib!4386
2024-11-07 11:38:58 +00:00
Philip Withnall
04f6d555b0 Merge branch 'cm/no-sanitize-load-word' into 'main'
gutf8: Skip ASan instrumentation for load_word

See merge request GNOME/glib!4385
2024-11-07 11:38:25 +00:00
Jan-Willem Harmannij
80ba36e095 Add missing (array zero-terminated=1) annotations
Array annotations were missing on `g_enum_register_static` and
`g_flags_register_static`.

Fixes #3524
2024-11-06 22:26:06 +01:00
correctmost
5641770743 gutf8: Skip ASan instrumentation for load_word
load_word has a known out-of-bounds read that is explained in
commit ec7cf334db.

Helps: #3493
2024-11-06 12:13:06 -05:00
Philip Withnall
a429e56523
2.83.0
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-11-06 14:20:19 +00:00
Philip Withnall
dbb42933f8 Merge branch 'faccessat-bsd' into 'main'
glocalfile: Disable faccessat()-based query_exists on FreeBSD

See merge request GNOME/glib!4366
2024-11-06 13:13:01 +00:00
Philip Withnall
7868e6dd33 Merge branch 'on-error-stack' into 'main'
Small improvements to g_on_error_stack_trace and g_on_error_query

See merge request GNOME/glib!4375
2024-11-06 12:30:09 +00:00
Philip Withnall
8e46f31a23 Merge branch 'thread-name-length' into 'main'
thread: Force-limit thread name length

See merge request GNOME/glib!4374
2024-11-06 12:15:56 +00:00
Matthias Clasen
904be498c5 Small improvements to g_on_error_query
We can do the [S] option even if g_prgname isn't set, now that
g_on_error_stack_trace(NULL) works.
2024-11-06 11:46:53 +00:00
Matthias Clasen
f6e71c25ed Small improvements to g_on_error_stack_trace
Make the gdb commands match what /usr/bin/gstack uses,
and produce a stacktrace including all threads.
2024-11-06 11:46:53 +00:00
Matthias Clasen
95cdd0f06f Small improvements to g_on_error_stack_trace
Make g_on_error_stack_trace (NULL) work by using /proc/$PID/exe.

This matches what /usr/bin/gstack does.
2024-11-06 11:46:53 +00:00
Matthias Clasen
5b84636e62 thread: Force-limit thread name length
The documentation for glibc's pthread_setname_np states:

    The thread name is a meaningful C language string,
    whose length is restricted to 16 characters,
    including the  terminating  null  byte  ('\0').

The documentation for Solaris' pthread_setname_np states:

    The thread name is a string of length 31 bytes or less,
    UTF-8 encoded.

Failing to respect this length limitation may lead to no name being
set, which is confusing, since the thread then shows up under the
binary name in gdb. This was happening for the pango worker thread
with the name "[pango] fontconfig".
2024-11-06 11:44:49 +00:00