The functions g_strconcat, g_strjoinv and g_strjoin perform the
concatination of strings in two phases. The first phase figures out the
required amount of memory to hold the resulting string. The second
phase actually copies the strings into the allocated memory.
If the sum of the lengths of all strings to be joined exceeds G_SIZEMAX,
then phase two triggers an out of boundary write due to insufficient
amount of memory allocated.
While this sounds impossible to do at first, actually it becomes a
possibility on 32 bit systems with merely 20 MB of heap. The overflow
can actually happen if the same string is joined multiple times. See
attached unit test. While the same can be done with 64 bit systems, it
takes much more memory and a lot of time.
Fortunately the protection is rather cheap, although it adds two or
three machine instructions and branches due to testing.
The load_user_special_dirs function performs no internal locking, which
means that callers must already hold the g_utils_global lock. Since we
mark some getters as unlocked by now, do the same with
load_user_special_dirs to highlight this additional requirement.
Suggested by Michael Catanzaro
The list pointer is allowed to be null while still creating a new valid list.
The missing "nullable" flagging can cause issues in gir generated wrappers.
See https://github.com/gircore/gir.core/issues/1318
List of functions with changed comments:
- g_list_append
- g_list_prepend
- g_list_insert
- g_list_insert_before
- g_slist_append
- g_slist_prepend
- g_slist_insert
- g_slist_insert_before
...C, C++, ObjC, and ObjC++ too. It's not a problem to add
arguments to unused languages.
This means, for example, that all the defines are in place when writing
WinRT C++ code.
When get_help() gets ready to lay out the help text into columns,
it first goes through and computes the max_width of the strings in
the left column. Problem is, it measures the width of every
available option, whether or not they'll actually be displayed.
Instead, let's use the same criteria used when deciding whether
to display an option, to decide whether or not to account for it
when computing max_width. This way, the layout is sized for the
help that's actually being produced.
Fixes#3781
Always NUL-terminate the data, which g_file_get_contents does as well.
This fixes unnecessary fuzzer warnings.
For further clarification of this requirement, rename the internally
used function.
Fixes: #3783
Do what the comment states and strip all trailing slashes. Also, do not
strip the trailing slash if it's the only character left, i.e. if it
denotes the root directory.
XDG_CONFIG_DIR and HOME can be overridden with test environments. Read
these variables before building them again.
It's not possible to call the getter functions directly because the
caller of load_user_special_dirs already holds a lock and locking again
is undefined behavior and could lead to deadlocks.
Separate the functionality out into unlocked functions which definitely
have to be static to not expose them. Use them while holding the lock.
Allow more than G_MAXUINT replacements in g_string_replace. Even
though the return value type is guint, do as many replacements
as requested if limit is 0 and return G_MAXUINT if even more
operations were performed to satisfy current ABI/API.
With input by Philip Withnall.
