9274 Commits

Author SHA1 Message Date
Philip Withnall
55966083e6
grefstring: Mark a variable as potentially unused
It is unused when compiling with `G_DISABLE_ASSERT`. That’s fine, but we
definitely want the `g_hash_table_remove()` call to still be made.

Fixes this CI failure: https://gitlab.gnome.org/GNOME/glib/-/jobs/4483098

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-11-13 13:52:31 +00:00
Philip Withnall
a162d7a9e9 Merge branch 'non-fatal-assertions-option' into 'main'
test utils: Make nonfatal assertions an option

See merge request GNOME/glib!4384
2024-11-08 15:26:48 +00:00
Matthias Clasen
2a15b2cc61 Add a test for nonfatal assertions
Testing this in a normal testcaes is a bit tricky, since
triggering a non-fatal assertion has the side-effect of
marking the test as failed.

So just don't run any testcases here, but check the side-effect
manually. Since we don't produce TAP output when not using
g_test_run(), tell meson that we're using the exitcode protocol.
2024-11-08 14:38:22 +00:00
Matthias Clasen
b161cb9252 Add macros for all g_test_init options
Add macros, and use them.
2024-11-08 14:38:22 +00:00
Philip Withnall
2ecb445537 Merge branch 'refstring-intern-release-race' into 'main'
refstring: Fix race between releasing and re-acquiring an interned GRefString

See merge request GNOME/glib!4232
2024-11-08 12:31:40 +00:00
Sebastian Dröge
1c78ed95d4 refstring: Fix race between releasing and re-acquiring an interned GRefString
There is a race between releasing and re-acquiring an interned
GRefString if this happens on two threads at the same time. This can
result in already freed memory to be returned from
g_ref_string_new_intern().

| Thread 1                       | Thread 2                      |
| ------------------------------ | ----------------------------- |
| g_ref_string_release()         | g_ref_string_new_intern()     |
| g_atomic_rc_box_release_full() | g_mutex_lock()                |
|                                | g_hash_table_lookup()         |
| remove_if_interned()           | g_ref_string_acquire()        |
| g_mutex_lock()                 | g_mutex_unlock()              |
| g_hash_table_remove()          |                               |
| g_mutex_unlock()               |                               |
| g_free()                       |                               |
|                                | return res; // this is freed  |

This use-after-free usually also gives a critical warning because
g_atomic_ref_count_inc() checks for the refcount having been 0
before incrementing.

It is not possible to safely implement weak references via garcbox.

To avoid this race do not implement weak references via garcbox but
instead implement the allocation of the string manually with a manually
managed reference count. This allows to safely resurrect the interned
string if the above race happens, and also avoids other races.

As a side-effect this also

  * reduces the allocation size in addition to the actual string length
    from 32 bytes to 16 bytes on 64 bit platforms and keeps it at 16 bytes
    on 32 bit platforms,

  * doesn't lock a mutex when freeing non-interned GRefStrings.
2024-11-08 13:44:41 +02:00
Sebastian Dröge
dc197cd7f3 arcbox: Document that implementing weak references via the clear_func is not safe 2024-11-08 10:28:07 +02:00
Matthias Clasen
90f4e562be test utils: Make nonfatal assertions an option
We have a mechanism for turning on optional features of the GLib
test harness by passing options to g_test_init(). Use it for the
non-fatal assertions as well.
2024-11-07 11:10:40 -05:00
correctmost
5641770743 gutf8: Skip ASan instrumentation for load_word
load_word has a known out-of-bounds read that is explained in
commit ec7cf334db8d4ea722413e6050cc92ce553dc4f7.

Helps: #3493
2024-11-06 12:13:06 -05:00
Philip Withnall
7868e6dd33 Merge branch 'on-error-stack' into 'main'
Small improvements to g_on_error_stack_trace and g_on_error_query

See merge request GNOME/glib!4375
2024-11-06 12:30:09 +00:00
Matthias Clasen
904be498c5 Small improvements to g_on_error_query
We can do the [S] option even if g_prgname isn't set, now that
g_on_error_stack_trace(NULL) works.
2024-11-06 11:46:53 +00:00
Matthias Clasen
f6e71c25ed Small improvements to g_on_error_stack_trace
Make the gdb commands match what /usr/bin/gstack uses,
and produce a stacktrace including all threads.
2024-11-06 11:46:53 +00:00
Matthias Clasen
95cdd0f06f Small improvements to g_on_error_stack_trace
Make g_on_error_stack_trace (NULL) work by using /proc/$PID/exe.

This matches what /usr/bin/gstack does.
2024-11-06 11:46:53 +00:00
Matthias Clasen
5b84636e62 thread: Force-limit thread name length
The documentation for glibc's pthread_setname_np states:

    The thread name is a meaningful C language string,
    whose length is restricted to 16 characters,
    including the  terminating  null  byte  ('\0').

The documentation for Solaris' pthread_setname_np states:

    The thread name is a string of length 31 bytes or less,
    UTF-8 encoded.

Failing to respect this length limitation may lead to no name being
set, which is confusing, since the thread then shows up under the
binary name in gdb. This was happening for the pango worker thread
with the name "[pango] fontconfig".
2024-11-06 11:44:49 +00:00
Sebastian Wick
3f71e403ed gvariant: Introduce G_VARIANT_BUILDER_INIT_UNSET
For g_auto(GVariantBuilder) one needs to initialize it before the
function returns, so it's best to do it when the variable is declared.
G_VARIANT_BUILDER_INIT exists but requires specifying a GVariantType in
the declaration which moves the type away from the usage of the builder
which often results in less readable code. G_VARIANT_BUILDER_INIT also
mentions that it's possible to explicitly zero the variable but this is
hard to find and writing `g_auto(GVariantBuilder) builder = {0,};` is
kind of ugly.

This introduces G_VARIANT_BUILDER_INIT_UNSET which zero initializes the
variable being declared. This gives us documentation and hides the
explicitly zeroing detail:

  auto(GVariantBuilder) builder = G_VARIANT_BUILDER_INIT_UNSET ();
2024-11-04 16:43:42 +01:00
Sebastian Wick
b10a4507a5 gvariant: Use gi-docgen for the G_VARIANT_BUILDER_INIT documentation 2024-11-04 16:38:05 +01:00
Philip Withnall
0828714bd4 Merge branch 'structured-logging-domain-check-without-nul' into 'main'
glib: Don't require GLIB_DOMAIN to be a NUL-terminated string

See merge request GNOME/glib!4350
2024-10-24 20:41:32 +00:00
Parth Patel
929114fad2 glib/glib-private: Build glib without ASAN sanitizer on AIX.
In AIX, we doesn't have lsan sysmbols related to sanitizer.
So, skipping this check in AIX to build glib without ASAN sanitizer.

Issue: https://gitlab.gnome.org/GNOME/glib/-/issues/3512
2024-10-23 11:10:32 -05:00
Philip Withnall
4c3f06acbf Merge branch 'str-is-ascii-ifunc' into 'main'
gutf8: Add ifunc resolver for g_str_is_ascii() too

Closes #3511

See merge request GNOME/glib!4364
2024-10-22 17:37:32 +00:00
Sebastian Dröge
99bf0c966a glib: Add test for handling of non-NUL terminated strings in default log handler 2024-10-22 19:08:25 +03:00
Sebastian Dröge
9719853507 glib: Make sure GLIB_OLD_LOG_API is a NUL-terminated string
Every usage in GLib ensures this but theoretically external code might
pass something else. As this is only meant to be used internally from
GLib, don't support the other case but at least avoid potential out of
bound reads.
2024-10-22 19:08:25 +03:00
Sebastian Dröge
f221864d6e glib: Don't require GLIB_DOMAIN to be a NUL-terminated string
The length might be passed explicitly in the field instead, and the
string might not have a NUL-terminator as happens for example when
passed from the Rust bindings.

This might lead to out of bounds reads.

Thanks to Sebastian Wiesner for noticing this.
2024-10-22 19:08:25 +03:00
Michael Catanzaro
155d00a61e Merge branch '3470-unicode-16' into 'main'
Update to Unicode 16.0.0 and fix Unicode composition for its new codepoints

Closes #3470

See merge request GNOME/glib!4362
2024-10-22 15:29:42 +00:00
Philip Withnall
cf982177dd
gutf8: Add ifunc resolver for g_str_is_ascii() too
Just like how commit ad572e77802c3c383619fe63a4832b5c75dbea82 added an
ifunc resolver for `g_utf8_validate()`, we also need to add one for
`g_str_is_ascii()`, as it also calls into the c-utf8 SIMD validation
code which causes false-positive buffer read overflow warnings from
valgrind and asan.

I thought about just adding the `strlen()` call into `g_str_is_ascii()`
unconditionally, as a simpler fix, but from a quick
codesearch.debian.net, it appears `g_str_is_ascii()` is used quite
widely, so this would have an unacceptable performance impact.

This should fix the valgrind failures on the `search-utils` test seen
here: https://gitlab.gnome.org/GNOME/glib/-/jobs/4423753.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-10-22 12:46:16 +01:00
Philip Withnall
1755024caf
gutf8: Factor out complex type signature into a typedef
As suggested by Michael Catanzaro, this should make the return type of
the resolve function a bit easier for people to parse.

This introduces no functional changes.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-10-22 12:45:20 +01:00
Philip Withnall
05fb05b49b
gutf8: Factor out ifunc attribute checks
It looks like these might get more complex in future, as compilers claim
to support the attribute (`__has_attribute(ifunc)` is true) but then
raise errors at compile time if the target architecture doesn’t support
ifuncs.

For example, see #3511.

This doesn’t fix #3511 (I don’t have time to test on musl right now), but
it should make it easier to update the platform preprocessor conditions
in future.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #3511
2024-10-22 12:42:41 +01:00
Philip Withnall
f9f74efd76
tests: Improve Unicode composition code coverage
This adds various additional tests to cover branches of `gunidecomp.c`
which are not already covered, bringing our branch coverage of that file
up to 100% (if you ignore `g_utf8_normalize()`, which is tested by
`unicode-normalize.c` and I’m counting it separately).

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #3470
2024-10-21 19:32:50 +01:00
Philip Withnall
0125c58a05
tests: Test restricted result_len sizes for g_unichar_fully_decompose()
This pushes the code coverage of that function up to 100%.

And it found no bugs!

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-10-21 19:32:43 +01:00
Philip Withnall
84e3a9cde9
tests: Refactor g_unichar_fully_decompose() test to make it extensible
This introduces no functional changes, but allows the test to be easily
extended, in the following commit, to test restricted `result_len`
sizes.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-10-21 19:32:37 +01:00
Philip Withnall
6eb648de1c
tests: Refactor g_unichar_compose() test to fix booleans
`g_assert_false (g_unichar_compose (…) && ch == 0)` will succeed if
`g_unichar_compose()` succeeds and returns a non-zero character (which
it will if it succeeds), so this isn’t really testing what we want it to
test. This regressed in commit ae4eea7a39.

Refactor out the repetitive calls to `g_unichar_compose()` and fix the
boolean checks.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-10-21 19:32:30 +01:00
Philip Withnall
5ec1c2422c
gunidecomp: Add some explanatory comments to g_utf8_normalize()
Just to make it a bit easier for people to understand the logic in the
implementation in future, because it took me a while.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-10-21 19:32:23 +01:00
Philip Withnall
32d3bddae4
gen-unicode-tables.pl: Add a new ‘either’ compose table
See the big comment in the code for details. Essentially, this adds a
new compose table specifically for the transitive closure of ‘either’
codepoints — codepoints which appear as the first codepoint in a
composition pair and as the second point in a composition pair
(potentially, but not necessarily, the same pair); or which appear in a
composition pair with an ‘either’ codepoint.

This new compose table has to be symmetrically indexed, as the
`COMPOSE_INDEX` macro doesn’t differentiate based on codepoint position
(first or second). It’s not possible to achieve that with the main
`compose_array` without making it absolutely huge (it’s currently about
150×40 in size and would have to become at least 150×150 in size). In
contrast, the new `compose_either_array` is currently 15×15.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #3470
2024-10-21 19:32:16 +01:00
Philip Withnall
dc2491d224
gen-unicode-tables.pl: Add more error checking
We’re essentially trying to build a minimal perfect hash function, and
`vals` is the map which represents that function. If we redefine a
member of `vals`, the map is no longer a partial function — one input
value (a Unicode codepoint) has two output values (compose table
indices).

So it’s bad if a member of `vals` gets redefined, and we want to be
notified if that happens.

As it happens, some of the new codepoints in Unicode 16.0 cause these
checks to fail. For example, U+16121 Gurung Khema Vowel Sign U
decomposes to U+1611E U+1611E. This causes `vals{U+1611E}` to be defined
to an index from the `first` map, and then redefined to an index from
the `second` map.

The following few commits will fix this, but let’s get the checks in
first.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-10-21 19:32:10 +01:00
Philip Withnall
ebd26727a8
gen-unicode-tables.pl: Add some internal documentation
Because how these big tables of numbers work is perhaps a bit hard to
figure out, and it would be useful to document the design decisions
involved in it.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-10-21 19:32:03 +01:00
Philip Withnall
e2b96c8679
gunicode: Update to Unicode 16.0.0
All changes mechanically generated with:
```
./tools/update-unicode-data.sh ~/Downloads/UCD 16.0.0
```
using the data from https://www.unicode.org/Public/16.0.0/ucd/UCD.zip.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #3470
2024-10-21 19:31:56 +01:00
Philip Withnall
07e191012d
gunicode: Add new scripts for Unicode 16.0
Manually added from the data in
https://www.unicode.org/Public/16.0.0/ucd/UCD.zip.

The following commit will mechanically update the Unicode tables to use
them.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #3470
2024-10-21 19:31:49 +01:00
Philip Withnall
3065734dce
gunicode: Fix comment describing shortcode for Nag Mundari script
So it reflects the `sc` line in `PropertyValueAliases.txt` in the
Unicode database.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-10-21 19:31:42 +01:00
Philip Withnall
ad51ff8038
gunicode: Switch compose_array table from guint16 to gunichar
The time has finally come when Unicode has specified a codepoint above
U+FFFF which has a decomposition: U+16125 GURUNG KHEMA VOWEL SIGN AI, in
Unicode 16 which the following commits will add support for.

So far, we’ve managed to store the reverse-lookup from decomposed pairs
to their composed form using a 16-bit integer. Now we have to switch to
storing the composed form in a 32-bit `gunichar` as U+16125 won’t fit
otherwise.

This introduces no functional changes, but does double the in-memory
size of the `compose_array` table from 9176 bytes to 19932 bytes.

The code which uses this lookup table, in `gunidecomp.c`, was already
implicitly converting the loaded value to a `gunichar`, so needs no
changes.

When we update to Unicode 16, the new `NormalizationTest.txt` file
contains a test which will check that composed codepoints > U+FFFF work.
Specifically, U+11391 TULU-TIGALARI LETTER AU is tested.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #3470
2024-10-21 19:30:38 +01:00
Marcel Telka
3a1eb4a0be free_seg -> free_segment for g_array_free() and g_ptr_array_free()
Signed-off-by: Marcel Telka <marcel@telka.sk>
2024-10-21 13:16:52 +02:00
Philip Withnall
1334e585e7 Merge branch 'issue_3500' into 'main'
gmain: Include poll.h as early as possible, fixing build on AIX

Closes #3500

See merge request GNOME/glib!4355
2024-10-19 09:39:21 +00:00
Parth Patel
0924a2e881 gmain: Include poll.h as early as possible
On AIX, the system poll.h redefines the names of struct members,
for example `#define events reqevents`. This means that accesses
to GPollFD will fail to compile if poll.h was included after
glib/gpoll.h.

We can't simply add `#include <poll.h>` in glib/gpoll.h, because
that wouldn't work on platforms where poll.h doesn't exist, and
GLib supports some platforms in that category.

Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/3500
2024-10-19 01:52:32 -05:00
Philip Withnall
b465ca1e9e Merge branch 'gvarianttype-docs' into 'main'
gvarianttype: Add two missing (nullable) annotations and port docs to gi-docgen format

See merge request GNOME/glib!4326
2024-10-19 00:44:46 +00:00
Philip Withnall
1ffa730035
tests: Use g_assert_*() rather than g_assert() in GDateTime tests
It won’t get compiled out with `G_DISABLE_ASSERT`.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-10-18 13:24:13 +01:00
Philip Withnall
e9902a66a9 Merge branch 'bytes-docs' into 'main'
gbytes: Convert docs to gi-docgen linking syntax

See merge request GNOME/glib!4303
2024-10-18 12:04:12 +00:00
Simon McVittie
fe2699369f gdatetime test: Fall back if legacy System V PST8PDT is not available
On recent versions of Debian, PST8PDT is part of the tzdata-legacy
package, which is not always installed and might disappear in future.
Successfully tested with and without tzdata-legacy on Debian unstable.

Signed-off-by: Simon McVittie <smcv@debian.org>
2024-10-18 11:24:33 +01:00
Simon McVittie
30e9cfa573 gdatetime test: Try to make PST8PDT test more obviously correct
Instead of using timestamp 0 as a magic number (in this case interpreted
as 1970-01-01T00:00:00-08:00), calculate a timestamp from a recent
year/month/day in winter, in this case 2024-01-01T00:00:00-08:00.

Similarly, instead of using a timestamp 15 million seconds later
(1970-06-23T15:40:00-07:00), calculate a timestamp from a recent
year/month/day in summer, in this case 2024-07-01T00:00:00-07:00.

Signed-off-by: Simon McVittie <smcv@debian.org>
2024-10-18 11:22:49 +01:00
Rebecca N. Palmer
c0619f08e6 gdatetime test: Do not assume PST8PDT was always exactly -8/-7
In newer tzdata, it is an alias for America/Los_Angeles, which has a
slightly different meaning: DST did not exist there before 1883. As a
result, we can no longer hard-code the knowledge that interval 0 is
standard time and interval 1 is summer time, and instead we need to look
up the correct intervals from known timestamps.

Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/3502
Bug-Debian: https://bugs.debian.org/1084190
[smcv: expand commit message, fix whitespace]
Signed-off-by: Simon McVittie <smcv@debian.org>
2024-10-18 11:20:42 +01:00
Philip Withnall
6cabc7bbf8 Merge branch 'wip/chergert/valgrind-utf8-check' into 'main'
glib/gutf8: use ifunc to check for valgrind

See merge request GNOME/glib!4344
2024-10-17 17:57:48 +00:00
Philip Withnall
ec7cf334db
gutf8: Add a comment explaining the ifunc and asan annotation
Why they’re necessary, why we _think_ the optimised implementation of
`g_utf8_validate()` is OK despite what valgrind and asan are telling us,
and how they work.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #3493
2024-10-17 18:26:19 +01:00
Philip Withnall
b9a39848da Merge branch 'solaris' into 'main'
Build fixes for building on Solaris & illumos

See merge request GNOME/glib!4351
2024-10-15 09:36:17 +00:00