Commit Graph

99 Commits

Author SHA1 Message Date
Philip Withnall
e03d5a335b gdbusmessage: Check for valid GVariantType when parsing a variant blob
The code was checking whether the signature provided by the blob was a
valid D-Bus signature — but that’s a superset of a valid GVariant type
string, since a D-Bus signature is zero or more complete types. A
GVariant type string is exactly one complete type.

This meant that a D-Bus message with a header field containing a variant
with an empty type signature (for example) could cause a critical
warning in the code parsing it.

Fix that by checking whether the string is a valid type string too.

Unit test included.

oss-fuzz#9810

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-23 17:01:51 +13:00
Philip Withnall
968f1c6cad gdbusmessage: Fix a typo in a documentation comment
Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-23 17:01:51 +13:00
Philip Withnall
50b544e2c0 gdbusmessage: Clarify error returns for g_dbus_message_new_from_blob()
Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-23 17:01:51 +13:00
Philip Withnall
94a9ab3c03 gdbusmessage: Improve documentation for g_dbus_message_get_header()
The caller is responsible for checking the type of the returned
GVariant.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-23 17:01:51 +13:00
Philip Withnall
af712bbce1 gdbusmessage: Validate type of message header signature field
Parsing a D-Bus message with the signature field in the message header
of type other than ‘g’ (GVariant type signature) would cause a critical
warning. Instead, we should return a runtime error.

Includes a test.

oss-fuzz#9825

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-23 17:01:51 +13:00
Philip Withnall
ab09a5f5a9 gdbusmessage: Fix a typo in the documentation
Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-08-07 11:04:00 +01:00
Ting-Wei Lan
c61f01f0ff build: Define MAJOR_IN_TYPES when major is defined in sys/types.h
Autoconf macro AC_HEADER_MAJOR doesn't define a macro in config.h when
major is defined in sys/types.h. This was not a problem because major
is assumed to be always available. However, commit aefffa3fbc
changes this assumption in order to fix build on systems without major,
which causes code using major to be disabled on systems putting major
in sys/types.h.

This commit defines a new macro MAJOR_IN_TYPES for both autotools and
meson builds to make major useful on these systems again.
2018-06-07 23:05:50 +08:00
Philip Withnall
07f75f6cc2 gdbusmessage: Make a translatable message translatable with plurals
Signed-off-by: Philip Withnall <withnall@endlessm.com>

https://bugzilla.gnome.org/show_bug.cgi?id=658713
2018-02-02 10:07:12 +01:00
Philip Withnall
e644bfa37e gio: Add some casts for printf() formatting statbufs on Solaris
Apparently Solaris defines statbuf fields as long when Linux doesn’t, in
some cases. Cast down to the type expected by the printf() format
placeholder.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

https://bugzilla.gnome.org/show_bug.cgi?id=749652
2017-11-28 14:17:09 +00:00
Daniel Macks
190f64a0fb Avoid setting unused variables (-Wself-assign)
Setting a variable and then assigning it to itself avoids
-Wunused-but-set-variable but this specific trick is now caught by
-Wself-assign. Instead, actually use the value or don't bother
assigning it at all:

gdbusauth.c: call g_data_input_stream_read_byte() in void context
gdbusauthmechanismsha1.c: value is actually used
gdbusmessage.c: use consistent preprocessor-token protection
gthreadedresolver.c: skip over bytes in data blob
httpd.c: do something useful with the value

https://bugzilla.gnome.org/show_bug.cgi?id=745723
2017-09-11 22:14:18 +01:00
Philip Withnall
5cddde1fb2 Consistently save errno immediately after the operation setting it
Prevent the situation where errno is set by function A, then function B
is called (which is typically _(), but could be anything else) and it
overwrites errno, then errno is checked by the caller.

errno is a horrific API, and we need to be careful to save its value as
soon as a function call (which might set it) returns. i.e. Follow the
pattern:
  int errsv, ret;
  ret = some_call_which_might_set_errno ();
  errsv = errno;

  if (ret < 0)
    puts (strerror (errsv));

This patch implements that pattern throughout GLib. There might be a few
places in the test code which still use errno directly. They should be
ported as necessary. It doesn’t modify all the call sites like this:
  if (some_call_which_might_set_errno () && errno == ESOMETHING)
since the refactoring involved is probably more harmful than beneficial
there. It does, however, refactor other call sites regardless of whether
they were originally buggy.

https://bugzilla.gnome.org/show_bug.cgi?id=785577
2017-08-03 10:21:13 +01:00
Philip Withnall
18f8b77c04 gio: Use g_strerror() instead of strerror()
This marginally improves thread safety, and marginally improves
consistency.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

https://bugzilla.gnome.org/show_bug.cgi?id=733821
2017-06-21 11:20:29 +01:00
Sébastien Wilmet
3bf4a720c3 gio/: LGPLv2+ -> LGPLv2.1+
Sub-directories inside gio/ already processed in a previous commit:
- fam/
- gdbus-2.0/ (which contains only codegen/)
- gvdb/
- inotify/
- tests/
- win32/
- xdgmime/

Other sub-directories inside gio/:
- completion/: no license headers
- kqueue/: not LGPL, BSD-style license

https://bugzilla.gnome.org/show_bug.cgi?id=776504
2017-05-29 19:53:34 +02:00
declan
aefffa3fbc gdbusmessage: Don’t use major()/minor() if they’re unavailable
https://bugzilla.gnome.org/show_bug.cgi?id=777030
2017-04-28 15:26:28 +01:00
Emmanuele Bassi
f952fdf3fc Drop trailing semi-colon from G_DEFINE_ macro
It's unnecessary, and only adds visual noise; we have been fairly
inconsistent in the past, but the semi-colon-less version clearly
dominates in the code base.

https://bugzilla.gnome.org/show_bug.cgi?id=669355
2017-04-10 10:38:31 +01:00
Christian Hergert
18a33f72db introspection: use (nullable) or (optional) instead of (allow-none)
If we have an input parameter (or return value) we need to use (nullable).
However, if it is an (inout) or (out) parameter, (optional) is sufficient.

It looks like (nullable) could be used for everything according to the
Annotation documentation, but (optional) is more specific.
2016-11-22 14:14:37 -08:00
Christophe Fergeau
a4012abbdf gdbus: Fix leak in g_dbus_message_print()
This leak only happens when using G_DBUS_DEBUG=message or similar, but
it's nicer to be valgrind-clean even in these cases.

https://bugzilla.gnome.org/show_bug.cgi?id=736810
2016-11-22 15:01:31 -05:00
Lukasz Skalski
59a996db9b GDBusMessage: Fix segfault if DEBUG_SERIALIZER is enabled
https://bugzilla.gnome.org/show_bug.cgi?id=729730
2016-11-22 14:59:49 -05:00
Piotr Drąg
10c490cdfe Use Unicode in translatable strings
See https://developer.gnome.org/hig/stable/typography.html

https://bugzilla.gnome.org/show_bug.cgi?id=772221
2016-10-12 21:30:42 +02:00
Philip Withnall
bc01109618 gdbusmessage: Fix a minor memory leak on an error path
If g_dbus_message_to_blob() fails at all, it will leak its mbuf. Spotted
by running the gdbus-serialization test under Valgrind — so there is a
justification for leak-free tests after all!
2015-04-22 00:02:06 +01:00
Ross Lagerwall
226c292b6a gio: Prevent hang writing to a large GMemoryBuffer
Fix a hang due to overflow by using unsigned numbers and explicitly
checking if the number overflows to zero.  This also fixes the previous
logic which assigned an int which may be negative to an unsigned number
resulting in sign extension and strange results.

Use gsize rather than int to allow for large buffers on 64 bit machines.

https://bugzilla.gnome.org/show_bug.cgi?id=727988
2014-10-30 20:15:47 +00:00
Ryan Lortie
2268628565 gdbus: Properly fix encoding of double arrays
It turns out that this bug actually would (sometimes) impact any sort of
fixed-sized array with an alignment requirement of 8 due to incorrectly
counting the alignment inserted between the (aligned 4) array length and
the actual data.

Fix this properly and remove the exception for doubles.

https://bugzilla.gnome.org/show_bug.cgi?id=732754
2014-07-24 15:51:21 +02:00
Stef Walter
627b49b390 gio: Fix regression encoding an array of doubles
Take the simple slow path in this case. Encoding a double
takes special precautions as you can see in append_value_to_blob()
and friends.

https://bugzilla.gnome.org/show_bug.cgi?id=732754
2014-07-23 15:44:40 +02:00
Ryan Lortie
5d0e295fb8 GDBusMessage: add some G_UNLIKELY on error paths
More for documentation than anything else...
2014-07-09 11:19:58 -04:00
Ryan Lortie
5463c8cedb GDBusMessage: fast-path decoding of fixed arrays
Instead of creating a separate GVariant for each of the 'y's in an 'ay',
use g_variant_new_fixed_array().

https://bugzilla.gnome.org/show_bug.cgi?id=732754
2014-07-09 10:43:26 -04:00
Ryan Lortie
958da1e9dc GDBusMessage: fast-path encoding of fixed arrays
Instead of handling each item separately, handle the array as a whole.

https://bugzilla.gnome.org/show_bug.cgi?id=732754
2014-07-09 10:43:26 -04:00
Ryan Lortie
d108ada4b9 GDBusMessage: simplify byteswapping
Remove some duplication by simplifying our byteswap checks.

https://bugzilla.gnome.org/show_bug.cgi?id=732754
2014-07-07 15:02:54 -04:00
Evan Nemerson
570b27b9ac gio: port annotations from the Vala metadata.
https://bugzilla.gnome.org/show_bug.cgi?id=730493
2014-05-23 10:04:06 -07:00
Lukasz Skalski
7c205ae90d gio: cleanup gdbusmessage.c file
* removed passing GError to ensure_input_padding() function
  - it was necessary before commit 3e5214c15c
  when we used GData*Streams and GMemoryInputStream with
  g_seekable_seek() - now it's useless,

* removed checking return value of ensure_input_padding()
  function - in previous implementation (like above)
  g_seekable_seek() could return FALSE - now it's always TRUE,

* removed passing GError to g_memory_buffer_read_*() functions
  and checking returned value - it also has been inherited after
  old implementation with g_data_input_stream_read_*() functions
  - now it's also useless

* cleaned up code formatting,

https://bugzilla.gnome.org/show_bug.cgi?id=729875
2014-05-09 10:21:22 -04:00
Matthias Clasen
42cf80780b Docs: Big entity cleanup
Strip lots of entity use from |[ ]| examples (which are now
implicit CDATA). Also remove many redundant uses of <!-- -->.
2014-02-01 12:00:30 -05:00
Matthias Clasen
17f51583a8 Docs: Convert examples to |[ ]| 2014-01-31 21:56:33 -05:00
Daniel Mustieles
078dbda148 Updated FSF's address 2014-01-31 14:31:55 +01:00
Dan Winship
158dde0507 Replace #ifdef HAVE_UNISTD_H checks with #ifdef G_OS_UNIX
In Windows development environments that have it, <unistd.h> is mostly
just a wrapper around several other native headers (in particular,
<io.h>, which contains read(), close(), etc, and <process.h>, which
contains getpid()). But given that some Windows dev environments don't
have <unistd.h>, everything that uses those functions on Windows
already needed to include the correct Windows header as well, and so
there is never any point to including <unistd.h> on Windows.

Also, remove some <unistd.h> includes (and a few others) that were
unnecessary even on unix.

https://bugzilla.gnome.org/show_bug.cgi?id=710519
2013-11-20 09:25:39 -05:00
Michael Haubenwallner
efb1701bf3 Use AC_HEADER_MAJOR
Instead of checking for sys/mkdev.h headerfile, there is the
AC_HEADER_MAJOR helper for how to get major(), minor(), makedev().

https://bugzilla.gnome.org/show_bug.cgi?id=712314
2013-11-18 14:47:53 -05:00
Jan Schmidt
0167c3340d gio: Fix -Werror format string errors from mismatched ints. 2013-09-27 10:52:50 +10:00
Dan Winship
4b94c0831e Use 'dumb quotes' rather than `really dumb quotes'
Back in the far-off twentieth century, it was normal on unix
workstations for U+0060 GRAVE ACCENT to be drawn as "‛" and for U+0027
APOSTROPHE to be drawn as "’". This led to the convention of using
them as poor-man's ‛smart quotes’ in ASCII-only text.

However, "'" is now universally drawn as a vertical line, and "`" at a
45-degree angle, making them an `odd couple' when used together.

Unfortunately, there are lots of very old strings in glib, and also
lots of new strings in which people have kept up the old tradition,
perhaps entirely unaware that it used to not look stupid.

Fix this by just using 'dumb quotes' everywhere.

https://bugzilla.gnome.org/show_bug.cgi?id=700746
2013-05-21 11:23:22 -03:00
Hib Eris
1011e4269f Fix compile error in gdbusmessage.c for win64
https://bugzilla.gnome.org/show_bug.cgi?id=696973
2013-04-01 08:48:36 +02:00
Matthias Clasen
f1173dd725 Fix a mixup of singular and plural
Pointed out in https://bugzilla.gnome.org/show_bug.cgi?id=695339
2013-03-07 16:45:50 -05:00
Henrique Dante de Almeida
c219181cb2 Add G_GNUC_PRINTF on all functions with format strings
This allows compilation with clang without errors, even when
-Wformat-nonliteral is active (as long as there are no real cases of
non literal formatting).

https://bugzilla.gnome.org/show_bug.cgi?id=691608
2013-01-13 12:32:40 -05:00
Mike Gorse
fe0b77fea8 Optimize reading strings when deserializing gdbus messages
Now that we're directly accessing the memory holding a message blob,
we can access strings directly while reading them. This speeds up
read_string significantly, since we no longer malloc/memcpy/free.
2012-11-30 15:51:47 -06:00
Mike Gorse
3e5214c15c Use a simple struct when reading and writing gdbus messages
GData*Streams incur significant overhead, and we do not need all of the
functionality that they provide, since we only ever read from/write to
memory when handling message blobs, so it is more performant to use a
simple structure.

https://bugzilla.gnome.org/show_bug.cgi?id=652650
2012-11-29 14:15:34 -06:00
Dan Winship
f248c86b0a win32: move some code into #ifdef G_OS_UNIX
Fix various bits of code/declarations that are only used by G_OS_UNIX
but were still visible to G_OS_WIN32.

https://bugzilla.gnome.org/show_bug.cgi?id=688109
2012-11-15 14:19:05 -05:00
Will Thompson
113f4abb67 GDBusMessage: do not align for grandchildren of empty arrays.
D-Bus arrays are serialized as follows:

1. align to a 4-byte boundary (for the length)
2. uint32: the length of the serialized body in bytes
3. padding for the alignment of the body type (not included in the length)
4. the body.

Note that 3. is a no-op unless the body type is an 8-byte aligned type
(uint64, int64, double, struct, dict_entry), since you are always on a
4-byte boundary from aligning and writing the length.

So, an empty aax (that is, an array containing zero arrays of int64)
is serialized as follows:

1. align to a 4-byte boundary
2. length of the contents of this (empty) array, in bytes (0)
3. align to a 4-byte boundary (the child array's alignment requirement)
4. there is no body.

But previously, GDBus would recurse in step three to align not just for
the type of the child array, but for the nonexistent child array's
contents. This only affects the algorithm when the grandchild type has
8-byte alignment and the reader happened to not already be on an 8-byte
boundary, in which case 4 bytes were spuriously skipped.

https://bugzilla.gnome.org/show_bug.cgi?id=673612

Signed-off-by: David Zeuthen <davidz@redhat.com>
2012-04-10 16:39:47 -04:00
Will Thompson
e28d3ef921 GDBusMessage: print more debug info about alignment
Signed-off-by: David Zeuthen <davidz@redhat.com>
2012-04-10 16:39:45 -04:00
Dieter Verfaillie
ce7f1a0789 Fix malformed GTK-Doc comment blocks: don't confuse GTK-Doc parsers.
Found these thanks to the improved gobject-introspection
GTK-Doc comment block/annotation parser.
See https://bugzilla.gnome.org/show_bug.cgi?id=672254

https://bugzilla.gnome.org/show_bug.cgi?id=673385
2012-04-05 10:23:45 -03:00
Robert Ancell
4143842eb4 Add missing allow-none annotations for function parameters.
Found using:
find . -name '*.c' | xargs grep 'or %NULL' | grep ' \* @' | grep -v '@error' | grep -v allow-none
2012-03-31 20:34:28 +11:00
Evan Nemerson
c3d6595f5a GIO: add lots of annotations for Vala bindings
https://bugzilla.gnome.org/show_bug.cgi?id=667447
2012-01-11 15:50:08 -05:00
Ryan Lortie
9c07e7dc90 GDBusMessage: fix leak of GError
As part of the deserialisation process of a zero-length array in the
DBus wire format, parse_value_from_blob() recursively calls itself with
the expectation of failing (as can be seen by the assert immediately
following).

It passes &local_error to this always-failing call and then fails to
free it (indeed, to use it at all).  The result is that the GError is
leaked.

Fix it by passing in NULL instead, so that the GError is never created
in the first place.

https://bugzilla.gnome.org/show_bug.cgi?id=662411
2011-10-21 15:18:20 -04:00
Matthias Clasen
6e80885c8d Spell out file descriptors in a message
Translators don't necessarily know what 'fds' are.
Pointed out in bug 657454.
2011-08-27 13:18:45 -04:00
Matthias Clasen
1a2265889b GDBusMessage: Use ngettext() where appropriate
Pointed out in bug 657452.
2011-08-27 13:17:07 -04:00