Commit Graph

22321 Commits

Author SHA1 Message Date
Philip Withnall
5bdda2a6b5 giomodule: Ignore GIO_MODULE_DIR when running as setuid
Even if the modules in the given directory never get chosen to be used,
loading arbitrary code from a user-provided directory is not safe when
running as setuid, as the process’ environment comes from an untrusted
source.

Also ignore `GIO_EXTRA_MODULES`.

Spotted by Simon McVittie.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2168
2021-01-07 17:14:12 +00:00
Philip Withnall
a7ad3fd33a Merge branch '266.c89' into 'glib-2-66'
gdatetime.c: Fix MSVC builds for lack of NAN items

See merge request GNOME/glib!1831
2021-01-04 15:37:25 +00:00
Sebastian Dröge
55ebcf05ba Merge branch 'backport-1827-win32-fd-read-glib-2-66' into 'glib-2-66'
Backport !1827 “Windows: fix FD_READ condition flag still set on recoverable UDP socket errors.” to glib-2-66

See merge request GNOME/glib!1836
2021-01-04 15:32:53 +00:00
Marco Mastropaolo
6900d53ed8 Windows: fix FD_READ condition flag still set on recoverable UDP socket errors.
Contrary to what the WSARecvFrom seem to imply, a UDP socket is perfectly recoverable and usable after a WSAECONNRESET error (and, I assume, WSAENETRESET).
However GSocket condition has the FD_READ bit set after a UDP socket fails with WSAECONNRESET, even if no data is available on the socket anymore; this causes select calls to report the socket as readable when, in fact, it's not.

The change resets FD_READ flag on a socket upon the above error conditions; there's no 'if' to filter between datagram and stream sockets as the change should be harmless in the case of stream sockets which are, however, very unlikely to be usable after a WSAECONNRESET.
2021-01-04 15:09:03 +00:00
Chun-wei Fan
d6e5db6ed8 gdatetime.c: Fix MSVC builds for lack of NAN items
Use a fallback for isnan() on Visual Studio 2012 or earlier, and define
NAN if it does not exist.
2020-12-30 19:40:03 +08:00
Sebastian Dröge
b20a8b5a5a Merge branch 'backport-1821-date-lengths-glib-2-66' into 'glib-2-66'
Backport !1821 “gdate: Limit length of dates which can be parsed as valid” to glib-2-66

See merge request GNOME/glib!1824
2020-12-21 18:15:35 +00:00
Philip Withnall
59999737c9 gdate: Use string length when validating UTF-8
Makes the validation a tiny bit faster.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-21 17:50:52 +00:00
Philip Withnall
3fc314ec38 gdate: Limit length of dates which can be parsed as valid
Realistically any date over 200 bytes long is not going to be valid, so
limit the input length so we can’t spend too long doing UTF-8 validation
or normalisation.

oss-fuzz#28718

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-21 17:50:52 +00:00
Sebastian Dröge
4c6daefd6b Merge branch 'wip/chergert/merge-private-fix' into 'glib-2-66'
gthread: Destroy value after replacing it in g_private_replace()

See merge request GNOME/glib!1820
2020-12-17 18:43:24 +00:00
Philip Withnall
e4af46fc09 gthread: Destroy value after replacing it in g_private_replace()
If the old value is destroyed before updating the TLS value in pthreads
(or the Windows equivalent) then there’s a risk of infinite recursion if
`g_private_replace()` is called from within the `GDestroyNotify`.

Avoid that by destroying the old value after doing the TLS update.

Thanks to Matthias Clasen for diagnosing the issue.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2210
2020-12-17 10:30:54 -08:00
Philip Withnall
bacbec652d 2.66.4
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-17 11:45:52 +00:00
Sebastian Dröge
9ee19e06da Merge branch 'backport-1797-freebsd-date-parsing-glib-2-66' into 'glib-2-66'
Backport !1797 “gdatetime: Improve ISO 8601 parsing to avoid floating point checks” to glib-2-66

See merge request GNOME/glib!1805
2020-12-13 09:16:39 +00:00
Philip Withnall
d8794aaf70 tests: Add more tests for GDateTime ISO 8601 seconds parsing
This should add a few more lines/branches to the test coverage.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-12 18:35:20 +00:00
Philip Withnall
72246a564d gdatetime: Use isnan() instead of !isfinite()
Both are provided by libm, but `isnan()` is provided as a macro, whereas
`isfinite()` is an actual function, and hence libm has to be available
at runtime. That didn’t trivially work on FreeBSD, resulting in this
refactor.

`isfinite(x)` is equivalent to `!isnan(x) && !isinfinite(x)`. The case
of `x` being (negative or positive) infinity is already handled by the
range checks on the next line, so it’s safe to switch to `isnan()` here.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-12 18:35:20 +00:00
Philip Withnall
e470dca95f gdatetime: Remove floating point from seconds parsing code
Rather than parsing the seconds in an ISO 8601 date/time using a pair of
floating point numbers (numerator and denominator), use two integers
instead. This avoids issues around floating point precision, and also
makes it easier to check for potential overflow from overlong inputs.

This last point means that the `isfinite()` check can be removed, as it
was covering the case where a NAN was generated, which isn’t now
possible using integer arithmetic.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-12 18:35:20 +00:00
Sebastian Dröge
035975e7e6 Merge branch 'backport-1794-gio-tool-critical-glib-2-66' into 'glib-2-66'
Backport !1794 “gio-tool-info: Prevent criticals if mount options are not available” to glib-2-66

See merge request GNOME/glib!1799
2020-12-11 15:04:54 +00:00
Ondrej Holy
7cc8aec39c gio-tool-info: Prevent criticals if mount options are not available
NULL is valid return value for the g_unix_mount_get_options function
because mount options are currently provided only by libmount implementation.
However, the gio tool passes the returned value to the g_strescape function
without checking, which produces the following critical warning:
GLib-CRITICAL **: 13:47:15.294: g_strescape: assertion 'source != NULL' failed

Let's add the missing check to prevent the critical warnings.
2020-12-11 14:33:24 +00:00
Sebastian Dröge
22c0e5db8e Merge branch 'backport-1791-datetime-nan-glib-2-66' into 'glib-2-66'
Backport !1791 “gdatetime: Disallow NAN as a number of seconds in a GDateTime” to glib-2-66

See merge request GNOME/glib!1793
2020-12-09 15:48:55 +00:00
Sebastian Dröge
120b659bd1 Merge branch 'backport-1789-array-sort-empty-glib-2-66' into 'glib-2-66'
Backport !1789 “array: Avoid sorting 0-sized arrays” to glib-2-66

See merge request GNOME/glib!1792
2020-12-09 15:40:27 +00:00
Philip Withnall
83e5b9cab1 gdatetime: Disallow NAN as a number of seconds in a GDateTime
The fiendish thing about NAN is that it never compares TRUE against
anything, so the limit checks `seconds < 0.0 || seconds >= 60.0` were
never triggering.

oss-fuzz#28473

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-09 15:24:45 +00:00
Timm Bäder
0e50c8d6cd array: Avoid sorting 0-sized arrays
Fixes #2264
2020-12-09 15:24:15 +00:00
Sebastian Dröge
2c25fe26c8 Merge branch 'backport-1788-ossfuzz-28458-date-overflow' into 'glib-2-66'
Backport !1788 “gdate: Validate input as UTF-8 before parsing” to glib-2-66

See merge request GNOME/glib!1790
2020-12-09 15:11:45 +00:00
Philip Withnall
6181244559 gdate: Validate input as UTF-8 before parsing
Dates have to be valid UTF-8.

oss-fuzz#28458

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-09 13:48:56 +00:00
Sebastian Dröge
0cbe9efb90 Merge branch 'backport-1771-macos-frexpl-glib-2-66' into 'glib-2-66'
Backport !1771 “macos: fix frexpl checks in cross-compilation” to glib-2-66

See merge request GNOME/glib!1774
2020-11-29 11:22:57 +00:00
Andoni Morales Alastruey
a5388cf3ba macos: fix frexpl checks in cross-compilation
Cross-compilation to arm64 for Apple Silicon is not possible
due to the hardcoded settings for frexpl.
See: #1868
2020-11-25 19:57:36 +00:00
Philip Withnall
30c06eb5fc 2.66.3
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-11-16 12:19:06 +00:00
Emmanuele Bassi
e18a6a850f Merge branch 'backport-1734-hidden-cache-glib-2-66' into 'glib-2-66'
Backport !1734 “glocalfileinfo: Use a single timeout source at a time for hidden file cache” to glib-2-66

See merge request GNOME/glib!1736
2020-11-03 17:24:05 +00:00
Carlos Garnacho
92c19ebda2 glocalfileinfo: Use a single timeout source at a time for hidden file cache
As hidden file caches currently work, every look up on a directory caches
its .hidden file contents, and sets a 5s timeout to prune the directory
from the cache.

This creates a problem for usecases like Tracker Miners, which is in the
business of inspecting as many files as possible from as many directories
as possible in the shortest time possible. One timeout is created for each
directory, which possibly means gobbling thousands of entries in the hidden
file cache. This adds as many GSources to the glib worker thread, with the
involved CPU overhead in iterating those in its main context.

To fix this, use a unique timeout that will keep running until the cache
is empty. This will keep the overhead constant with many files/folders
being queried.
2020-11-03 16:34:31 +00:00
Simon McVittie
4daaf303a0 Merge branch 'backport-1725-gdbus-fds-glib-2-66' into 'glib-2-66'
Backport !1725 “gdbus: Cope with sending fds in a message that takes multiple writes” to glib-2-66

See merge request GNOME/glib!1727
2020-10-28 15:17:58 +00:00
Simon McVittie
60c3c948b5 gio/tests/gdbus-peer: Exercise fds attached to a large message
This incidentally also exercises the intended pattern for sending fds in
a D-Bus message: the fd list is meant to contain exactly those fds that
are referenced by a handle (type 'h') in the body of the message, with
numeric handle value n corresponding to g_unix_fd_list_peek_fds(...)[n].

Being able to send and receive file descriptors that are not referenced by
a handle (as in OpenFile here) is a quirk of the GDBus API, and while it's
entirely possible in the wire protocol, other D-Bus implementations like
libdbus and sd-bus typically don't provide APIs that make this possible.

Reproduces: https://gitlab.gnome.org/GNOME/glib/-/issues/2074
Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-10-28 14:59:57 +00:00
Simon McVittie
40cd84d9e4 gdbus: Cope with sending fds in a message that takes multiple writes
Suppose we are sending a 5K message with fds (so data->blob points
to 5K of data, data->blob_size is 5K, and fd_list is non-null), but
the kernel is only accepting up to 4K with each sendmsg().

The first time we get into write_message_continue_writing(),
data->total_written will be 0. We will try to write the entire message,
plus the attached file descriptors; or if the stream doesn't support
fd-passing (not a socket), we need to fail with
"Tried sending a file descriptor on unsupported stream".

Because the kernel didn't accept the entire message, we come back in.
This time, we won't enter the Unix-specific block that involves sending
fds, because now data->total_written is 4K, and it would be wrong to try
to attach the same fds again. However, we also need to avoid failing
with "Tried sending a file descriptor on unsupported stream" in this
case. We just want to write out the data of the rest of the message,
starting from (blob + total_written) (in this exaple, the last 1K).

Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/2074
Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-10-28 14:59:57 +00:00
Emmanuele Bassi
cfbab734d1 Merge branch 'backport-1711-socket-fix-glib-2-66' into 'glib-2-66'
Backport !1711 “Fix race in socketclient-slow test” to glib-2-66

See merge request GNOME/glib!1723
2020-10-27 12:09:21 +00:00
Michael Catanzaro
832d09ad4b Fix race in socketclient-slow test
This test ensures that g_socket_client_connect_to_host_async() fails if
it is cancelled, but it's not cancelled until after 1 millisecond. Our
CI testers are hitting that race window, and Milan is able to reproduce
the crash locally as well. Switching it from 1ms to 0ms is enough for
Milan to avoid the crash, but not enough for our CI, so let's move the
cancellation to a GSocketClientEvent callback where the timing is
completely deterministic.

Hopefully fixes #2221
2020-10-27 11:36:06 +00:00
Philip Withnall
614d40941b Merge branch 'backport-1713-main-context-check-glib-2-66' into 'glib-2-66'
Backport !1713 “gmain: g_main_context_check() can skip updating polled FD sources” to glib-2-66

See merge request GNOME/glib!1721
2020-10-26 14:14:20 +00:00
Claudio Saavedra
fa45688ff6 gmain: g_main_context_check() can skip updating polled FD sources
If there is a file descriptor source that has a lower priority
than the one for sources that are going to be dispatched,
all subsequent file descriptor sources (internally sorted by
file descriptor identifier) do not get an update in their GPollRec
and later on wrong sources can be dispatched.

Fix this by first finding the first GPollRec that matches the current
GPollFD, instead of relying on it to be the current one. At
the same time, document the assumptions about the ordering of the
file descriptor records and array and make explicit in the documentation
that the array needs to be passed to g_main_context_check() as it was
received from g_main_context_query().

Added a new test that reproduces the bug by creating two file
descriptor sources and an idle one. Since the first
file descriptor created has a lower identifier and a low priority,
the second one is not dispatched even when it has the same, higher,
priority as the idle source. After fixing this bug, both
higher priority sources are dispatched as expected.

While this patch was written independently, a similar fix for this
bug was first submitted by Eugene M in GNOME/glib!562. Having a
second fix that basically does the same is a reassurance that we
are in the right here.

Fixes #1592
2020-10-26 13:09:19 +00:00
Emmanuele Bassi
cea485ac00 Merge branch 'backport-1718-clang-fix-glib-2-66' into 'glib-2-66'
Backport !1718 “gtrace: Add G_GNUC_PRINTF annotation” to glib-2-66

See merge request GNOME/glib!1720
2020-10-23 15:53:03 +00:00
Philip Withnall
848a534385 gtrace: Add G_GNUC_PRINTF annotation
This allows compilers to check the format placeholders properly. It
fixes compilation on clang, which gives a warning about untrusted
strings being passed on to subsequent functions which require format
placeholders.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-10-23 16:05:21 +01:00
Philip Withnall
500db2e0b8 2.66.2
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-10-19 16:04:16 +01:00
Sebastian Dröge
a315624793 Merge branch 'backport-1706-nullable-annotations-glib-2-66' into 'glib-2-66'
Backport !1706 “Add various missing nullable annotations” to glib-2-66

See merge request GNOME/glib!1710
2020-10-19 13:08:32 +00:00
Sebastian Dröge
0643a75103 Merge branch 'backport-1683-six-days-to-eom-glib-2-66' into 'glib-2-66'
Backport !1683 “Fix the 6-days-until-the-end-of-the-month bug” to glib-2-66

See merge request GNOME/glib!1705
2020-10-19 12:00:57 +00:00
Sebastian Dröge
110e507c3a Add various missing nullable annotations 2020-10-19 12:49:29 +01:00
Руслан Ижбулатов
807e4fdcdb Fix the 6-days-until-the-end-of-the-month bug
The addition causes the date to shift
forward into 1st of the next month, because a 0-based offset
is compared to be "more than" the days in the month instead of "more than
or equal to".

This is triggered by corner-cases where transition date is 6 days
off the end of the month and our calculations put it at N+1th day of the
month (where N is the number of days in the month). The subtraction should
be triggered to move the date back a week, putting it 6 days off the end;
for example, October 25 for CET DST transition; but due to incorrect comparison
the date isn't shifted back, we add 31 days to October 1st and end up
at November 1st).

Fixes issue #2215.
2020-10-16 14:52:31 +01:00
Руслан Ижбулатов
3a0e77449c Add a test for the 6-days-until-EOM bug 2020-10-16 14:52:31 +01:00
Emmanuele Bassi
c014614a9b Merge branch 'backport-1661-timezone-fix-glib-2-66' into 'glib-2-66'
Backport !1661 “Lookup fallback time zones in the cache to improve performance” to glib-2-66

See merge request GNOME/glib!1700
2020-10-16 13:27:58 +00:00
Sebastian Dröge
cb8059291d Merge branch 'backport-1698-slice-getenv-win32-glib-2-66' into 'glib-2-66'
Backport !1698 “gslice: Inline win32 implementation of g_getenv() to avoid deadlock” to glib-2-66

See merge request GNOME/glib!1702
2020-10-16 11:59:44 +00:00
Philip Withnall
7f450baab7 gslice: Inline win32 implementation of g_getenv() to avoid deadlock
The win32 implementation of `g_getenv()` uses GSlice (from within
GQuark), which results in a deadlock when examining the `G_SLICE`
environment variable.

Fix that by inlining a basic implementation of `g_getenv()` at that call
site.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2225
2020-10-16 12:24:38 +01:00
Philip Withnall
976f48b438 tests: Add a basic test for GTimeZone caching
This tests the previous few commits.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-10-15 15:58:03 +01:00
António Fernandes
cfe593a3de Revert "gtimezone: Cache timezones based on the identifier they were created by"
This reverts commit 851241f19a.

That commit avoids a performance regression but introduces a behavior regression:
changes to /etc/localtime have no effect for the remaining of the application's
runtime.

With the optimization introduced by the previous commit, we can pass NULL to
g_time_zone_new() repeatedly with no performance drawback, so we no longer have
to workaround this case.

Fixes: #2224
2020-10-15 15:58:03 +01:00
António Fernandes
3ab278dab0 gtimezone: Cache default timezone indefinitely
We cache GTimeZone instances to avoid expensive construction when the
same id is requested again.

However, if the NULL id is passed to g_time_zone_new(), we always
construct a new instance for the default/fallback timezone.

With the recent introduction of some heavy calculations[1], repeated
instance construction in such cases has visible performance impact in
nautilus list view and other such GtkTreeView consumers.

To avoid this, cache reference to a constructed default timezone and
use it the next time g_time_zone_new() is called with NULL argument,
as long as the default identifier doesn't change. We already did the
same for the local timezone[2].

Fixes: https://gitlab.gnome.org/GNOME/glib/-/issues/2204

Based on idea proposed by Sebastian Keller <skeller@gnome.org>.

[1] 25d950b61f
[2] 551e83662d
2020-10-15 15:58:03 +01:00
António Fernandes
19c5e13fc4 gtimezone: Set resolved_identifier earlier
We have been passing a &resolved_identifier address around for multiple
functions to set it. Each function may either:

    1.  leaving it for the next function to set, if returning early;
    2.  set it to a duplicate of the passed identifier, if not NULL;
    3.  get a fallback value and set it, otherwise.

This can be simplified by setting it early to either:

    1.  a duplicate of the passed identifier, if not NULL;
    2.  a fallback value, otherwise.

This way we can avoid some unnecessary string duplication and freeing.
Also, on Windows, we avoid calling windows_default_tzname() twice.

But the main motivation for this change is enabling the performance
optimization in the next commit.
2020-10-15 15:58:03 +01:00