g_object_bind_property() (transfer none) returns a GBinding with an existing internal
reference which is active as long as the "binding" is. This allows to optionally use
the binding without any memory management, as it will remove itself when it is no longer
needed.
There are currently three ways to remove the "binding" and as a result the reference:
1) Either the source or target dies and we get notified by a weakref callback
2) The user unrefs the binding until it is destroyed (which is semi-legal,
but worked and is used in the test suite)
3) The user calls g_binding_unbind()
In case (3) the problem was that it always calls unref even if the "binding" is already
gone, leading to crashes when called from bindings multiple times.
In #1373 and !197 it was noticed that a function always unrefs which would be a
"transfer full" annotation, but the problem here is that it should only remove the
ref when removing the "binding" and the annotation should stay "transfer none".
As a side effect of this fix it is now also possible to call g_binding_unbind() multiple
times where every call after the first is a no-op.
This also adds explicit tests for case (1) and (3) - only case (3) is affected by this change.
In order to determine whether to trash a file to the home directory, we
compare its st_dev to our home directory's st_dev field.
This is the wrong thing to do on overlayfs when deleting files, because
st_dev contains the ID of the filesystem providing the file (which can
be the lower or upper filesystem), but directories always return the ID
of the overlayfs. Thus the comparison fails and we are unable to trash
the file.
Fix this by checking st_dev of the parent directory when we are deleting
a file.
Also adjust `test_trash_not_supported` for this - make its st_dev check
look at the parent directory's `st_dev` rather than the temporary file's
own.
Fixes#1027.
The documentation was unclear about what error codes would be returned
on attempting to open an empty or corrupt GVDB file. Previous versions
of the documentation incorrectly said that corrupt GVDB files were
considered equivalent to empty ones.
A recent commit has clarified the documentation to include its error
handling behaviour.
Update the two users of GVDB within GLib, GResource and GSettingsSource,
to follow this change, and add unit tests for them both.
Other users of the GVDB copylib will need to update their copy and make
appropriate changes if they have bugs in their handling of this
situation. dconf is one example of this. GVDB should be updated from
https://gitlab.gnome.org/GNOME/gvdb.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://gitlab.gnome.org/GNOME/glib/issues/1454
glibc string.h declares memcpy() with attribute(nonnull(1,2)), causing
calls with NULL arguments to be treated as undefined behaviour.
This is consistent with ISO C99 and C11, which state that passing 0
to string functions as an array length does not remove the requirement
that the pointer to the array is a valid pointer.
gcc -fsanitize=undefined catches this while running OSTree's test suite.
Similarly, running the GLib test suite reports similar issues for
qsort(), memmove(), memcmp().
(This is a partial cherry-pick of commit e5ed410c8c from GLib.)
Signed-off-by: Simon McVittie <smcv@debian.org>
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=775510
Reviewed-by: Colin Walters
GVDB is essentially part of GLib, so should have the same maintainer
list.
At least this way, it’s not just maintained by one absentee maintainer.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Some of the test vectors don’t specify a timezone, so the local one is
used; the comparisons to the expected results (which are in UTC) then
fail.
See discussion in
https://gitlab.gnome.org/GNOME/glib/merge_requests/225.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Part of runMkenumsWithHeader() was duplicated in test_reproducible(),
and would otherwise need to be duplicated again in upcoming tests. Many
places duplicated decoding stdout/stderr and checking the exit code.
Introduce a named tuple for the returned fields; and factor out writing
a template file to pass with --template.
When calculating the value of a timezone offset, ensure that any offsets
done with negative numbers are done in a signed integer.
oss-fuzz#9815
Signed-off-by: Philip Withnall <withnall@endlessm.com>
The token_stream_peek() functions were not doing any bounds checking, so
could potentially read 1 byte off the end of the input blob. This was
never noticed, since the input stream is almost always a nul-terminated
string. However, g_variant_parse() does allow non-nul-terminated strings
to be used with a @limit parameter, and the bugs become apparent under
valgrind if that parameter is used.
This includes modifications to the test cases to cover the
non-nul-terminated case.
Spotted by ossfuzz.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
While mountpoints are *not* symlinks, strictly speaking,
they works in a similar enough way, so consider them to be
symlinks for the purpose of querying local file info.
On Windows st_ctime field is the file creation time.
POSIX mandates that field to be the file state change time.
Naturally, glib code interpreted st_ctime as POSIX suggested,
and the result was bad.
Fix this by introducing special W32-only logic for setting
attributes from st_ctime field.
Fixes issue #1452.
(Tweaked by Philip Withnall <withnall@endlessm.com> to fix some minor
leaks, code formatting, and add a test comment.)
Signed-off-by: Simon McVittie <smcv@collabora.com>