Calling g_atomic_ref_count_dec() or g_ref_count_dec() and the reference
count reaches zero results in different side effects depending on
whether the reference count is atomic or not.
The intended side effect when this happens is undefined, i.e. one should
not rely on the reference count actually reaching zero, or staying 1, or
becoming something else, and one should treat the grefcount /
gatomicrefcount to be unusable until reinitialized.
This wasn't documented, so add a paragraph about this.
This change is proposed by Kamil Dudka. It teaches Coverity to assume
that g_critical() will never return, which is desirable for the same
reasons it is for scan-build: once you've triggered undefined behavior,
the game is already lost, and there's limited benefit from trying to
avoid every possible memory leak on such codepaths. Notably, this
affects g_return_if_fail().
Arguably it might be desirable to fix every such issue, but if we're
already not doing so for scan-build, it doesn't make sense to hold
developers working with Coverity to a higher standard. This allows
focusing on more serious issues found by Coverity.
Thanks Kamil!
glib/gdate.c: In function ‘convert_twodigit_year’:
glib/gdate.c:1217:13: warning: comparison of integer expressions of
different signedness: ‘gint’ {aka ‘int’} and ‘guint’ {aka ‘unsigned int’}
1217 | if (y < two)
| ^
gio/tests/actions.c: In function ‘strv_set_equal’:
gio/tests/actions.c:177:41: error: comparison of integer expressions of different signedness: ‘guint’ {aka ‘unsigned int’} and ‘gint’ {aka ‘int’}
177 | res = g_strv_length ((gchar**)strv) == count;
| ^~
gio/tests/actions.c: In function ‘test_parse_detailed’:
gio/tests/actions.c:473:17: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘long unsigned int’
473 | for (i = 0; i < G_N_ELEMENTS (testcases); i++)
| ^
gio/tests/actions.c: In function ‘test_entries’:
gio/tests/actions.c:375:5: error: missing initializer for field ‘parameter_type’ of ‘GActionEntry’ {aka ‘const struct _GActionEntry’}
375 | { "foo", activate_foo },
| ^
In file included from gio/gio.h:31,
from gio/tests/actions.c:1:
gio/gactionmap.h:63:16: note: ‘parameter_type’ declared here
63 | const gchar *parameter_type;
| ^~~~~~~~~~~~~~
...
gio/tests/gdbus-peer-object-manager.c: In function ‘mock_interface_get_vtable’:
gio/tests/gdbus-peer-object-manager.c:111:3: error: missing initializer for field ‘padding’ of ‘GDBusInterfaceVTable’ {aka ‘struct _GDBusInterfaceVTable’}
111 | };
| ^
When using TAP we want every single line to be one of the following:
- a valid TAP clause
- a comment
- a blank line
Typical explicit test logs are single line comments, but in some cases
we might end up printing debug messages from libraries, and those may
contain multiple lines. When that happens, we break the TAP and fail the
test in conditions entirely outside of our control.
One option to avoid outright failure is to always prepend each line of a
messge with `#`, to ensure that the whole thing is considered a comment.
gio/tests/network-address.c: In function ‘main’:
gio/tests/network-address.c:1194:17: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘long unsigned int’
1194 | for (i = 0; i < G_N_ELEMENTS (host_tests); i++)
| ^
gio/tests/network-address.c:1201:17: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘long unsigned int’
1201 | for (i = 0; i < G_N_ELEMENTS (uri_tests); i++)
| ^
gio/tests/network-address.c:1208:17: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘long unsigned int’
1208 | for (i = 0; i < G_N_ELEMENTS (address_tests); i++)
| ^
gio/tests/network-address.c:1215:17: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘long unsigned int’
1215 | for (i = 0; i < G_N_ELEMENTS (address_tests); i++)
| ^
gio/tests/gsubprocess.c: In function ‘test_communicate_async’:
gio/tests/gsubprocess.c:774:3: error: missing initializer for field ‘running’ of ‘TestAsyncCommunicateData’
774 | TestAsyncCommunicateData data = { flags, 0, };
| ^~~~~~~~~~~~~~~~~~~~~~~~
gio/tests/gsubprocess.c: In function ‘test_communicate_utf8_async’:
gio/tests/gsubprocess.c:1025:3: error: missing initializer for field ‘running’ of ‘TestAsyncCommunicateData’
1025 | TestAsyncCommunicateData data = { flags, 0, };
| ^~~~~~~~~~~~~~~~~~~~~~~~
gio/tests/gsubprocess.c: In function ‘test_communicate_utf8_cancelled_async’:
gio/tests/gsubprocess.c:1058:3: error: missing initializer for field ‘running’ of ‘TestAsyncCommunicateData’
1058 | TestAsyncCommunicateData data = { flags, 0, };
| ^~~~~~~~~~~~~~~~~~~~~~~~
gio/tests/gsubprocess.c: In function ‘test_communicate_utf8_async_invalid’:
gio/tests/gsubprocess.c:1202:3: error: missing initializer for field ‘running’ of ‘TestAsyncCommunicateData’
1202 | TestAsyncCommunicateData data = { flags, 0, };
| ^~~~~~~~~~~~~~~~~~~~~~~~
gio/tests/converter-stream.c: In function ‘g_expander_converter_convert’:
gio/tests/converter-stream.c:128:21: error: comparison of integer expressions of different signedness: ‘int’ and ‘gsize’ {aka ‘long unsigned int’}
128 | for (i = 0; i < block_size; i++)
| ^
gio/tests/converter-stream.c: In function ‘g_compressor_converter_convert’:
gio/tests/converter-stream.c:234:23: error: comparison of integer expressions of different signedness: ‘long int’ and ‘gsize’ {aka ‘long unsigned int’}
234 | if (in_end - in < block_size)
| ^
gio/tests/converter-stream.c:244:21: error: comparison of integer expressions of different signedness: ‘int’ and ‘gsize’ {aka ‘long unsigned int’}
244 | for (i = 0; i < block_size; i++)
| ^
gio/tests/converter-stream.c:257:33: error: comparison of integer expressions of different signedness: ‘long int’ and ‘gsize’ {aka ‘long unsigned int’}
257 | if (v == 0 && in_end - in == block_size && (flags & G_CONVERTER_INPUT_AT_END) == 0)
| ^~
gio/tests/converter-stream.c: In function ‘test_expander’:
gio/tests/converter-stream.c:356:17: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’
356 | for (i = 0; i < sizeof(unexpanded_data); i++)
| ^
gio/tests/converter-stream.c: In function ‘test_compressor’:
gio/tests/converter-stream.c:445:17: error: comparison of integer expressions of different signedness: ‘int’ and ‘gsize’ {aka ‘long unsigned int’}
445 | for (i = 0; i < expanded_size; i++)
| ^
gio/tests/converter-stream.c:454:16: error: comparison of integer expressions of different signedness: ‘int’ and ‘gsize’ {aka ‘long unsigned int’}
454 | g_assert (i == expanded_size -1);
| ^~
gio/tests/converter-stream.c: In function ‘test_converter_pollable’:
gio/tests/converter-stream.c:1077:17: error: comparison of integer expressions of different signedness: ‘int’ and ‘gsize’ {aka ‘long unsigned int’}
1077 | for (i = 0; i < expanded_size; i++)
| ^
gio/tests/converter-stream.c:1086:16: error: comparison of integer expressions of different signedness: ‘int’ and ‘gsize’ {aka ‘long unsigned int’}
1086 | g_assert (i == expanded_size -1);
| ^~
The code did not handle EOF (0 byte read) correctly. This can e.g. cause
an infinite loop if an incorrect socks proxy is configured.
Add the appropriate checks and return an G_IO_ERROR_CONNECTION_CLOSED
error if EOF is encountered.
gio/tests/converter-stream.c: In function ‘main’:
gio/tests/converter-stream.c:1220:17: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘long unsigned int’
1220 | for (i = 0; i < G_N_ELEMENTS (compressor_tests); i++)
| ^
gio/tests/converter-stream.c:1223:17: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘long unsigned int’
1223 | for (i = 0; i < G_N_ELEMENTS (truncation_tests); i++)
| ^
gio/tests/converter-stream.c:1226:17: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘long unsigned int’
1226 | for (i = 0; i < G_N_ELEMENTS (charset_tests); i++)
| ^
gio/tests/contenttype.c: In function ‘test_tree’:
gio/tests/contenttype.c:337:17: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘long unsigned int’
337 | for (i = 0; i < G_N_ELEMENTS (tests); i++)
| ^
gio/tests/contexts.c: In function ‘test_context_specific_emit’:
gio/tests/contexts.c:379:21: error: comparison of integer expressions of different signedness: ‘guint’ {aka ‘unsigned int’} and ‘gint32’ {aka ‘int’}
379 | for (i = 0; i < g_test_rand_int_range (1, 5); i++)
| ^
gio/tests/contexts.c:383:55: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’}
383 | while (g_atomic_int_get (&observed_values[i]) != n)
| ^~
gio/tests/contexts.c:387:41: error: comparison of integer expressions of different signedness: ‘gint64’ {aka ‘long int’} and ‘guint64’ {aka ‘long unsigned int’}
387 | if (g_get_monotonic_time () > expiry)
| ^
gio/gsettings-tool.c: In function ‘gsettings_list_children’:
gio/gsettings-tool.c:199:30: error: comparison of integer expressions of different signedness: ‘size_t’ {aka ‘long unsigned int’} and ‘gint’ {aka ‘int’}
199 | if (strlen (children[i]) > max)
| ^
gio/gunixsocketaddress.c: In function ‘g_unix_socket_address_to_native’:
gio/gunixsocketaddress.c:217:15: error: comparison of integer expressions of different signedness: ‘gsize’ {aka ‘long unsigned int’} and ‘gssize’ {aka ‘long int’}
217 | if (destlen < socklen)
| ^
If this g_return_val_if_fail() is ever hit, then we leak arguments.
This is not very important because if your code hits
g_return_val_if_fail() you are invoking undefined behavior, a rather
more serious problem, but let's replace it with g_critical() to be
robust.
This includes a small behavior change: it returns 1 rather than 0 in
this error case.
Found by Coverity.
Resolve "g_date_time_format() does not return UTF-8 if LC_TIME is not UTF8 but other locale settings are UTF-8"
Closes#2055
See merge request GNOME/glib!1777