Commit Graph

19324 Commits

Author SHA1 Message Date
Philip Withnall
3a961236dd gmarkup: Avoid reading off the end of a buffer when non-nul-terminated
When extracting a UTF-8 character to put in an error message on parse
failure, pass the remaining buffer length to utf8_str() to avoid it
running off the end of the input buffer. It previously assumed that the
buffer was nul-terminated, which was the case in all the tests until
now.

A following commit will add test coverage for this.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-26 23:08:43 +13:00
Philip Withnall
f502141f98 tests: Run GMarkup tests with and without nul-termination
When using GMarkup to parse a string, the string can be provided with an
explicit length specified, or with no length and a nul terminator
instead. Run all the GMarkup tests both ways, to catch problems with
length checks, or with nul terminator checks.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-26 22:57:07 +13:00
Philip Withnall
d6f2462ee0 tests: Add another GMarkup test from oss-fuzz
This doesn’t trigger any new failures, but is distinct from other tests
we have, so would be good to retain.

Related to commit cec7170540.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-26 22:57:07 +13:00
Matej Urbančič
7c09bcb3d5 Updated Slovenian translation 2018-10-25 21:35:53 +02:00
Xavier Claessens
aff686a2fb Meson: Cleanup a FIXME now that we have dict addition 2018-10-25 10:50:10 -04:00
Marco Trevisan
4d48e02027 Merge branch 'gdbus-peer-again' into 'master'
gdbus-peer: Make sure to not include objectmanager-gen.c source

See merge request GNOME/glib!416
2018-10-25 12:23:15 +00:00
Xavier Claessens
7c70bef8b6 gdbus-peer: Make sure to not include objectmanager-gen.c source
The executable depends only on the generated header file at compile
time, and on the library at link time. So meson can decide to compile
gdbus-peer.c before compiling the library and thus won't have generated
the header yet, causing the build error.

So declare_dependency() should only have the header file in its sources,
to force generating files before compiling gdbus-peer.c without
including objectmanager-gen.c into gdbus-peer's sources.
2018-10-25 07:34:23 -04:00
Emmanuele Bassi
7cf02db664 Merge branch 'wjt/gseekable-fix-attmepting-typo' into 'master'
gseekable: fix 'attmepting' typo

See merge request GNOME/glib!415
2018-10-25 08:59:56 +00:00
Will Thompson
cd524d065b
gseekable: fix 'attmepting' typo 2018-10-25 09:33:19 +01:00
Philip Withnall
5263b54a06 Merge branch 'objectmanager-src-dep' into 'master'
gio, tests: ensure objectmanager sources are generated

See merge request GNOME/glib!414
2018-10-25 04:28:09 +00:00
Marco Trevisan (Treviño)
11e4fcca5e gio, tests: ensure objectmanager sources are generated
We use libgdbus_example_objectmanager_dep as dependency for various
tests, but this implies only a link dependency while it doesn't ensure
that the sources are generated.

Make this explicit
2018-10-23 20:58:09 -05:00
Philip Withnall
1564ef5589 Merge branch 'wip/oholy/fix-trash-symlink' into 'master'
glocalfile: Fix access::can-trash if parent is symlink

Closes #1522

See merge request GNOME/glib!326
2018-10-24 00:03:55 +00:00
Philip Withnall
25b7716e0d Merge branch 'nirbheek/macos-library-versions' into 'master'
meson: Add macOS libtool versioning for ABI compatibility

See merge request GNOME/glib!282
2018-10-24 00:00:35 +00:00
Matej Urbančič
228a1d6497 Updated Slovenian translation 2018-10-23 16:34:21 +02:00
Xavier Claessens
372e81b56c Merge branch 'ci-test-installed' into 'master'
CI: Test static build on installed glib

See merge request GNOME/glib!360
2018-10-23 13:56:46 +00:00
Xavier Claessens
7fa6e9e837 CI: Test static build on installed glib 2018-10-23 09:45:12 -04:00
Philip Withnall
7db63898c1 Merge branch 'shorten-gdbus-test-filename' into 'master'
build: work around meson issue with too long filenames on Windows. Fixes #1556

Closes #1556

See merge request GNOME/glib!370
2018-10-23 09:16:58 +00:00
Ondrej Holy
39afe07e27 Merge branch 'wip/oholy/bind-mounts' into 'master'
gunixmounts: Mark mounts as system internal instead of filtering out

See merge request GNOME/glib!366
2018-10-23 07:32:32 +00:00
Ondrej Holy
983a95c9dc gunixmounts: Mark mounts as system internal instead of filtering out
mntent-based implementation filter out mounts with device path that was
repeated. Consequently, it is not possible to show such mounts in UI even
with x-gvfs-show, because they are not returned from g_unix_mounts_get.
libmount-based implementation currently doesn't filter out any mounts
which causes issues to our volume monitors. Let's rather mark mounts
which don't point into fs root as system_internal. This approach won't be
affected by mount order as is mntent-based implementation. It will mark
more mounts as system_internal than it is filtered out with mntend-based
implementation, but there will be always possibility to show them in UI
over x-gvfs-show, which was not possible with mntend-based. We can
probably introduce some improvements later to not mark unique mounts as
system internal even if they don't point into fs root...

https://gitlab.gnome.org/GNOME/glib/issues/1271
2018-10-23 09:01:04 +02:00
Ondrej Holy
e1fa5ffb91 gio: Add g_unix_mount_get_root_path
Currently, there isn't API to determine root path for mounts created
over bind operation (or btrfs subvolumes). This causes issues to our
volume monitors if there is multiple mounts for one device, which can
happen with libmount-based implementation currently. Let's propagate
root path from libmount over g_unix_mount_get_root_path, so we can
handle this somehow in our volume monitors.

https://gitlab.gnome.org/GNOME/glib/issues/1271
2018-10-23 09:01:04 +02:00
Ondrej Holy
a56b9cc6b2 glocalfile: Use MAXSYMLINKS when following symlinks
Currently, readlink() is used only 12 times when expanding symlinks.
However, kernel uses 40 for this purpose and it is defined as MAXSYMLINKS.
Use that constant if available, or 40. See:
https://github.com/torvalds/linux/include/linux/namei.h.
2018-10-23 08:53:55 +02:00
Ondrej Holy
b6191059b8 glocalfile: Return NULL if symlink expansion fails
find_mountpoint_for() uses current file in case of error, because
get_parent() returns NULL for error, but also if parent doesn't exist.
Return "." from get_parent() if parent doesn't exist in order to
differentiate the error state.
2018-10-23 08:53:55 +02:00
Ondrej Holy
57cfbc9341 glocalfile: Add test case for symlink expansion
Test symlink expansion in find_mountpoint_for() function over
 _g_local_file_find_topdir_for(). find_mount_for() is crucial for many
of glocalfile.c functionality (e.g. to determine correct trash location)
and symlink expansion has to work properly.

https://gitlab.gnome.org/GNOME/glib/issues/1522
2018-10-23 08:53:54 +02:00
Ondrej Holy
85de7749c4 Merge branch 'dirname-of-root-docs' into 'master'
gfileutils: Add examples to g_path_get_dirname() documentation

See merge request GNOME/glib!410
2018-10-23 06:49:57 +00:00
Philip Withnall
d192a078c8 Merge branch 'ossfuzz-9810-9825-10319-9803-9857-9801-fixes' into 'master'
Various GVariant, GMarkup and GDBus fuzzing fixes

See merge request GNOME/glib!411
2018-10-23 04:30:21 +00:00
Philip Withnall
1c421b0158 glib: Port various callers to use g_utf8_validate_len()
These were callers which explicitly specified the string length to
g_utf8_validate(), when it couldn’t be negative, and hence should be
able to unconditionally benefit from the increased string handling
length.

At least one call site would have previously silently changed behaviour
if called with strings longer than G_MAXSSIZE in length.

Another call site was passing strlen(string) to g_utf8_validate(), which
seems pointless: just pass -1 instead, and let g_utf8_validate()
calculate the string length. Its behaviour on embedded nul bytes
wouldn’t change, as strlen() stops at the first one.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-23 17:01:51 +13:00
Philip Withnall
7a4025cac1 gutf8: Add a g_utf8_validate_len() function
This is a variant of g_utf8_validate() which requires the length to be
specified, thereby allowing string lengths up to G_MAXSIZE rather than
just G_MAXSSIZE.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-23 17:01:51 +13:00
Philip Withnall
8e60b3dde0 tests: Use g_assert_null() in gdbus-serialization test
This introduces no real functional changes (except when compiling with
G_DISABLE_ASSERT, in which case it fixes the test). Mostly just a code
cleanup.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-23 17:01:51 +13:00
Philip Withnall
c2c9c7fa3b tests: Tidy up GError handling in gdbus-serialization test
This introduces no functional changes; just a bit of code tidying.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-23 17:01:51 +13:00
Philip Withnall
5f3b393662 gvariant: Clarify internal documentation about GVariant type strings
Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-23 17:01:51 +13:00
Philip Withnall
e03d5a335b gdbusmessage: Check for valid GVariantType when parsing a variant blob
The code was checking whether the signature provided by the blob was a
valid D-Bus signature — but that’s a superset of a valid GVariant type
string, since a D-Bus signature is zero or more complete types. A
GVariant type string is exactly one complete type.

This meant that a D-Bus message with a header field containing a variant
with an empty type signature (for example) could cause a critical
warning in the code parsing it.

Fix that by checking whether the string is a valid type string too.

Unit test included.

oss-fuzz#9810

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-23 17:01:51 +13:00
Philip Withnall
968f1c6cad gdbusmessage: Fix a typo in a documentation comment
Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-23 17:01:51 +13:00
Philip Withnall
50b544e2c0 gdbusmessage: Clarify error returns for g_dbus_message_new_from_blob()
Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-23 17:01:51 +13:00
Philip Withnall
94a9ab3c03 gdbusmessage: Improve documentation for g_dbus_message_get_header()
The caller is responsible for checking the type of the returned
GVariant.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-23 17:01:51 +13:00
Philip Withnall
af712bbce1 gdbusmessage: Validate type of message header signature field
Parsing a D-Bus message with the signature field in the message header
of type other than ‘g’ (GVariant type signature) would cause a critical
warning. Instead, we should return a runtime error.

Includes a test.

oss-fuzz#9825

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-23 17:01:51 +13:00
Philip Withnall
f148687b02 gvariant: Limit GVariant strings to G_MAXSSIZE
When validating a string to see if it’s valid UTF-8, we pass a gsize to
g_utf8_validate(), which only takes a gssize. For large gsize values,
this will result in the gssize actually being negative, which will
change g_utf8_validate()’s behaviour to stop at the first nul byte. That
would allow subsequent nul bytes through the string validator, against
its documented behaviour.

Add a test case.

oss-fuzz#10319

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-23 17:01:51 +13:00
Philip Withnall
7eedcd76f7 gvariant: Check tuple offsets against serialised data length
As with the previous commit, when getting a child from a serialised
tuple, check its offset against the length of the serialised data of the
tuple (excluding the length of the offset table). The offset was already
checked against the length of the entire serialised tuple (including the
offset table) — but a child should not be able to start inside the
offset table.

A test is included.

oss-fuzz#9803

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-23 17:01:51 +13:00
Philip Withnall
5e0b12df1a gvariant: Check array offsets against serialised data length
When getting a child from a serialised variable array, check its offset
against the length of the serialised data of the array (excluding the
length of the offset table). The offset was already checked against the
length of the entire serialised array (including the offset table) — but a
child should not be able to start inside the offset table.

A test is included.

oss-fuzz#9803

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-23 17:01:51 +13:00
Philip Withnall
7c4e6e9fbe gvarianttype: Impose a recursion limit of 128 on variant types
Previously, GVariant has allowed ‘arbitrary’ recursion on GVariantTypes,
but this isn’t really feasible. We have to deal with GVariants from
untrusted sources, and the nature of GVariantType means that another
level of recursion (and hence, for example, another stack frame in your
application) can be added with a single byte in a variant type signature
in the input. This gives malicious input sources far too much leverage
to cause deep stack recursion or massive memory allocations which can
DoS an application.

Limit recursion to 128 levels (which should be more than enough for
anyone™), document it and add a test. This is, handily, also the limit
of 64 applied by the D-Bus specification (§(Valid Signatures)), plus a
bit to allow wrapping of D-Bus messages in additional layers of
variants.

oss-fuzz#9857

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-23 17:01:51 +13:00
Philip Withnall
eb7c9adc3b gvariant: Fix checking arithmetic for tuple element ends
When checking whether a serialised GVariant tuple is in normal form,
it’s possible for `offset_ptr -= offset_size` to underflow and wrap
around, resulting in gvs_read_unaligned_le() reading memory outside the
serialised GVariant bounds.

See §(Tuples) in gvariant-serialiser.c for the documentation on how
tuples are serialised. Briefly, all variable-length elements in the
tuple have an offset to their end stored in an array of offsets at the
end of the tuple. The width of each offset is in offset_size. offset_ptr
is added to the start of the serialised tuple to get the offset which is
currently being examined. The offset array is in reverse order compared
to the tuple elements, hence the subtraction.

The bug can be triggered if a tuple contains a load of variable-length
elements, each of whose length is actually zero (i.e. empty arrays).

Includes a unit test.

oss-fuzz#9801

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-23 17:01:51 +13:00
Philip Withnall
ec5d6ab63d gfileutils: Add examples to g_path_get_dirname() documentation
See https://gitlab.gnome.org/GNOME/glib/merge_requests/326.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-23 14:38:13 +13:00
Philip Withnall
da512adc34 Merge branch 'stap-pass-cflags' into 'master'
build-sys: Pass CFLAGS to $(DTRACE)

See merge request GNOME/glib!403
2018-10-22 22:39:59 +00:00
Nirbheek Chauhan
8b3590c231 meson: Add macOS libtool versioning for ABI compatibility
With this, the compatibility version and current version values in macOS
and iOS dylibs will match the values set by Autotools.

See: https://github.com/mesonbuild/meson/issues/1451
2018-10-22 06:51:32 +05:30
Xavier Claessens
85e2a7d1b7 Merge branch 'ci-msys2-fix-lcovrc-path' into 'master'
ci/msys2: fix path to the lcov config file

See merge request GNOME/glib!405
2018-10-19 14:53:21 +00:00
Xavier Claessens
f745beb973 Merge branch '1542-gdbus-peer' into 'master'
Meson: Fix linking of gdbus-peer test

Closes #1542

See merge request GNOME/glib!350
2018-10-19 14:24:43 +00:00
Xavier Claessens
a46f88ba1b Meson: Fix linking of gdbus-peer test 2018-10-19 10:08:00 -04:00
Xavier Claessens
5c22b2ddde Merge branch '1bit-emufutex-slow' into 'master'
meson: Mark 1bit-emufutex test as slow

See merge request GNOME/glib!406
2018-10-19 13:35:39 +00:00
Simon McVittie
442b54f00c meson: Mark 1bit-emufutex test as slow
Emulated futexes are slower than real ones; if they were not, there
would be no point in using the real futexes. On some machines they
are sufficiently slow to cause test timeouts.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2018-10-19 09:20:25 +01:00
Simon McVittie
da83b44cce Merge branch 'master' into 'master'
grefcount: add missing gatomic.h

See merge request GNOME/glib!400
2018-10-18 19:27:11 +00:00
Michael Catanzaro
4e94164a72 Fix a couple typos in doc comments 2018-10-17 13:23:36 -05:00