See https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4387#note_2269324
This adds a test to increase the code coverage of `nameprep()` in
`ghostutils.c`. It was previously missing coverage of the second
`tolower()` operation. The new test triggers this by using a Unicode
codepoint which cannot be converted to lowercase itself, but which
normalises (NFKC) to uppercase characters which can — a Unicode Roman
numeral.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
It uses a `GArray` to build up the output, and the size of that is
limited to a `guint`, so add an assertion to make sure the code never
requests anything bigger.
Fixes a `-Wshorten-64-to-32` warning.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: #3527
Rename the `tmp` variable to `name_owned` to make its purpose clearer,
and more consistently assign to both it and `name` and `len` (which is
the length of `name`) every time any of them are modified.
This should make the function `const`-correct without the need for
casts, and introduce no functional changes.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Rather than `gint`, which can overflow for long strings, although such
strings would probably have hit hostname length limits already.
This fixes a `-Wshorten-64-to-32` warning.
I looked at changing from `gssize` to `size_t` and handling the `len <
0` case with an explicit early call to `strlen()`, but it didn’t make
things simpler, as the code in `nameprep()` keeps changing the length of
the string as it processes it.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: #3527
When parsing command line options, use `size_t` to hold string lengths.
This introduces no functional changes (any strings long enough to fit in
`size_t` but not in `int` will probably hit command line length limits),
but it does fix a `-Wshorten-64-to-32` warning.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: #3527
This introduces no functional changes, it just splits the declaration of
`j` into three smaller-scoped declarations of the same type. This will
make the following commit clearer.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: #3527
The code uses `strtol()` to parse an integer from a string, then
correctly verifies its range, then it did an implicit cast to `int` to
return the parsed integer. This causes a spurious `-Wshorten-64-to-32`
warning, so add an explicit cast to make the code’s intention clear.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: #3527
This moves all the string length handling in this part of `goption.c` to
use `size_t`. However, we need to assert that the string length is
at most `G_MAXINT` later on, as the length is passed to `printf()` to
add indentation, and it only accepts `int` for that kind of placeholder.
This introduces no functional changes, but does fix some
`-Wshorten-64-to-32` warnings.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: #3527
When parsing the pattern in `g_pattern_spec_new()`, the offsets of
wildcards and jokers were stored in a `gint`. This could overflow with
exceptionally long patterns.
Split the sign out into a separate boolean for `hw_pos` and `hj_pos`
(it’s not necessary for `tw_pos` or `tj_pos` because their sign was
never queried), and use `size_t` to correctly store string offsets.
Fixes a `-Wshorten-64-to-32` warning.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: #3527
The seed is explicitly a `guint32`, so an implicit cast was already
happening. We don’t actually care if there’s a loss of precision here,
as it’s a pseudo-random seed value rather than an ordinal number, so add
an explicit cast to silence the warning.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: #3527
This fixes a `-Wshorten-64-to-32` warning, but there’s no underlying bug
here, as the maximum requested read size is 4 bytes anyway.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: #3527
There’s already a documented explicit cast here, so let’s add the
explicit cast in C to match that. Fixes a `-Wshorten-64-to-32` warning.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: #3527
Use the right-width types for arguments and return values from these
calls, so we don’t get `-Wshorten-64-to-32` warnings.
The `read()` calls can never return enough to overflow an `int` anyway,
as the requested buffer size is limited.
The `lseek()` call could potentially have a huge offset to span, but
only if the `GScanner` was operating on a huge file and somehow had its
pointers at opposite ends of the file. I have not investigated to see if
that is possible.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: #3527
`socklen_t` is defined as an `int`, but we’re putting a `size_t` sized
value into it. Socket paths are guaranteed to fit in a `socklen_t`, so
it’s OK to cast down.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: #3527
`socklen_t` is defined as an `int`, but we’re putting a `size_t` sized
value into it. Socket paths are guaranteed to fit in a `socklen_t`, so
it’s OK to cast down.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: #3527
The documentation for glibc's pthread_setname_np states:
The thread name is a meaningful C language string,
whose length is restricted to 16 characters,
including the terminating null byte ('\0').
The documentation for Solaris' pthread_setname_np states:
The thread name is a string of length 31 bytes or less,
UTF-8 encoded.
Failing to respect this length limitation may lead to no name being
set, which is confusing, since the thread then shows up under the
binary name in gdb. This was happening for the pango worker thread
with the name "[pango] fontconfig".
For g_auto(GVariantBuilder) one needs to initialize it before the
function returns, so it's best to do it when the variable is declared.
G_VARIANT_BUILDER_INIT exists but requires specifying a GVariantType in
the declaration which moves the type away from the usage of the builder
which often results in less readable code. G_VARIANT_BUILDER_INIT also
mentions that it's possible to explicitly zero the variable but this is
hard to find and writing `g_auto(GVariantBuilder) builder = {0,};` is
kind of ugly.
This introduces G_VARIANT_BUILDER_INIT_UNSET which zero initializes the
variable being declared. This gives us documentation and hides the
explicitly zeroing detail:
auto(GVariantBuilder) builder = G_VARIANT_BUILDER_INIT_UNSET ();
Every usage in GLib ensures this but theoretically external code might
pass something else. As this is only meant to be used internally from
GLib, don't support the other case but at least avoid potential out of
bound reads.
The length might be passed explicitly in the field instead, and the
string might not have a NUL-terminator as happens for example when
passed from the Rust bindings.
This might lead to out of bounds reads.
Thanks to Sebastian Wiesner for noticing this.
This fixes commit aac56f1618aabfcf4c6b3ef1ee5b87322208e9ad — I missed
this while reviewing it, but the unit tests were partially changed to
call the new APIs, without being fully changed. This caused the build to
succeed on Linux, but fail on macOS due to using a deprecated API.
Actually, a better approach for the unit tests would be to consistently
call the *old* APIs, as they all immediately call the new APIs. Then we
get coverage of both old and new for free, at the cost of putting
`G_GNUC_BEGIN_IGNORE_DEPRECATIONS` at the top of the test file.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: #3492
UnixMountEntry: Deprecate g_unix_mount_* API in favor of g_unix_mount_entry_* API for GUnixMountEntry methods
Closes#3492
See merge request GNOME/glib!4337
This issue arises because the g_unix_mount_* naming convention does not match
the GUnixMountEntry instance type, confusing the introspection generator.
To resolve this, we are deprecating the g_unix_mount_* API functions that take
a GUnixMountEntry parameter and introducing equivalent g_unix_mount_entry_*
functions that correctly associate with the GUnixMountEntry instance. This change
ensures that introspection data correctly treats these as instance methods and
that documentation reflects proper ownership of returned data.
(Some minor tweaks by Philip Withnall.)
Fixes: #3492
It appears not to work, and nobody interested in FreeBSD has picked it
up to investigate yet.
Rather than have a completely broken implementation of
`g_file_query_exists()` on FreeBSD, let’s settle for using the old one.
It’s slightly slower than the new one, but has worked fine for people
for years.
This essentially reverts commit 65ad41d8a473b4d47f1e470013caff93d50791d8
on FreeBSD. This commit can be reverted when a FreeBSD person
investigates what’s going wrong with the `faccessat()`-based
implementation.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: #3495
