Commit Graph

26744 Commits

Author SHA1 Message Date
Marco Trevisan (Treviño)
e9979b540f meson: Add test to check for strict cast alignments if supported 2022-12-16 20:48:47 +01:00
Thomas Haller
938a1caf89 gtype: avoid "-Wcast-align" warning with optimized G_TYPE_CHECK_INSTANCE_CAST()
We can get a "-Wcast-align", if the target type that we cast to ("ct") has a
larger alignment than GTypeInstance.

That can happen on i686 architecture, if the GObject type has larger
alignment than the parent struct (or GObject). Since on i686, embeding
a "long long" or a "long double" in a struct still does not increase
the alignment beyond 4 bytes, this usually only happens when using the
__attribute__() to increase the alignment (or to have a field that has
the alignment increased).

It can happen on x86_64 when having a "long double" field.

The compiler warning is hard to avoid but not very useful, because it purely
operates on the pointer types at compile time. G_TYPE_CHECK_INSTANCE_CAST()
instead asserts (in non-optimized mode) that the pointer really points
to the expected GTypeInstance (and if that's the case, then the alignment
should be suitable already).

This is like in commit ed553e8e30 ('gtype: Eliminate -Wcast-align warnings
with G_TYPE_CHECK_INSTANCE_CAST'). But also fix the optimized code path.

With the unpatched G_TYPE_CHECK_INSTANCE_CAST() macro, the unit test would
now show the problem (with gcc-9.3.1-2.fc30.i686 or
gcc-12.2.1-4.fc37.x86_64):

  $ export G_DISABLE_CAST_CHECKS=1
  $ export CFLAGS='-Wcast-align=strict'
  $ meson build
  $ ninja -C build
  ...
  In file included from ../gobject/gobject.h:26,
                   from ../gobject/gbinding.h:31,
                   from ../glib/glib-object.h:24,
                   from ../gobject/tests/objects-refcount1.c:2:
  ../gobject/tests/objects-refcount1.c: In function ‘my_test_dispose’:
  ../gobject/gtype.h:2523:42: warning: cast increases required alignment of target type [-Wcast-align]
   2523 | #  define _G_TYPE_CIC(ip, gt, ct)       ((ct*) ip)
        |                                          ^
  ../gobject/gtype.h:517:66: note: in expansion of macro ‘_G_TYPE_CIC’
    517 | #define G_TYPE_CHECK_INSTANCE_CAST(instance, g_type, c_type)    (_G_TYPE_CIC ((instance), (g_type), c_type))
        |                                                                  ^~~~~~~~~~~
  ../gobject/tests/objects-refcount1.c:9:37: note: in expansion of macro ‘G_TYPE_CHECK_INSTANCE_CAST’
      9 | #define MY_TEST(test)              (G_TYPE_CHECK_INSTANCE_CAST ((test), G_TYPE_TEST, GTest))
        |                                     ^~~~~~~~~~~~~~~~~~~~~~~~~~
  ../gobject/tests/objects-refcount1.c:96:10: note: in expansion of macro ‘MY_TEST’
     96 |   test = MY_TEST (object);
        |          ^~~~~~~
2022-12-16 20:48:06 +01:00
Marco Trevisan (Treviño)
8465c1a055 ghash: Use unsigned types for number of nodes and occupied ones
It has always been considered an unsigned value, and we also returned it
straight as int in g_hash_table_size(), but it was actually used as an
int.

So use the same type of g_hash_table_size(). Not using more standard
unsigned not to risk that it may different from the guint typedef.
2022-12-16 19:33:01 +01:00
Philip Withnall
abd76e0286 Merge branch 'ghash-keys+values-arrays' into 'main'
ghash: Add APIs to get (and steal) hash table keys and values as GPtrArray

See merge request GNOME/glib!3130
2022-12-16 18:32:10 +00:00
Philip Withnall
a8826215b0 Merge branch 'fix-cancellable-connect-race' into 'main'
GCancellable: Ensure it is always cancelled on connect callback

See merge request GNOME/glib!2764
2022-12-16 18:11:03 +00:00
Philip Withnall
cc113b710a Merge branch 'array-direct-insert' into 'main'
garray: Add support adding literal values

See merge request GNOME/glib!3129
2022-12-16 17:57:24 +00:00
Marco Trevisan (Treviño)
3cad948f46 gdbusdaemon: Simplify name listing code using only arrays 2022-12-16 18:45:37 +01:00
Marco Trevisan (Treviño)
52900ed6b0 gdbusobjectskeleton: Get the ifaces via array instead of list 2022-12-16 18:45:36 +01:00
Marco Trevisan (Treviño)
036dabcff9 gdbus-tool: Steal set values passing the ownership to an array 2022-12-16 18:45:36 +01:00
Marco Trevisan (Treviño)
1eb7f3177d gdbusobjectmanagerclient: Simplify g-name-owner changes code
We can avoid further copies and unneeded ref/unrefs.
2022-12-16 18:45:36 +01:00
Marco Trevisan (Treviño)
0e56d2f5db gdbusmessage: Get message headers keys as arrays
We eventually need to return them as an array anyways.
Sadly we can't just reuse such memory because each element is a pointer and
not a guchar, but still we can be cheaper in various operations.
2022-12-16 18:45:36 +01:00
Marco Trevisan (Treviño)
1e699edf0e gdbusaddress: Use simpler hash table keys as arrays
We don't really need the lists overhead here, so let's just use the simpler
forms.
2022-12-16 18:45:36 +01:00
Marco Trevisan (Treviño)
5d5d12112b gdbusaddress: Use simpler hash table keys as arrays
We don't really need the lists overhead here, so let's just use the simpler
forms.
2022-12-16 18:45:36 +01:00
Marco Trevisan (Treviño)
e733a3db10 gdbusconnection: Avoid copying connection registered set values twice 2022-12-16 18:45:36 +01:00
Marco Trevisan (Treviño)
d68e7bc84a ghash: Add functions to steal all keys and values preserving ownership
Add functions to steal all the keys or values from a ghash (especially
useful when it's used as a set), passing the ownership of then to a
GPtrArray container that preserves the destroy notify functions.
2022-12-16 18:45:36 +01:00
Marco Trevisan (Treviño)
d2c3f7f513 ghash: Add APIs to get hash table keys and values as GPtrArray
GPtrArray's are faster than lists and provide more flexibility, so add
APIs to get hash keys and values using these containers too.

Given that we know the size at array initialization we can optimize the
allocation quite a bit, making it faster than the API using GList both at
creation time and for consumers.
2022-12-16 18:45:36 +01:00
Marco Trevisan (Treviño)
ab621e15b5 garray: Add support adding literal values
GArray's g_array_append_val(), g_array_prened_val() and g_array_insert_val()
macros required an user to use literals to add a new value.

This could be inconvenient at times, but it's possible to avoid this with
recent compilers, in fact in case glib_typeof is defined we can take
advantage of it, to initialize a temporary variable to store the literal
value and pass its address to the actual function.
2022-12-16 18:13:28 +01:00
Philip Withnall
aee72d3dce Merge branch 'concurrent-rand' into 'main'
tests/slice-concurrent.c: avoid using rand() from multiple threads

See merge request GNOME/glib!3141
2022-12-16 17:00:56 +00:00
Alexander Richardson
9f558a2c50 tests/slice-concurrent.c: avoid using rand() from multiple threads 2022-12-16 17:00:56 +00:00
Philip Withnall
58521101b3 Merge branch 'wip/smcv/gvariant-big-endian' into 'main'
gvariant-serialiser: Convert endianness of offsets

Closes #2839

See merge request GNOME/glib!3136
2022-12-16 13:32:39 +00:00
Simon McVittie
0e3b21000d Merge branch 'posix_memalign-requirements' into 'main'
tests/gvariant.c: ensure posix_memalign alignment argument is correct

See merge request GNOME/glib!3145
2022-12-16 13:24:52 +00:00
Simon McVittie
ba2137b0d9 gvariant-serialiser: Convert endianness of offsets
The array of offsets is little-endian, even on big-endian architectures
like s390x.

Fixes: ade71fb5 "gvariant: Don’t allow child elements to overlap with each other"
Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/2839
Signed-off-by: Simon McVittie <smcv@collabora.com>
2022-12-16 13:03:37 +00:00
Simon McVittie
8b80c451a5 Merge branch 'wip/pwithnall/temporarily-disable-freebsd' into 'main'
ci: Temporarily only run the FreeBSD 13 CI on a schedule

See merge request GNOME/glib!3147
2022-12-16 13:01:59 +00:00
Simon McVittie
79cddc6c75 Merge branch 'varargs-missing-argument' into 'main'
tests/gdbus-method-invocation: Fix missing g_variant_new() argument

See merge request GNOME/glib!3142
2022-12-16 12:53:37 +00:00
Philip Withnall
4f5bd5439e ci: Temporarily only run the FreeBSD 13 CI on a schedule
Rather than on every commit, because the CI runner is currently broken:
https://gitlab.gnome.org/Infrastructure/GitLab/-/issues/594.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: !3136
2022-12-16 12:34:03 +00:00
Alex Richardson
994f96fb2b tests/gdbus-method-invocation: Fix missing g_variant_new() argument
I noticed this when running the test on an Arm Morello system where varargs
have bounds. g_variant_new() was trying to read an integer using va_arg(),
but since there was no argument it resulted in a bounds errors there.
On most other architectures this will just read whatever value is contained
in the next argument register and is not something that ASan can detect, so
it never resulted in test failures.
2022-12-16 10:28:50 +00:00
Alex Richardson
58f70cebb6 Fix test_aligned_mem for Morello
On Arm Morello sizeof(void*) is 16 bytes so we fail the check for
`(alignment % sizeof (void *)) != 0))` in gmem.c.
2022-12-15 23:50:23 +00:00
Alex Richardson
34236af33c tests/gvariant.c: ensure posix_memalign alignment argument is correct
posix_memalign() requires the alignment to be a multiple of sizeof(void*),
and a power of 2. Passing 8 does not fulfil both of those constraints on
Arm Morello which resulted in a "posix_memalign failed" test failure.

Co-authored-by: Graeme Jenkinson <graeme@capabilitieslimited.co.uk>
2022-12-15 23:50:23 +00:00
Marco Trevisan (Treviño)
cdda03a690 GCancellable: Ensure it is always cancelled on connect callback
When a cancellable is cancelled when we call g_cancellable_connect we
used to immediately call the provided callback, while this is fine we
actually had race in case the cancellable was about to be reset or in
the middle of a cancellation.

In fact it could happen that when we released the mutex, another thread
could reset the cancellable just before the callback is actually called
and so leading to call it with g_cancellable_cancelled() == FALSE.

So to handle this, make disconnect and reset function to wait for
connection emission to finish, not to break their assumptions.

This can be tested using some "brute-force" tests where multiple threads
are racing to connect and disconnect while others are cancelling and
resetting a cancellable, ensuring that all works as we expect.
2022-12-15 19:30:43 +01:00
Marco Trevisan (Treviño)
f520066563 gutils: Add a private API to unset the cached temporary directory
We may need to avoid using a cached temp directory for testing purposes,
so let's provide an internal API to perform such task.

This implies removing GOnce and going with mutex-based version, but
that's still using atomic logic in most unix implementations anyways.
2022-12-15 17:29:00 +01:00
Marco Trevisan
ded3099afc Merge branch 'coverity-fix' into 'main'
gtestutils: Check for failure to setenv() and return

See merge request GNOME/glib!3132
2022-12-14 16:35:13 +00:00
Philip Withnall
8a60c22bb4 Merge branch '861-dbus-menu-model-robustness' into 'main'
gmenumodel: disallow exporting large menus on the bus

Closes #861

See merge request GNOME/glib!3133
2022-12-14 16:18:07 +00:00
Lars Uebernickel
89a7bbcf6e gmenumodel: disallow exporting large menus on the bus
This solves problems with validating untrusted inputs from D-Bus, where
invalid numbers of added and removed menu entries, and positions, could
be specified.

Original patch from
https://bugzilla.gnome.org/show_bug.cgi?id=728733#c7, tweaked by Philip
Withnall to add a few code comments and make
`G_MENU_EXPORTER_MAX_SECTION_SIZE` public so callers can check their
inputs against it if they want. Also tweaked to use `g_warning()` instead
of the nonexistent `g_dbus_warning()`.

Fixes: #861
2022-12-14 15:42:14 +00:00
Marco Trevisan
6d5c623510 Merge branch '2835-gapplication-test-failure' into 'main'
tests: Release GApplication a little later to avoid assertion failures

Closes #2835

See merge request GNOME/glib!3131
2022-12-14 15:39:47 +00:00
Philip Withnall
b012c3470b gtestutils: Check for failure to setenv() and return
This is very unlikely to happen, but it makes Coverity happier.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Coverity CID: #1474388
2022-12-14 15:11:10 +00:00
Philip Withnall
a2c8a8c630 tests: Release GApplication a little later to avoid assertion failures
If it takes one more `GMainContext` cycle than expected for the
`activate` signals to be handled, the `GApplication` under test can be
released too early, and the test will fail due to not seeing a high
enough value of `n_activations`.

Hopefully avoid that by moving the release to a low priority idle
callback.

This fix is only hopeful because I’ve only been able to reproduce the
failure on FreeBSD CI and not locally.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2835
2022-12-14 09:33:18 +00:00
Marco Trevisan
a0dbaeed2f Merge branch 'more-gobject-performance-tests' into 'main'
More gobject performance tests

See merge request GNOME/glib!3124
2022-12-14 02:46:28 +00:00
Marco Trevisan (Treviño)
c6f252108c gobject/tests/performance: Add object get/set performance tests 2022-12-14 03:05:50 +01:00
Marco Trevisan (Treviño)
77a2d26ea2 gobject/tests/performance: Add object notify performance tests 2022-12-14 03:05:50 +01:00
Marco Trevisan
3df4a0225c Merge branch 'security-docs-fix' into 'main'
docs: Update SECURITY to stop mentioning a deprecated mailing list

See merge request GNOME/glib!3127
2022-12-14 02:03:05 +00:00
Philip Withnall
4eb9b09014 Merge branch '2121-2540-2794-2797-gvariant-normal-forms' into 'main'
Various fixes to normal form handling in GVariant

Closes #2121, #2540, #2794, and #2797

See merge request GNOME/glib!3125
2022-12-13 19:52:21 +00:00
Philip Withnall
1309719c50 docs: Update SECURITY to stop mentioning a deprecated mailing list
Discourse has replaced the GNOME mailing lists.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-12-13 19:16:35 +00:00
Philip Withnall
a70a16b28b gvariant: Allow g_variant_byteswap() to operate on tree-form variants
This avoids needing to always serialise a variant before byteswapping it.
With variants in non-normal forms, serialisation can result in a large
increase in size of the variant, and a lot of allocations for leaf
`GVariant`s. This can lead to a denial of service attack.

Avoid that by changing byteswapping so that it happens on the tree form
of the variant if the input is in non-normal form. If the input is in
normal form (either serialised or in tree form), continue using the
existing code as byteswapping an already-serialised normal variant is
about 3× faster than byteswapping on the equivalent tree form.

The existing unit tests cover byteswapping well, but need some
adaptation so that they operate on tree form variants too.

I considered dropping the serialised byteswapping code and doing all
byteswapping on tree-form variants, as that would make maintenance
simpler (avoiding having two parallel implementations of byteswapping).
However, most inputs to `g_variant_byteswap()` are likely to be
serialised variants (coming from a byte array of input from some foreign
source) and most of them are going to be in normal form (as corruption
and malicious action are rare). So getting rid of the serialised
byteswapping code would impose quite a performance penalty on the common
case.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2797
2022-12-13 19:04:15 +00:00
Philip Withnall
4c4cf568f0 gvariant: Fix g_variant_byteswap() returning non-normal data sometimes
If `g_variant_byteswap()` was called on a non-normal variant of a type
which doesn’t need byteswapping, it would return a non-normal output.

That contradicts the documentation, which says that the return value is
always in normal form.

Fix the code so it matches the documentation.

Includes a unit test.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2797
2022-12-13 19:04:15 +00:00
Philip Withnall
5f4485c4ff gvariant-serialiser: Check offset table entry size is minimal
The entries in an offset table (which is used for variable sized arrays
and tuples containing variable sized members) are sized so that they can
address every byte in the overall variant.

The specification requires that for a variant to be in normal form, its
offset table entries must be the minimum width such that they can
address every byte in the variant.

That minimality requirement was not checked in
`g_variant_is_normal_form()`, leading to two different byte arrays being
interpreted as the normal form of a given variant tree. That kind of
confusion could potentially be exploited, and is certainly a bug.

Fix it by adding the necessary checks on offset table entry width, and
unit tests.

Spotted by William Manley.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2794
2022-12-13 18:20:16 +00:00
Philip Withnall
f98c60e4ee gvariant: Fix a leak of a GVariantTypeInfo on an error handling path
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-12-13 18:15:20 +00:00
Philip Withnall
c2dc74e2ec gvariant: Cut allocs of default values for children of non-normal arrays
This improves a slow case in `g_variant_get_normal_form()` where
allocating many identical default values for the children of a
variable-sized array which has a malformed offset table would take a lot
of time.

The fix is to make all child values after the first invalid one be
references to the default value emitted for the first invalid one,
rather than identical new `GVariant`s.

In particular, this fixes a case where an attacker could create an array
of length L of very large tuples of size T each, corrupt the offset table
so they don’t have to specify the array content, and then induce
`g_variant_get_normal_form()` into allocating L×T default values from an
input which is significantly smaller than L×T in length.

A pre-existing workaround for this issue is for code to call
`g_variant_is_normal_form()` before calling
`g_variant_get_normal_form()`, and to skip the latter call if the former
returns false. This commit improves the behaviour in the case that
`g_variant_get_normal_form()` is called anyway.

This fix changes the time to run the `fuzz_variant_binary` test on the
testcase from oss-fuzz#19777 from >60s (before being terminated) with
2.3GB of memory usage and 580k page faults; to 32s, 8.3MB of memory
usage and 1500 page faults (as measured by `time -v`).

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2540
oss-fuzz#19777
2022-12-13 18:15:20 +00:00
Philip Withnall
168f9b42e5 gvariant: Add internal g_variant_maybe_get_child_value()
This will be used in a following commit.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2540
2022-12-13 18:15:19 +00:00
Philip Withnall
e6490c84e8 gvariant: Port g_variant_deep_copy() to count its iterations directly
This is equivalent to what `GVariantIter` does, but it means that
`g_variant_deep_copy()` is making its own `g_variant_get_child_value()`
calls.

This will be useful in an upcoming commit, where those child values will
be inspected a little more deeply.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2121
2022-12-13 18:15:19 +00:00
Philip Withnall
35dee77ed8 gvariant: Clarify the docs for g_variant_get_normal_form()
Document how non-normal parts of the `GVariant` are handled.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-12-13 18:15:19 +00:00