The length argument to `g_checksum_update()` is signed, allowing
`length < 0` to indicate a nul-terminated input string. However, most of
the `GHmac` machinery which calls `g_checksum_update()` uses unsigned
`gsize`s.
If any of those sizes exceed `G_MAXSSIZE` (which is very unlikely and
could only happen with a buggy caller), the unsigned-to-signed
conversion would wrap and cause `g_checksum_update()` to inappropriately
interpret the input as nul-terminated.
Fix that by adding a load of assertions and making the
unsigned-to-signed comparisons explicit.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Coverity CID: #1486807
Move the lcovrc file to the root of the project, so that it’s picked up
by Meson when running `ninja coverage` locally.
See https://github.com/mesonbuild/meson/issues/4628
This won’t affect the code coverage run on the CI, since that explicitly
used the lcovrc file already.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
This fixes a scan-build warning:
```
../../../../source/glib/gio/glocalfileinfo.c:1661:28: warning: Although the value stored to 'mydirname' is used in the enclosing expression, the value is never actually read from 'mydirname' [deadcode.DeadStores]
mydirname = g_strdup (dirname),
^ ~~~~~~~~~~~~~~~~~~
```
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #1767
`ret` was never read. This fixes scan-build warnings:
```
../../../../source/glib/glib/tests/thread.c:148:8: warning: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret' [deadcode.DeadStores]
if ((ret = prlimit (getpid (), RLIMIT_NPROC, &nl, &ol)) != 0)
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../source/glib/glib/tests/thread.c:174:8: warning: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret' [deadcode.DeadStores]
if ((ret = prlimit (getpid (), RLIMIT_NPROC, &ol, NULL)) != 0)
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #1767
This introduces no functional changes, but reworks the array indexing so
that scan-build has a better idea about the array bounds. This squashes
the scan-build warning:
```
../../../../source/glib/glib/gdatetime.c:2292:20: warning: The left operand of '>=' is a garbage value [core.UndefinedBinaryOperatorResult]
if (days [i] >= day_of_year)
~~~~~~~~ ^
```
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #1767
`path` was used in building the error message after it had been freed.
Spotted by scan-build.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #1767
This will probably make no functional difference, but will squash two
warnings from scan-build:
```
../../../../source/glib/gio/gsocket.c:503:14: warning: Assigned value is garbage or undefined [core.uninitialized.Assign]
family = address.storage.ss_family;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../source/glib/gio/gsocket.c:527:29: warning: Assigned value is garbage or undefined [core.uninitialized.Assign]
socket->priv->family = address.storage.ss_family;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~
```
It seems like a reasonable thing to warn about. Initialising the full
union to zero should avoid any possibility of undefined behaviour like
that.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #1767
This fixes a scan-build warning:
```
../../../../source/glib/gio/tests/gdbus-tests.c:146:3: warning: Value stored to 'watch_id' is never read [deadcode.DeadStores]
watch_id = 0;
^
```
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #1767
This fixes a scan-build warning:
```
../../../../source/glib/glib/gmain.c:4193:18: warning: 2nd function call argument is an uninitialized value [core.CallAndMessage]
while ((nfds = g_main_context_query (context, max_priority, &timeout, fds,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
This is a valid situation which can occur if the preceding
`g_main_context_prepare()` call returns `FALSE` and doesn’t set
`max_priority`.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #1767
This will probably make no functional difference, but will squash a
warning from scan-build:
```
../../../../source/glib/glib/gmessages.c:2243:42: warning: The left operand of '==' is a garbage value [core.UndefinedBinaryOperatorResult]
if (err == 0 && addr.storage.ss_family == AF_UNIX)
~~~~~~~~~~~~~~~~~~~~~~ ^
```
It seems like a reasonable thing to warn about. Initialising the full
union to zero should avoid any possibility of undefined behaviour like
that.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #1767
Tested using:
```sh
touch ~/foo
gio set ~/foo -t bytestring user::test "\x00\x00"
```
(it doesn’t matter that this fails; the bytestring is still decoded)
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Coverity CID: #1474407
These `memcpy()` calls only happen if `g_inet_address_get_family(group)
== G_SOCKET_FAMILY_IPV4`, so the assertions should never fail.
It’s helpful for understanding the code, and for static analysis, to add
the assertions though.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Coverity CID: #1486858
Remove unused tests/timelooop.c and tests/timeloop-basic.c because
these programs are manual performance tests which are no more relevant
for glib. They were used for the writing of GMainLoop but since then
they haven't not much been used in 22 years, it is safe to remove them.
Helps issue #1434
Inspired by https://gitlab.gnome.org/GNOME/glib/-/issues/2638.
This requires moving the tests to subprocesses, so that
`g_log_set_writer_func()` is only called once per process.
It also adds a test for the new error.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>