Commit Graph

16285 Commits

Author SHA1 Message Date
Hanno Boeck
aead1c046d GVariant text: fix scan of positional parameters
The scanning to find the end of a positional parameter designator in
GVariant text format (e.g. '%i') is currently broken in case the 'end'
pointer is not specified.

The scan is controlled by a somewhat complicated loop that needs to deal
properly with cases like (123, %(ii)) [where '%(ii)' is to be taken
together, but the final ')' not].

This loop missed the case where a format string passed to
g_variant_new_parsed() ended immediately after such a conversion, with a
nul character.  In this case the 'end' pointer is NULL, so the only way
we can find the end is by scanning for nul in the string.

In case of g_variant_new_parsed() [which is what this code was designed
to be used for], the bug is somewhat unlikely in practice: the only way
that a valid text-form GVariant could ever contain a positional
parameter replacement at the end of the string is if this positional
parameter were the only thing being returned.  In that case, the user
would likely have opted for a more direct approach.

Unfortunately, this code is also active in the tokenisation phase of
g_variant_parse(), before positional parameters are rejected as invalid
for that case.  Anyone who calls this function with a nul-terminated
string (and no end pointer) is vulnerable to a crash from malicious user
input.  This can be seen, at the very least with many commandline tools:

  $ dconf write /x '%i'
  Segmentation fault

We fix this problem by searching for the nul character in this case, in
addition to comparing the end pointer.

This problem is almost certainly limited to being able to cause crashes.
The loop in question only performs reads and, in the security-sensitive
case, the token will be quickly rejected after the loop is finished
(since it starts with '%' and the 'app' pointer is unset).  This is
further mitigated by the fact that there are no known cases of GVariant
text format being used as part of a protocol at a privilege barrier.
2016-02-22 08:48:44 -05:00
Artur de Aquino Morais
21c15080bd Updated Brazilian Portuguese translation 2016-02-21 14:17:14 +00:00
Piotr Drąg
ca10ad1f54 Updated Polish translation 2016-02-20 16:30:05 +01:00
Tobias Nygren
0d0db60959 gio/gtestdbus.c: don't use non-standard %m printf modifier
https://bugzilla.gnome.org/show_bug.cgi?id=756706
2016-02-19 11:29:32 +00:00
Мирослав Николић
c40422f9e6 Updated Serbian translation 2016-02-18 21:05:07 +01:00
Allison Ryan Lortie
1d0f75f629 Update maintainer record in DOAP 2016-02-18 12:15:35 -05:00
Milo Casagrande
a484ca1bbd Updated Italian translation 2016-02-18 13:22:05 +00:00
Lars Uebernickel
b32f8ba19b gapplication: add a way to override the app-id
Some applications support running in a mode where they present
themselves as a different application to the user (for example web
browsers or terminals).

To facilitate this, add an option --gapplication-app-id which allows
users to override an application's id from desktop files or similar.

Applications need to opt-in to this by setting the
G_APPLICATION_CAN_OVERRIDE_APP_ID flag.

https://bugzilla.gnome.org/show_bug.cgi?id=743933
2016-02-18 08:18:58 -05:00
Milo Casagrande
15dea440c4 Updated Italian translation 2016-02-18 13:16:18 +00:00
Matthias Clasen
caf03300e5 Remove leftover markup 2016-02-17 20:10:43 -05:00
Cole Robinson
a3a97dca3a gsettings: schema_list should use the passed schema's source
currently schema_list will iterate over the default SchemaSource
list, and not the one associated with the passed in Schema. This
means schema_list can give incorrect results for a Schema fetched
from a non-default SchemaSource, like via new_from_directory.

https://bugzilla.gnome.org/show_bug.cgi?id=757506
2016-02-16 10:57:58 -05:00
Allison Ryan Lortie
9d54f806e5 GLib 2.47.6 2016-02-16 06:35:12 -05:00
Matthias Clasen
5918f9609e Updates 2016-02-15 15:53:06 -05:00
Chao-Hsiung Liao
3f29f7272c Updated Chinese (Taiwan) translation 2016-02-13 06:37:02 +00:00
Anders Jonsson
4a213a2fed Updated Swedish translation 2016-02-12 22:26:43 +00:00
Emmanuele Bassi
1964a8726b macros: Fix Clang attribute detection
For attributes we have to use __has_attribute().

https://bugzilla.gnome.org/show_bug.cgi?id=761843
2016-02-10 22:37:41 +00:00
Rafael Fontenelle
c7f540b9e9 Updated Brazilian Portuguese translation 2016-02-10 17:31:53 +00:00
coypu
0817af40e8 gdate: Suppress string format literal warning
Newer versions of GCC emit an error here, but we know it's safe.
https://bugzilla.gnome.org/761550
2016-02-08 10:26:58 +01:00
Piotr Drąg
ac84fbfca3 Updated Polish translation 2016-02-06 15:43:33 +01:00
Dušan Kazik
30ff647a7c Updated Slovak translation 2016-02-06 14:18:18 +00:00
Ignacio Casal Quinteiro
19fd89f8db registrybackend: avoid adding a new child when we return the root 2016-02-05 12:05:02 +01:00
Ignacio Casal Quinteiro
63b0f1087d registrybackend: another cleanup creating a registry cache item 2016-02-05 11:39:30 +01:00
Ignacio Casal Quinteiro
c73e9fc36a registrybackend: use registry_cache_add_item instead of creating manually 2016-02-05 11:14:24 +01:00
Ignacio Casal Quinteiro
bd3dd1cd48 registrybackend: get whether a key is writable or not 2016-02-05 10:44:45 +01:00
Руслан Ижбулатов
604ca89176 registrybackend: do convert values to UTF-16
Perform conversion before writing a value out of the cache into the registry,
and convert back when reading a value into the cache out of the registry.
The registry holds UTF-8 strings.
2016-02-05 09:40:30 +01:00
Руслан Ижбулатов
c4d943186e registrybackend: fix memory leak 2016-02-05 09:39:21 +01:00
Ignacio Casal Quinteiro
b8fc289e8f registrybackend: remove useless include 2016-02-04 12:44:11 +01:00
Ignacio Casal Quinteiro
74442a0b8c registrybackend: do not leak self if there are no items 2016-02-04 11:16:45 +01:00
Ignacio Casal Quinteiro
dc97bb9b9b registrybackend: handle readability of the keys
If a key is removed or it cannot be read anymore we should
notify the backend about it so it fallbacks to the default
value.
2016-02-04 11:02:46 +01:00
Ignacio Casal Quinteiro
05dd91a0b6 registrybackend: use unicode calls intead of the ansi ones
https://bugzilla.gnome.org/show_bug.cgi?id=761504
2016-02-04 08:59:59 +01:00
Ignacio Casal Quinteiro
7161d70955 registrybackend: remove useless get_permission override
The base class does the same
2016-02-04 07:55:25 +01:00
Ignacio Casal Quinteiro
259a61ed2d registrybackend: pass the event to the cache update
This way the registry cache has more control to specify what has
changed.
2016-02-03 19:19:50 +01:00
Rico Tzschichholz
e3189527dc gio/gobject: Various introspection fixes 2016-02-03 18:13:49 +01:00
Ignacio Casal Quinteiro
c7ea434e2c registrybackend: properly propagate the partial key name 2016-02-03 13:10:09 +01:00
Matej Urbančič
7522d5c982 Updated Slovenian translation 2016-02-02 17:50:11 +01:00
Rico Tzschichholz
927a4ed2f4 gstring: Explictly annotate return-values with (transfer none/full)
https://bugzilla.gnome.org/show_bug.cgi?id=744570
2016-02-02 17:38:05 +01:00
Ignacio Casal Quinteiro
f1a5e394b0 registrybackend: rename touched flag to readable
This is a flag used to understand if a key exists on the registry
and if it is readable. It makes more sense to rename it as readable
since anyway a key that does not exists anymore is a key that is
not readable.
2016-02-02 14:48:22 +01:00
Ignacio Casal Quinteiro
5cc997f7c4 registrybackend: close the key only if successfully opened 2016-02-02 11:08:50 +01:00
Ignacio Casal Quinteiro
bf3f827ca1 registrybackend: use ptr_array_new_with_free_func 2016-02-02 11:08:42 +01:00
Ignacio Casal Quinteiro
9098a7f927 registrybackend: minor style cleanup 2016-02-02 11:04:56 +01:00
Rico Tzschichholz
d268d9f86a socket: Fix annotation of g_socket_receive_message
https://bugzilla.gnome.org/show_bug.cgi?id=761337
2016-02-02 10:15:04 +01:00
Rico Tzschichholz
ec173eb654 application: Fix annoation of g_application_add_option_group
https://bugzilla.gnome.org/show_bug.cgi?id=761337
2016-02-02 10:11:08 +01:00
Ignacio Casal Quinteiro
169cfb250f registrybackend: avoid signed/unsigned comparison warnings 2016-02-01 14:25:05 +01:00
Ignacio Casal Quinteiro
b0776ddd18 registrybackend: use G_DECLARE_FINAL_TYPE 2016-02-01 14:24:46 +01:00
Alexander Shopov
2d7cac366d Updated Bulgarian translation 2016-02-01 06:21:09 +02:00
Daniel Mustieles
9183960df2 Updated Spanish translation 2016-01-31 22:25:10 +01:00
Hashem Nasarat
c5931d1a16 docs: fix grammar in Writing GLib Applications/Threads 2016-01-31 12:54:28 -05:00
Sébastien Wilmet
95dd373024 docs: better documentation for g_file_info_copy_into()
The documentation of g_file_info_copy_into() was misleading. The
attributes are not just copied, @dest_info is also cleared at the
beginning. So any previously set attributes in @dest_info are lost.

There was a bug in gedit about this function, where some metadata were
not saved. So it might make sense to change the implementation to not
clear @dest_info, and copy one by one the attributes from @src_info to
@dest_info.

https://bugzilla.gnome.org/show_bug.cgi?id=747927
2016-01-28 20:31:53 +01:00
Sébastien Wilmet
f14052461b docs: GRegex: @start_position is in bytes
The start_position arguments are passed to pcre_exec() as the
startoffset, which is in bytes (not characters).

I had recently a doubt about this, so it's better to document it.

https://bugzilla.gnome.org/show_bug.cgi?id=747927
2016-01-28 18:49:28 +01:00
Sébastien Wilmet
a4ed89bf75 docs: improve doc of g_file_info_list_attributes()
The name_space can be NULL.

https://bugzilla.gnome.org/show_bug.cgi?id=747927
2016-01-28 18:49:28 +01:00