Commit Graph

22673 Commits

Author SHA1 Message Date
Philip Withnall
b4c2e4d553 gdate: Validate input as UTF-8 before parsing
Dates have to be valid UTF-8.

oss-fuzz#28458

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-09 12:07:41 +00:00
Philip Withnall
a9fc7e5935 gosxappinfo: Add some more precondition checks
These might help catch the problem in #2119 earlier on, and provide more
information about its root cause.

They should not affect behaviour in normal application usage.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2119
2020-12-09 11:44:37 +00:00
Philip Withnall
2a629b3b4b gosxappinfo: Use strlen() instead of some magic constants
This is equivalent, but makes the code a bit more readable.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-09 11:44:14 +00:00
Philip Withnall
1862a900b1 gosxappinfo: Fix some const-correctness issues
This is technically an API break, as the following assignment may now
raise warnings in user code:
```
gchar *filename = g_osx_app_info_get_filename (app_info);
```

However, from code search it seems like the number of users of that
function is zero.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-09 11:41:38 +00:00
Frederic Martinsons
c3a073e96f Add gio launch command to execute desktop file
This command will try to execute a desktop file, before that
it will load the input as a keyfile for checking its existence
and its validity (as a keyfile).
File arguments are allowed after the desktop file.

Closes #54

Signed-off-by: Frederic Martinsons <frederic.martinsons@sigfox.com>
2020-12-09 08:15:42 +01:00
Philip Withnall
ba62118122 Merge branch 'weak-notify-dispose' into 'master'
Handle the case of g_object_run_dispose() in GBinding

Closes #2265

See merge request GNOME/glib!1786
2020-12-08 19:57:27 +00:00
Sebastian Dröge
e82eb490fe Handle the case of g_object_run_dispose() in GBinding
When this is called on the source or target, the weak notify of the
corresponding object is called without the GWeakRef being cleared.
See https://gitlab.gnome.org/GNOME/glib/-/issues/2266 for that issue.

This means that a strong reference to these zombie objects can be
retrieved from the GWeakRefs and the previous assumption that this can't
happen was wrong. Remove the assertion for that accordingly and handle
this case.

Specifically, all signal handlers and weak notifies of the object are
already gone and must not be disconnected/removed a second time, or
otherwise memory corruption would be caused. Instead just set the
GWeakRef to NULL and handle it otherwise as if the GWeakRef didn't give
a strong reference to begin with.

Fixes https://gitlab.gnome.org/GNOME/glib/-/issues/2265
2020-12-08 18:41:27 +02:00
Sebastian Dröge
a2de4b2479 Clarify in g_object_weak_ref() docs that the callback is called during disposing and not finalizing
This especially has the effect that any GWeakRefs to the object will not
necessarily be set to NULL yet if called as part of
g_object_run_dispose() and not as part of g_object_unref().
2020-12-08 18:09:50 +02:00
Philip Withnall
c3f613af0c Merge branch 'coverity-fixes' into 'master'
glocalfile: Add an assertion to help static analysis

See merge request GNOME/glib!1785
2020-12-08 15:56:05 +00:00
Sebastian Dröge
ec330e50cf Merge branch 'more-fuzzing' into 'master'
fuzzing: Add more fuzzing tests for various string parsing functions

See merge request GNOME/glib!1784
2020-12-08 15:10:14 +00:00
Philip Withnall
d5778ec479 gvariant: Clarify operator precedence
This doesn’t change the behaviour of the code, but should squash some
compiler/static analysis warnings about ‘are you sure you got the
precedence right here?’.

Coverity CID: #1159470

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-08 12:17:00 +00:00
Philip Withnall
3a7acd24a9 glocalfile: Add an assertion to help static analysis
Static analysis of the call to `g_dir_new_from_dirp()` is tricky,
because the call is across library boundaries and indirected through a
vfunc map because it’s private to libglib.

Help the static analyser by adding an assertion about the input and
output values for `g_dir_new_from_dirp()`.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-08 11:16:43 +00:00
Philip Withnall
105f4a0f39 fuzzing: Add more fuzzing tests for various string parsing functions
There’s no explicit guarantee that any of these functions are safe to
use on untrusted data, but it does no harm to test them.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-08 11:07:43 +00:00
Philip Withnall
b201e028b2 Merge branch 'mcatanzaro/verify-chain-extra-check' into 'master'
gtlsdatabase: remove duplicate precondition check

See merge request GNOME/glib!1783
2020-12-08 09:50:56 +00:00
Michael Catanzaro
855a22e165 gtlsdatabase: remove duplicate precondition check
This check is the same as the check on the line above.
2020-12-07 11:11:37 -06:00
Frederic Martinsons
725984fe8e gio-tool-trash: Add --restore subcommand
It search for attribute trash::orig-path and move the input file to it.
Possibly recreating the directory of orignal path and/or overwritting
the destination.

Closes #2098

Signed-off-by: Frederic Martinsons <frederic.martinsons@sigfox.com>
2020-12-07 17:18:51 +01:00
Frederic Martinsons
105e06cc2e gio-tool-trash: Add --list subcommand
This will print all the files in TrashCan along with their
original location.

Signed-off-by: Frederic Martinsons <frederic.martinsons@sigfox.com>
2020-12-07 17:15:43 +01:00
Philip Withnall
55b4a25eaf 2.67.1
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-07 11:02:56 +00:00
Yuri Chornoivan
1d97e805cb Update Ukrainian translation 2020-12-07 08:53:03 +00:00
Sebastian Dröge
986525f1e9 Merge branch 'ossfuzz-27371-hostname-length' into 'master'
ghostutils: Abandon hostname conversion early if it’s too long

See merge request GNOME/glib!1782
2020-12-07 08:29:31 +00:00
Philip Withnall
5e1d368eec Merge branch 'binding-threadsafe-2' into 'master'
Make GBinding thread-safe (alternative approach)

See merge request GNOME/glib!1745
2020-12-04 14:23:10 +00:00
Philip Withnall
95c19181ae guri: Correctly set an error when parsing an invalid hostname
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-04 13:54:27 +00:00
Philip Withnall
1d461bc9f4 ghostutils: Abandon hostname conversion early if it’s too long
The `nameprep()` function in `ghostutils.c` is quite complex, and does a
lot of allocations. This means it can take a long time on long hostnames
(on the order of 10KB long). Hostnames should never be that long,
though, so impose some loose length limits.

oss-fuzz#27371

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-04 13:54:27 +00:00
Philip Withnall
3531239f0e ghostutils: Add missing GIR annotations
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-04 13:16:23 +00:00
Philip Withnall
df7f954dd0 tests: Use g_assert_*() rather than g_assert() in hostutils.c
`g_assert()` is compiled out with `G_DISABLE_ASSERT`.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-04 12:54:11 +00:00
Philip Withnall
416339305f Merge branch 'coverity-return-values' into 'master'
Minor Coverity fixes

See merge request GNOME/glib!1780
2020-12-03 15:35:36 +00:00
Sebastian Dröge
f83a7d5407 Merge branch 'close-range-enosys' into 'master'
gspawn: Handle ENOSYS from close_range()

See merge request GNOME/glib!1781
2020-12-03 15:29:46 +00:00
Philip Withnall
eba2e7f056 gtestdbus: Retry writes if they fail
It’s unlikely, but shuts up a Coverity warning.

Coverity CID: #1232156

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-03 15:26:03 +00:00
Philip Withnall
24b5d86d4a glocalfile: Check g_stat() return value
There were a couple of places where the return value wasn’t checked, and
hence failure could not be noticed.

Coverity CIDs: #1159435, #1159426

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-03 15:26:03 +00:00
Philip Withnall
23f1a31923 gspawn: Handle ENOSYS from close_range()
It’s possible that GLib will eventually be compiled against a version of
libc which supports `close_range()` (hence `HAVE_CLOSE_RANGE` will be
defined), but then run against an older kernel which doesn’t support it.
In this case, we want to fall back to `fdwalk()`, which should work on
such systems.

This is what cpython does: 3529718925/Python/fileutils.c (L2227)

Spotted by Allison Karlitskaya in !1688.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-03 14:30:29 +00:00
Philip Withnall
9a519c8bf0 Merge branch 'selinux-warning' into 'master'
gio: ‘security_context_t’ is deprecated

See merge request GNOME/glib!1776
2020-12-03 13:47:49 +00:00
Daniel Mustieles
48efbc7d6f Updated Spanish translation 2020-12-02 14:16:06 +01:00
Sebastian Dröge
c27f729752 Merge branch 'extend_p_option_for_tests' into 'master'
Extend the usage of -p option for glib test framework

See merge request GNOME/glib!1738
2020-12-02 08:14:12 +00:00
Sebastian Dröge
124d891747 Merge branch '2150-extend-uri-tests' into 'master'
Extends uri test with GstURI inspiration

Closes #2150

See merge request GNOME/glib!1775
2020-12-02 08:05:52 +00:00
Marc-André Lureau
3f18b77fb3 gio: fix set_selinux_context coding style
Mostly for cosmetic and readability, follow more closely the glib-style.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-12-01 13:20:27 +04:00
Marc-André Lureau
f9cc77da73 gio: remove unnecessary strdup and fix potential leak
setfilecon_raw() takes a const argument since libselinux 2.2 (commit
6a17cfaafc)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-12-01 13:16:44 +04:00
Marc-André Lureau
7bd1e09c42 build-sys: bump libselinux requirement to >=2.2
The function declaration we use changed a bit since then.
In particular, some arguments became const. See following commit.

libselinux-2.2 was released on 20131030, and is widely available in
all major stable distributions.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-12-01 13:16:44 +04:00
Marc-André Lureau
20e23c701c gio: ‘security_context_t’ is deprecated
From:
9eb9c93275

"we found that the const security_context_t declarations in libselinux
are incorrect; const char * was intended, but const security_context_t
translates to char * const and triggers warnings on passing const char *
from the caller. Easiest fix is to replace them all with const char *."

And later marked deprecated in commit:
7a124ca275

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-12-01 11:39:00 +04:00
Frederic Martinsons
3872bf2ccf Introduce new options -r (or --run-prefix) and -x (or --skip-prefix)
They extend the behavior of, respectively, -p and -s options of the
glib test framework

Currently test suite are only run for one level under -p path, for
example, testfilemonitor -p /monitor would execute the following tests:

/monitor/atomic-replace
/monitor/file-changes
/monitor/dir-monitor
/monitor/dir-not-existent
/monitor/cross-dir-moves

With the --run-prefix the sub-test suite file will be executed:

/monitor/atomic-replace
/monitor/file-changes
/monitor/dir-monitor
/monitor/dir-not-existent
/monitor/cross-dir-moves
/monitor/file/hard-links

The --skip-prefix and run-prefix seems symmetrical, but there is a
difference with skip towards run:
--skip-prefix will use a prefix while --run-prefix only work for a valid test path.
For example and for the following test family:

/monitor/atomic-replace
/monitor/file-changes
/monitor/dir-monitor
/monitor/dir-not-existent
/monitor/cross-dir-moves
/monitor/file/hard-links

while --run-prefix /mon will not execute anything, --skip-prefix /mon
 will skip all of these tests.

See #2238 which references this change.
2020-11-30 14:42:58 +01:00
Frederic Martinsons
1d221af7f1 Extends uri test with GstURI inspiration
- Add a test for parsing FILE scheme from uri
It had taken from GST test_protocol_case
- Add a split uri test with encoded spaces in its path
It had taken from GST test_uri_get_location
- Add tests for g_uri_is_valid
It had taken from GST test_uri_misc
Note that the 4 followings uri failed under gst_uri_is_valid but not
under g_uri_is_valid
   B:\\foo.txt
   B:/foo.txt
   B://foo.txt
   B:foo.txt
- Add tests for g_uri_split
It had taken from GST test_url_parsing
- Add tests for test_uri_normalize and test_uri_parsing_relative
The test URI had been taken from GST test_url_normalization
- Add tests for test_uri_iter_params
It had taken from GST test_url_unescape_equals_in_http_query

Closes #2150

Signed-off-by: Frederic Martinsons <frederic.martinsons@sigfox.com>
2020-11-30 14:34:06 +01:00
Marek Černocký
159ed036d4 Updated Czech translation 2020-11-28 16:56:59 +01:00
Sebastian Dröge
52261f0abe Deprecate g_binding_get_source() and get_target() in favour of dup_source() and dup_target()
The old functions are not thread-safe by design.
2020-11-26 19:51:56 +02:00
Sebastian Dröge
7367c5d367 Release GBinding transform functions also when implicitly unbinding because source/target are finalized
This was inconsistently handled before and only explicit unbinding or
finalizing the binding would've previously released the transform
function. If the source/target were finalized while more strong
references to the binding still existed then the transform function
would stay alive and only the binding itself would be deactivated.
2020-11-26 19:51:56 +02:00
Sebastian Dröge
cc15c933b3 Add tests for GBinding thread-safety 2020-11-26 19:51:56 +02:00
Sebastian Dröge
d296ad435d Factor out common GBinding unbind code into a separate function
This was previously duplicated in two places.
2020-11-26 19:30:54 +02:00
Sebastian Dröge
98bbe4f4d1 Make transform function handling in GBinding thread-safe
Unbinding can happen from one thread while a property notification is
being handled concurrently in another one.

To solve this, introduce a reference counter for the transform function
that ensures that it always stays valid while in use and protect access
to the one stored inside the binding with the unbind mutex.
2020-11-26 19:30:48 +02:00
Sebastian Dröge
1daee6ac64 Make explicit/implicit GBinding unbinding thread-safe
It's possible for g_binding_unbind() to be called at the same time as
one (or both) of source and target are being finalized. The resulting
unbinding needs to be protected with a mutex to ensure that it only
happens exactly once.

As the first reference is owned by both weak notifies and the caller of
g_object_bind_property(), additional indirections are needed to ensure that
unreffing the first reference after creation still unbinds the binding
as before. This seems to be a common code pattern and how this was
intended to be used, but is only safe in single-threaded contexts as it
relies on both the source and target object to be still alive.

Add a lot of comments to the code about all these dependencies and a
couple of assertions to ensure they hold valid.

Also document that inconsistent reference ownership handling of
g_binding_unbind() that makes it unfit for automatically generated
language bindings.
2020-11-26 16:15:36 +02:00
Sebastian Dröge
c8c829fa42 Add g_binding_dup_target() and g_binding_dup_source()
These new getters prevent the source/target from simply disappearing if
they're finalized from another thread in the meantime.
2020-11-26 10:49:23 +02:00
Sebastian Dröge
51ee5cf1c2 Use GWeakRef in GBinding
This makes GBinding slightly more thread-safe as the source/target can't
simply disappear.
2020-11-26 10:49:18 +02:00
Philip Withnall
0af274faa4 Merge branch 'macos-cross' into 'master'
macos: fix frexpl checks in cross-compilation

See merge request GNOME/glib!1771
2020-11-25 19:11:19 +00:00