Recently wrapdb updated pcre from 8.37 (released in 2015!) to the
current 8.45 release. There have been several security fixes between
those releases and currently a buffer overflow is being flagged by
ostree's oss-fuzz project where pcre is installed via wrapdb.
This change was generated by `meson wrap update pcre`.
It is not only shorter than `not meson.is_cross_build() or
meson.has_exe_wrapper()` but also handle the case of cross compiling to
a compatible arch such as building for i386 on an amd64.
Test the fuzzers with one arbitrary input each, to ensure that they work
at a very basic level.
This should catch regressions in each of the fuzzers without having to
wait for them to be picked up by oss-fuzz.
These tests can be run using `meson test --suite fuzzing`.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Rather than reallocating the string buffer a few times as more
components are added, use a default buffer size which should hopefully
accommodate most average URIs.
The buffer size is a guess and can be tweaked in future.
This has the advantage of no longer passing a potentially-`NULL`
`scheme` to `g_string_new()`, which should placate the static analysers,
which think that `g_string_new()` shouldn’t accept `NULL`.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Coverity CID: #1474691
As with the previous commit, the return value from
`g_checksum_type_get_length()` is signed, but some of the `GHmac` code
was treating it as unsigned.
Add some assertions to make it clearer to static analysis that this is
OK because `GHmac` only ever calls it after validating its input, so
it’s guaranteed to never return a negative number.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
The length argument to `g_checksum_update()` is signed, allowing
`length < 0` to indicate a nul-terminated input string. However, most of
the `GHmac` machinery which calls `g_checksum_update()` uses unsigned
`gsize`s.
If any of those sizes exceed `G_MAXSSIZE` (which is very unlikely and
could only happen with a buggy caller), the unsigned-to-signed
conversion would wrap and cause `g_checksum_update()` to inappropriately
interpret the input as nul-terminated.
Fix that by adding a load of assertions and making the
unsigned-to-signed comparisons explicit.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Coverity CID: #1486807
`g_convert()` returns `NULL` iff it returns an error, but the static
analyser can’t quite work that out. Add an assertion to help.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Coverity CID: #1486844
Move the lcovrc file to the root of the project, so that it’s picked up
by Meson when running `ninja coverage` locally.
See https://github.com/mesonbuild/meson/issues/4628
This won’t affect the code coverage run on the CI, since that explicitly
used the lcovrc file already.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
This fixes a scan-build warning:
```
../../../../source/glib/gio/glocalfileinfo.c:1661:28: warning: Although the value stored to 'mydirname' is used in the enclosing expression, the value is never actually read from 'mydirname' [deadcode.DeadStores]
mydirname = g_strdup (dirname),
^ ~~~~~~~~~~~~~~~~~~
```
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #1767
`ret` was never read. This fixes scan-build warnings:
```
../../../../source/glib/glib/tests/thread.c:148:8: warning: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret' [deadcode.DeadStores]
if ((ret = prlimit (getpid (), RLIMIT_NPROC, &nl, &ol)) != 0)
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../source/glib/glib/tests/thread.c:174:8: warning: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret' [deadcode.DeadStores]
if ((ret = prlimit (getpid (), RLIMIT_NPROC, &ol, NULL)) != 0)
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #1767
This introduces no functional changes, but reworks the array indexing so
that scan-build has a better idea about the array bounds. This squashes
the scan-build warning:
```
../../../../source/glib/glib/gdatetime.c:2292:20: warning: The left operand of '>=' is a garbage value [core.UndefinedBinaryOperatorResult]
if (days [i] >= day_of_year)
~~~~~~~~ ^
```
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #1767
`path` was used in building the error message after it had been freed.
Spotted by scan-build.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #1767
This will probably make no functional difference, but will squash two
warnings from scan-build:
```
../../../../source/glib/gio/gsocket.c:503:14: warning: Assigned value is garbage or undefined [core.uninitialized.Assign]
family = address.storage.ss_family;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../source/glib/gio/gsocket.c:527:29: warning: Assigned value is garbage or undefined [core.uninitialized.Assign]
socket->priv->family = address.storage.ss_family;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~
```
It seems like a reasonable thing to warn about. Initialising the full
union to zero should avoid any possibility of undefined behaviour like
that.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #1767
This fixes a scan-build warning:
```
../../../../source/glib/gio/tests/gdbus-tests.c:146:3: warning: Value stored to 'watch_id' is never read [deadcode.DeadStores]
watch_id = 0;
^
```
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #1767
This fixes a scan-build warning:
```
../../../../source/glib/glib/gmain.c:4193:18: warning: 2nd function call argument is an uninitialized value [core.CallAndMessage]
while ((nfds = g_main_context_query (context, max_priority, &timeout, fds,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
This is a valid situation which can occur if the preceding
`g_main_context_prepare()` call returns `FALSE` and doesn’t set
`max_priority`.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #1767
This will probably make no functional difference, but will squash a
warning from scan-build:
```
../../../../source/glib/glib/gmessages.c:2243:42: warning: The left operand of '==' is a garbage value [core.UndefinedBinaryOperatorResult]
if (err == 0 && addr.storage.ss_family == AF_UNIX)
~~~~~~~~~~~~~~~~~~~~~~ ^
```
It seems like a reasonable thing to warn about. Initialising the full
union to zero should avoid any possibility of undefined behaviour like
that.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #1767
Tested using:
```sh
touch ~/foo
gio set ~/foo -t bytestring user::test "\x00\x00"
```
(it doesn’t matter that this fails; the bytestring is still decoded)
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Coverity CID: #1474407
These `memcpy()` calls only happen if `g_inet_address_get_family(group)
== G_SOCKET_FAMILY_IPV4`, so the assertions should never fail.
It’s helpful for understanding the code, and for static analysis, to add
the assertions though.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Coverity CID: #1486858