Commit Graph

27197 Commits

Author SHA1 Message Date
Simon McVittie
e5941a3af1 Merge branch '2924-use-after-free-gdbus-method-invocation' into 'main'
gdbusinterfaceskeleton: Fix a use-after-free of a GDBusMethodInvocation

Closes #2924

See merge request GNOME/glib!3297
2023-02-23 12:43:54 +00:00
Philip Withnall
7b101588e9 gdbusconnection: Make GDBusMethodInvocation transfer a bit clearer
Add a missing steal call in `schedule_method_call()`. This introduces no
functional changes, but documents the ownership transfer more clearly.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2924
2023-02-23 12:16:05 +00:00
Philip Withnall
d5710deb9d gdbusinterfaceskeleton: Fix a use-after-free of a GDBusMethodInvocation
This `GDBusMethodInvocation` may be shared across threads, with no
guarantee on the strong ref in one thread outlasting any refs in other
threads — so it needs a ref in this helper struct.

This should fix a use-after-free where the `GDBusMethodInvocation` is
freed from `g_value_unset()` after `g_signal_emit()` returns in
`dispatch_in_thread_func()` in one thread; but then dereferenced again
in `g_source_destroy_internal()` from another thread.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2924
2023-02-23 12:16:05 +00:00
Philip Withnall
1f86923766 gdbusinterfaceskeleton: Remove an unnecessary helper struct member
The `GDBusInterfaceSkeleton` is already stored as the source object of
the `GTask` here, with a strong reference.

Storing it again in the task’s data struct is redundant, and makes it
look like the `GDBusInterfaceSkeleton` is being used without holding a
strong reference. (There’s not actually a bug there though: the strong
reference from the `GTask` outlives the data struct, so is sufficient.)

Remove the unnecessary helper struct member to clarify the code a bit.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2924
2023-02-23 12:16:05 +00:00
Philip Withnall
ac5589128c tests: Add some missing g_thread_join() calls to onceinit test
Running the test under asan was failing as the threads were being
leaked.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2023-02-23 12:15:13 +00:00
Philip Withnall
81a42f4c59 gsocketclient: Document ownership of connection_attempts better
This introduces no functional changes; just made it while trying to
debug issue #2925.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2925
2023-02-23 12:14:29 +00:00
Philip Withnall
5a69cc22dc gdbusconnection: Explicitly destroy an idle source on cleanup
Otherwise it’s possible for it to hang around in the `GMainContext`
after the “send message” operation has finished. In the best case, this
will cause the `GTask` and `GDBusMessage` to not be freed when the
calling code expects. In the worst case, it could cause use-after-free
problems if it derefs allocations which have since been freed.

I have not seen either of these problems in practice, but it would be
best for the code to eliminate the risk of them altogether by explicitly
destroying the source when the operation is finished.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2925
2023-02-23 12:14:29 +00:00
Philip Withnall
ed7044b5f3 gdbusprivate: Improve docs on message ownership in MessageToWriteData
This doesn’t introduce any functional changes, but should make the code
a little clearer.

Drive-by improvements while trying to debug #1264.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1264
2023-02-23 12:11:24 +00:00
Philip Withnall
90af20d950 gdbusconnection: Improve docs of message ownership in closures
This introduces no functional changes, but makes it a little clearer how
the ownership of these `GDBusMessage` instances works. The free function
is changed to `g_clear_object()` to avoid the possibility of somehow
using the messages after freeing them.

Basically just some drive-by docs improvements while trying to debug
issue #1264.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1264
2023-02-23 12:11:24 +00:00
Philip Withnall
127c899a2e gdbusconnection: Fix the type of a free function
This didn’t actually cause any observable bugs, since the structures of
`PropertyData` and `PropertyGetAllData` were equivalent for the members
which the free function touches.

Definitely should be fixed though.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2023-02-23 12:11:24 +00:00
Philip Withnall
4900ea5215 gdbusconnection: Fix double unref on timeout/cancel sending a message
This appears to fix an intermittent failure seen when sending a D-Bus
message with either of a cancellable or a timeout set.

In particular, I can reliably reproduce it with:
```
meson test gdbus-test-codegen-min-required-2-64 --repeat 10000
```

It can be caught easily with asan when reproduced. Tracking down the
location of the refcount mismatch was a little tricky, but was
simplified by replacing a load of `g_object_ref (message)` calls with
`g_dbus_message_copy (message, NULL)` to switch `GDBusMessage` handling
to using copy semantics. This allowed asan to home in on where the
refcount mismatch was happening.

The problem was that `send_message_data_deliver_error()` takes ownership
of the `GTask` passed to it, but the
`send_message_with_replace_cancelled_idle_cb()` and
`send_message_with_reply_timeout_cb()` functions which were calling it,
were not passing in a strong reference as they should have.

Another approach to fixing this would have been to change the transfer
semantics of `send_message_data_deliver_error()` so it was `(transfer
none)` on its `GTask`. That would probably have resulted in cleaner
code, but would have been a lot harder to verify/review the fix, and
easier to inadvertently introduce new bugs.

The fact that the bug was only triggered by the cancellation and timeout
callbacks explains why it was intermittent: these code paths are
typically never hit, but the timeout path may sometimes be hit on a very
slow test run.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #1264
2023-02-23 12:11:24 +00:00
Simon McVittie
88fd3f0a76 Merge branch 'build-with-llvm-toolchain' into 'main'
Fix building gio/tests/test_resources.o with LLVM ld

Closes #2720

See merge request GNOME/glib!3186
2023-02-22 16:51:05 +00:00
Philip Withnall
0a715be599 Merge branch 'cloexec-other' into 'main'
Close-on-exec flag few missed places

See merge request GNOME/glib!3292
2023-02-22 13:07:35 +00:00
Philip Withnall
ddf85f9d9e Merge branch 'g-win32-app-info-enhancements-2' into 'main'
GWin32AppInfo: Retrieve display name for UWP / Packaged apps

See merge request GNOME/glib!3168
2023-02-22 12:55:24 +00:00
Emmanuele Bassi
4c17e3b122 Merge branch '2907-file-info-docs' into 'main'
gfileinfo: Document required attributes for helper getters

Closes #2907

See merge request GNOME/glib!3261
2023-02-22 12:35:38 +00:00
Luca Bacci
01889cd348 GWin32AppInfo: Retrieve display name of UWP (packaged) apps 2023-02-22 13:24:13 +01:00
Sabri Ünal
df40317a74 Update Turkish translation 2023-02-22 11:55:19 +00:00
Philip Withnall
d8c913ac83 Merge branch 'fix-c4141' into 'main'
gstring.h/gmacros.h: Avoid compiler warnings on Visual Studio

Closes #2905

See merge request GNOME/glib!3285
2023-02-22 03:30:41 +00:00
Chun-wei Fan
c8730dc6f9 gmacros.h: Fix C++ macros for Visual Studio
,,,for G_ALWAYS_INLINE and G_NO_INLINE, since the msvc::forceinline and
msvc::noinline attributes require C++-20 support, not just C++-11
support.  This will avoid warning C5051 (unsupported attribute ...,
ignored) if pre-C++-20 was used.
2023-02-22 10:24:20 +08:00
Chun-wei Fan
994209dbee gstring.h: Avoid compiler warning on Visual Studio
The recent optimizations to gstring.h used G_ALWAYS_INLINE (meaning
'__forceinline' on Visual Studio) together with 'static inline', which
will cause warning C4141 indicating that 'inline' was used more than
once on the function.

Avoid this by temporarily disabling warning C4141 in gstring.h when
building the code that uses 'G_ALWAYS_INLINE'.

Fixes issue #2905.
2023-02-22 10:24:20 +08:00
Emmanuele Bassi
796e21ee1c Merge branch 'w-sign-conversion' into 'main'
tests: Add a -Wsign-conversion test for gstring.h

See merge request GNOME/glib!3275
2023-02-22 01:41:25 +00:00
Emmanuele Bassi
2c14e71162 Merge branch 'no-performance-valgrind' into 'main'
tests: Don’t run the GObject performance tests under valgrind

See merge request GNOME/glib!3279
2023-02-22 01:36:27 +00:00
Emmanuele Bassi
c669baab4c Merge branch 'live-g-file-test-logging' into 'main'
tests: Remove custom printerr logging from live-g-file

See merge request GNOME/glib!3281
2023-02-22 01:36:10 +00:00
Emmanuele Bassi
23d28b9d6e Merge branch '2913-error-warning' into 'main'
gerror: Emit a critical warning if the message format is NULL

Closes #2913

See merge request GNOME/glib!3286
2023-02-22 01:35:24 +00:00
Maciej S. Szmigiero
8f8ebb1bd0 g_mkstemp: Use O_CLOEXEC for race-free setting of the close-on-exec flag
mkstemp-like family of functions also use g_open () under the hood so
they should pass the O_CLOEXEC flag there for race-free setting of the
close-on-exec flag.
2023-02-22 00:38:13 +01:00
Maciej S. Szmigiero
cbc15d6ceb gunixmounts: Use "e" mode flag in setmntent () call for race-free setting of the close-on-exec flag
setmntent () call uses the same mode flag set as fopen (), so it should
also include the "e" mode flag for race-free setting of the close-on-exec
flag.
2023-02-22 00:32:33 +01:00
Maciej S. Szmigiero
7bee4cecdd grand: Use "e" mode flag in fopen () call for race-free setting of the close-on-exec flag
It was missed when other fopen () call sites were converted since the code
had it written as "fopen()" (without space before the opening parenthesis).
2023-02-22 00:29:31 +01:00
Philip Withnall
288521ea02 Merge branch 'g-type-name-can-return-null' into 'main'
g_type_name: Fix return annotation

See merge request GNOME/glib!3290
2023-02-21 22:44:51 +00:00
Philip Withnall
4a5d58715d Merge branch 'wip/pwithnall/more-meson-on-macos-and-windows' into 'main'
ci: Use Meson 1.0.0 on Windows and macOS CI builds

See merge request GNOME/glib!3280
2023-02-21 22:22:00 +00:00
badcel
993f6d6698
g_type_name: Fix return annotation
The function can return null so it should be annotated as nullable.
2023-02-21 22:19:56 +01:00
Philip Withnall
bd2ccc2f69 Merge branch 'fix-windows-spawn-non-english' into 'main'
spawn-test: Fix running on non-English Windows

See merge request GNOME/glib!3288
2023-02-21 17:49:31 +00:00
Luca Bacci
0f0520ffa2 Add VTable definition for IPackage2
Derived from MIT-licensed code:
https://github.com/microsoft/windows-rs/blob/0.43.0/crates/libs/windows/src/Windows/ApplicationModel/mod.rs#L554
2023-02-21 18:01:51 +01:00
Philip Withnall
339aaa3719 Merge branch 'cloexec-audit' into 'main'
Make sure new file descriptors have close-on-exec flag set on them in a race-free way

See merge request GNOME/glib!3283
2023-02-21 12:58:01 +00:00
Maciej S. Szmigiero
0e7bf99ec2 Use "e" mode flag in fopen () calls for race-free setting of the close-on-exec flag
All Unix CRTs examined: glibc, musl, BSDs, Apple libc, Android bionic
ignore unknown fopen () mode flags, so this flag can be added
unconditionally for Unix builds.

Only Windows CRT is intolerant of these, so the single case in
g_dbus_address_connect () where the fopen () call is shared between Unix
and Windows needs appropriate platform-specific handling.

Skipped the call sites in libcharset and xdgmime copylibs.
2023-02-21 12:42:55 +00:00
Maciej S. Szmigiero
3f2e18b07c Use O_CLOEXEC in {g_,}open () calls for race-free setting of the close-on-exec flag
The remaining call sites are either Windows-only, between fork () and
exec () or in xdgmime copylib.

Hope I haven't missed any site.
2023-02-21 12:42:55 +00:00
Maciej S. Szmigiero
0f5d274871 gtestutils: Document that g_test_trap_fork () won't get close-on-exec fix
We don't want to update this function in case some crusty old third party
code might be relying on its current behavior.
Also, it is deprecated anyway and no code should be using it.
2023-02-21 12:42:55 +00:00
Maciej S. Szmigiero
dd36ee0abf gtestdbus: Use g_unix_open_pipe_internal () for creating pipes
This attempts to create the pipes with race-free setting of the
close-on-exec flag.
2023-02-21 12:42:55 +00:00
Maciej S. Szmigiero
05d2a1d097 gbacktrace: Use g_unix_open_pipe_internal () for creating pipes
This attempts to create the pipes with race-free setting of the
close-on-exec flag.
2023-02-21 12:42:55 +00:00
Maciej S. Szmigiero
14b5207bfa Add g_unix_open_pipe_internal () for pipes with the close-on-exec flag
Based on the existing g_unix_open_pipe () but for internal use where
returning a raw errno is needed, not a GError.
2023-02-21 12:42:55 +00:00
Philip Withnall
13fe2e0c79 ci: Enable JIT debugging on msys2-* CI jobs
Suggested by Christoph Reiter, this is a workaround for random Python
crashes in Meson which only appear on this platform.

It’s being tracked upstream at
https://github.com/msys2/MINGW-packages/issues/11864, but unfortunately
it seems hard to fix.

Work around the issue the same way that Meson have in their CI, by
enabling JIT debugging. See
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3280#note_1678973.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2023-02-21 11:52:24 +00:00
Daniel
ea87d78c7f Updated Spanish translation 2023-02-21 11:52:42 +01:00
Chun-wei Fan
601fce37cb spawn-test: Fix running on non-English Windows
Use SetThreadUILocale() to set the UI locale to English (United States)
(en-US), and use SetConsoleOutputCP() to set the code page to en-US (codepage
437) so that g_win32_error_message() will always return the error messages in
English and ensure that the program runs in English as well, so that we
can ensure that the expected error message string can match up
regardless of the languge version of Windows that is running.
2023-02-21 16:34:31 +08:00
Philip Withnall
c4203f740c gerror: Emit a critical warning if the message format is NULL
The code has warned about this since commit 6d9f874330 in 2011.

glibc 2.37 has just started asserting if a `NULL` format is passed to
`sprintf()`, which caused the existing GLib workaround to start
asserting too.

Bite the bullet and upgrade the warning for `format != NULL` to a
critical warning. Projects have had 12 years to fix their code.

The original bug reports
(https://bugzilla.gnome.org/show_bug.cgi?id=660371,
https://bugzilla.gnome.org/show_bug.cgi?id=560482) are actually both
about a domain which is `0`, rather than a format which is `NULL`, which
gives some confidence that this change will actually impact very little
third party code.

Since it doesn’t currently need changing, I have not touched the warning
about `domain != 0`.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2913
2023-02-20 16:41:23 +00:00
Philip Withnall
a8e8b742e7 Merge branch 'list-store-find-with-equal-func-null-item' into 'main'
Allow passing a `NULL` item to `g_list_store_find_with_equal_func()`

See merge request GNOME/glib!3284
2023-02-20 12:37:25 +00:00
Sebastian Dröge
7c5e930170 Allow passing a NULL item to g_list_store_find_with_equal_func()
The `equal_func` closure can already have all required information
available without the item, and passing the item via the closure instead
of an explicit parameter is more natural for languages that have a
concept of closures that can capture variables.
2023-02-20 10:16:11 +02:00
Aurimas Černius
5202d1daa9 Update Lithuanian translation 2023-02-19 19:13:55 +00:00
Maciej S. Szmigiero
3dc77fef24 gsocket: Use accept4 () for race-free setting of the close-on-exec flag
The code was already setting the close-on-exec flag for the new socket,
just in a racy way.
2023-02-19 16:47:13 +01:00
Tim Sabsch
1c305c4fb0 Update German translation
(cherry picked from commit 290c4b7709)
2023-02-18 14:48:25 +00:00
Sabri Ünal
8e8b90bcf8 Update Turkish translation 2023-02-18 09:53:40 +00:00
Philip Withnall
02a00a831c Merge branch 'fix-spawn-test-on-windows' into 'main'
spawn-test: Use an absolute path to the system sort.exe on Windows

See merge request GNOME/glib!3282
2023-02-17 18:04:02 +00:00