This further helps with the potential denial of service problem in
issue #2782 / oss-fuzz#49462 / oss-fuzz#20177.
Instead of allocating a new `GVariant` for each nesting level of
maybe-types, allocate a single `GVariant` and give it the fully-nested
maybe type as its type. This has to be done in serialised form.
This prevents attackers from triggering O(size of container × typedecl
depth) allocations.
This is a follow up to commit 3e313438f1,
and includes a test.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Fixes: #2782
oss-fuzz#20177
oss-fuzz#49462
This doesn’t enforce licensing/copyright headers to be present on all
files, but does check that at least a minimum number of files are
correct.
This should help avoid new files being added without appropriate
licensing information in future.
The baseline is set at what `reuse lint` outputs for me at the moment.
See https://reuse.software/tutorial/#step-2 for information about how to
add REUSE-compliant licensing/copyright to files.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #1415
This will make it clear what the bigger changes are between versions.
Kind of like a `NEWS` file for the specification.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
This should clarify object paths and signatures a little, if anyone
needs that. This introduces no semantic changes.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
reStructuredText doesn’t support cross-references unless always built
with Sphinx (as I understand it). `rst2html5` doesn‘t support them.
So reword this (currently manual) cross-reference so it’s less awkward.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
I believe the specification was originally a shorter extract of
Allison’s thesis. This left a few dangling references to requirements
which were listed in a part of the thesis not included in the
specification.
Reword them slightly so they’re not quite so awkward.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
The licensing for the original GVariant specification was not specified
in the original PDF.
However, CC-BY-SA-3.0 has been agreed by Allison, the sole copyright
holder, here:
https://gitlab.gnome.org/Teams/documentation/developer-www/-/merge_requests/108/#note_1586866
The diagrams were redrawn by me, so their licensing/copyright status is
clear.
Tested with `reuse lint` to ensure the data is machine-readable.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
`HAVE_COCOA` should be used only in the places where we’re actually
depending on the Cocoa toolkit. It should not be used as a general way
of detecting building on a Darwin-based OS such as macOS.
Conversely, there are a few places in the code where we do want to
specifically detect the Cocoa toolkit (and others where we specifically
want to detect Carbon), so keep `HAVE_COCOA` and `HAVE_CARBON` around.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2802
This reverts commit 476e33c3f3.
We’ve decided to remove `G_OS_DARWIN` in favour of recommending people
use `__APPLE__` instead. As per the discussion on #2802 and linked
issues,
* Adding a new define shifts the complexity from “which of these
platform-provided defines do I use” to “which platform-provided
defines does G_OS_DARWIN use”
* There should ideally be no cases where a user of GLib has to use
their own platform-specific code, since GLib should be providing
appropriate abstractions
* Providing a single `G_OS_DARWIN` to cover all Apple products (macOS
and iOS) hides the complexity of what the user is actually testing:
are they testing for the Mach kernel, the Carbon and/or Cocoa user
space toolkits, macOS vs iOS vs tvOS, etc
Helps: #2802
g_str_has_prefix uses G_UNLIKELY itself, and up
until recently, G_UNLIKELY could not be nested.
This commit adds a test that nests G_UNLIKELY to
make sure it continues to work going forward.
This avoids a -Wshadow warning when nesting G_LIKELY() inside
each other due to _g_boolean_var_.
This can be easily encountered when using macros:
```
#define GET_VALUE(arg) \
({ \
typeof (arg) _arg = (arg); \
\
g_assert (_arg); \
get_value (_arg); \
})
g_assert (GET_VALUE (a) > 5);
```
__COUNTER__ is a GCC extension, but the definition of _G_BOOLEAN_EXPR()
is already inside a
#if defined(__GNUC__) && (__GNUC__ > 2) && defined(__OPTIMIZE__)
block.
Closes: #1211
-Wnonnull is sort of fickle and it's an option a lot of consumers
of glib use.
This commit makes sure it gets used on linux during CI as well, so
we can catch compat problems before they hit our users.
We thought we could drop the x + !x workaround in
commit eea87eff3f but apparently
not.
This commit adds it back, but with an added layer of indirection,
for aesthetics.
Closes: #2807
This is basically !3036, but wasn't included there because !3036
and !3027 were developed in parallel.
Signed-off-by: Simon McVittie <smcv@collabora.com>
g_clear_fd wraps g_close and is async-signal-safe under essentially the
same circumstances. If fd_ptr already pointed to a negative number, then
g_clear_fd doesn't call g_close, and is still async-signal-safe.
g_autofd passes a NULL error pointer to g_clear_fd, so it is
async-signal-safe, as long as no programming error occurs.
Signed-off-by: Simon McVittie <smcv@collabora.com>