Commit Graph

26501 Commits

Author SHA1 Message Date
Philip Withnall
c0eef5e226 gapplication: Validate types of well-known platform data keys
The platform data comes from the parent process, which should normally
be considered trusted (if we don’t trust it, it can do all sorts of
other things to mess this process up, such as setting
`LD_LIBRARY_PATH`).

However, it can also come from any process which calls `CommandLine`
over D-Bus, so always has to be able to handle untrusted input. In
particular, `v`-typed `GVariant`s must always have their dynamic type
validated before having values of a static type retrieved from them.

Includes unit tests.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1904
2022-12-09 10:45:21 +00:00
Philip Withnall
eb0d9e709a gapplication: Document that command line options must be validated
They come from an external process, so they must be validated.

In particular, it’s always easy to forget to validate the type of a
`GVariant`, and just try to get the stored value using a well-known
type; but that’s a programming error if the `GVariant` actually stores a
different type. Always check the variant type first if loading from a
`v`.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1904
2022-12-09 10:45:21 +00:00
Philip Withnall
83c11637ba gfdonotificationbackend: Validate actions before activating them
These actions are activated as a result of receiving the `ActionInvoked`
signal from `org.freedesktop.Notifications`. As that’s received from
another process over D-Bus, it’s feasible that it could be malformed.
Without validating the action and its parameter, assertions will be hit
within the `GAction` code.

While we should be able to trust whatever process owns
`org.freedesktop.Notifications`, it’s possible that’s not the case, so
best validate what we receive.

Includes unit tests.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1904
2022-12-09 10:45:21 +00:00
Philip Withnall
08012bd3e0 tests: Add stub tests for GFdoNotificationBackend
This test is fairly pointless, but puts the infrastructure in place for
adding more tests for `GFdoNotificationBackend` in upcoming commits.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1904
2022-12-09 10:45:21 +00:00
Philip Withnall
3987f41f8c gfdonotificationbackend: Don’t remove notification if invoking action fails
Invoking an action on a notification should remove it (by default,
unless the `resident` hint is set, but GLib doesn’t currently support
that).

If, somehow, an invalid action is invoked on the notification, that
shouldn’t cause it to be removed though, because no action has taken
place. So change the code to do that.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-12-09 10:45:21 +00:00
Philip Withnall
da634e7a25 gapplication: Validate actions activated over D-Bus
As with the previous commit, the arguments to `ActivateAction` have to
be validated before being passed to `g_action_group_activate_action()`.
As they come over D-Bus, they are coming from an untrusted source.

Includes unit tests for all D-Bus methods on `GApplication`.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1904
2022-12-09 10:45:21 +00:00
Philip Withnall
dbe4531e86 gactiongroupexporter: Validate actions activated or changed over D-Bus
The action name, parameter and new state are all controlled by an
external process, so can’t be trusted. Ensure they are validated before
being passed to functions which assert that they are correctly typed and
extant.

Add unit tests.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1904
2022-12-09 10:45:21 +00:00
Philip Withnall
5fd101eccc tests: Move a helper function around in the actions test
This will be used in an upcoming commit.

This introduces no functional changes.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1904
2022-12-09 10:45:21 +00:00
Philip Withnall
ab68165a1f Merge branch 'fix-msvc-test-postprocessing' into 'main'
ci: Don’t fail if testlog-unstable_tests.junit.xml doesn’t exist on MSVC

See merge request GNOME/glib!3115
2022-12-09 10:07:36 +00:00
Philip Withnall
fc6db764cb gtestutils: Use backslashes for isolated test dirs on Windows
Using `test_run_name` in the path for the isolated dir tree for a test
is fine on Unix, because the `/` separator from GTest paths is suitable
as a file system separator.

On Windows, however, it doesn‘t work when mixed and concatenated with
paths which use backslashes. In particular, byte-by-byte path
comparisons don’t work. There are likely also issues if running on a
system with non-UTF-8 file system encoding.

Fix that by storing a file system path version of `test_run_name`
separately, and using the correct `G_DIR_SEPARATOR` for the host OS.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-12-08 18:03:01 +00:00
Philip Withnall
42e810e2c1 ci: Don’t fail if testlog-unstable_tests.junit.xml doesn’t exist on MSVC
That file is created if running the `unstable_tests` suite succeeds. It
can fail, though, leaving that log file nonexistent. There’s no point in
failing the whole test run by bailing out if postprocessing the log file
fails.

Occasionally postprocessing can fail with a `FileNotFoundError`.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-12-08 15:27:24 +00:00
Philip Withnall
c27b02ace7 Merge branch 'gio-thumbnail-sizes' into 'main'
file-info: Add a set of attributes for large thumbnails

Closes #621

See merge request GNOME/glib!2918
2022-12-08 09:04:45 +00:00
Matthias Clasen
f0606d5421 file-info: Add a set of attributes for large thumbnails
Some applications (eg., gnome-photos) really want a large thumbnail,
if one can be created. Simply falling back to a smaller one (probably
created by an old nautilus), without giving the application a chance
to create a bigger thumbnail, is undesirable because they will appear
fuzzy.

Therefore, at separate attribute sets for all the thumbnail sizes
that are supported in the spec: normal/large/x-large/xx-large.

The old attribute will now return by default the biggest available, as
it used to be, but also including the x-large and xx-large cases.

Co-Authored-by: Marco Trevisan <mail@3v1n0.net>

Fixes: #621
2022-12-08 05:21:19 +01:00
Philip Withnall
bbb3453c82 Merge branch 'atomic-unref-cleanups' into 'main'
gobject: Use compare and exchange full to re-read old ref value

See merge request GNOME/glib!3098
2022-12-06 16:12:59 +00:00
Philip Withnall
00bac74bdd Merge branch 'main' into 'main'
gsimpleproxyresolver: Make explicit that a port is needed for HTTP/HTTPS

See merge request GNOME/glib!3100
2022-12-06 13:37:47 +00:00
Chris Talbot
eb12afed6f gsimpleproxyresolver: Make explicit that a port is needed for HTTP/HTTPS 2022-12-06 13:37:47 +00:00
Philip Withnall
2ca08bde4f Merge branch 'gwakeup-cleanups' into 'main'
gwakeuptest: Do not rely on alarm() to stop tests on timeout

See merge request GNOME/glib!3108
2022-12-06 13:16:35 +00:00
Marco Trevisan
49a7762ec0 Merge branch 'iochannel-buf-size' into 'main'
giochannel: Clarify assertions in g_io_channel_write_chars()

See merge request GNOME/glib!3079
2022-12-06 11:38:29 +00:00
Marco Trevisan (Treviño)
94b658ab4c gwakeup: Be consistent in reading the same data we wrote
During acknowledge read the same quantity we wrote (and expected by eventfd)
instead of always reading just 16 bytes.
2022-12-06 12:28:11 +01:00
Marco Trevisan (Treviño)
345e5bcf2c gwakeuptest: Do not rely on alarm() to stop tests on timeout
We have meson nowadays, so tests are timing out by default and test timeout
may vary depending on the meson test parameters or test setups.

So don't hardcode it using alarm().
2022-12-06 12:25:22 +01:00
Philip Withnall
720a1147a6 Merge branch 'object-refcount-checks' into 'main'
gobject: Check for valid ref counting via g_return_if_fail

See merge request GNOME/glib!3106
2022-12-06 09:04:03 +00:00
Marco Trevisan (Treviño)
6cd6cc41bb gobject: Trace unref just after this happened
Trace the unref before potentially calling (user) code that may re-ref
or unref again, causing the tracing order to be messed up.
2022-12-06 04:43:02 +01:00
Marco Trevisan (Treviño)
0918ce013a gobject: Do not call toggle down notifications if current refcount is not 1
When an object is revitalized and a notify callbacks increased the reference
counter of the object, we are calling the toggle notifier twice, while it
should only happen if also the actual reference count value is 1 (after
having been decremented from 2).
2022-12-06 04:38:26 +01:00
Marco Trevisan (Treviño)
1f852863ec gobject: Check for toggle references only if the old ref is relevant
If an object gets revitalized during the dispose vfunc, we need to call
toggle refs notifiers only if we had 2 references and if the object has
the toggle references enabled.

This may change in case an object notifier handler changes this status,
so do this check only after we've called the notifiers so that in case
toggle notifications are enabled afterwards we still call the handlers.
2022-12-06 04:28:31 +01:00
Marco Trevisan (Treviño)
5e2b288033 gobject/tests/reference: Add test for notify during dispose
We need to check whether notifications and toggle references are working
properly if an object gets revitalized during the dispose vfunc.
2022-12-06 04:28:31 +01:00
Marco Trevisan (Treviño)
ea0c4d45b2 gobject/tests/reference: Add test for toggle reference up/down during dispose 2022-12-06 03:32:51 +01:00
Marco Trevisan
6599cf95ae Merge branch 'wip/pwithnall/dbus-system-bus-address' into 'main'
gdbusaddress: Use runstatedir rather than localstatedir

See merge request GNOME/glib!3101
2022-12-06 00:24:17 +00:00
Marco Trevisan (Treviño)
c0360f626c gobject: Read the toggle reference state only after we've update the references
We were reading if an object has toggle references even if this was not
really relevant for the current object state, as we only need to notify
when going from 2 to 1 references, so first ensure that this is the case
and then check if we have toggle references enabled in the object.

This is a micro-optimization, for the way flags are defined, but still
an operation we can avoid in most cases.
2022-12-06 01:22:34 +01:00
Marco Trevisan (Treviño)
30e1d69de7 gobject: Check for valid ref counting via g_return_if_fail
Even though the check is likely to be relevant if the object is finalized,
it may still give some indication if called while an instance has just lost
the last reference.

So use `g_return_if_fail` for consistency with the rest of the code.
2022-12-05 20:23:26 +01:00
Philip Withnall
7b9dcb70c4 gunixmounts: Include configured localstatedir+runstatedir in system FS list
In case they differ from the defaults, we probably want to ignore them
when listing filesystems which are interesting to the user.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-12-02 21:53:18 +00:00
Philip Withnall
b7b9f89417 gdbusaddress: Use runstatedir rather than localstatedir
This reworks commit 20e1508e6e, for two
reasons:
 - Upstream dbus.git now does the same (although this isn’t yet reflected
   in the online version of the D-Bus Specification); see
   https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/209.
 - It allows local-prefix (e.g. jhbuild) builds of GLib to build in a
   custom prefix while still interacting with system services using the
   system-wide `/run` directory. To do so, pass `-Druntime_dir=/run` to
   meson configure.

As documented in the `NEWS` file in
https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/209, it’s only
valid to use `/run` – rather than `/var/run` – for D-Bus if the two
paths are interoperable. i.e. `/var/run` should be a symlink to `/run`,
and the D-Bus daemon should be configured to put its socket there.

This commit deliberately doesn’t introduce a special `system_socket`
configure option for specifying where the D-Bus system socket lives, as
that would only be useful for a distribution which sets `runstatedir` to
something other than `/var/run` or `/run`, which seems unlikely. We
could add such an option in future, though, if a distribution comes
forward with such a requirement.

See discussion on
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3095#note_1605502.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-12-02 21:53:18 +00:00
Philip Withnall
30995f9dd7 build: Add runtime_dir option to set runstatedir path
This will be used in upcoming commits to allow the previously-hardcoded
`/run` path to be set at configure time.

Most people will not want to change it from `/run`, even when building
test builds, as otherwise interaction with system mounts and services
will not work.

Inspired by equivalent changes in dbus.git in their commit
ff92efa389a57a5250c6996df6614234d4d462e0.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-12-02 21:48:03 +00:00
Philip Withnall
3bbe96ca89 build: Simplify construction of glib_localstatedir
`join_paths()` automatically drops all preceding path elements if an
argument to it is an absolute path. The `/` is a tidier synonym for
`join_paths()`.

This introduces no functional changes.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-12-02 21:48:00 +00:00
Philip Withnall
a03160adf3 giochannel: Fix incorrect use of a signed gsize when unsigned will do
The value of `wrote_bytes` will never be negative, so there’s no need to
store it in a signed type.

Add a couple of assertions to validate that it never decreases and hence
can never go negative.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-12-02 21:35:21 +00:00
Philip Withnall
f4c9b42084 Merge branch 'use-socklen-t' into 'main'
gsocket: use socklen_t in more places to fix build under cygwin

See merge request GNOME/glib!3105
2022-12-02 21:24:52 +00:00
Christoph Reiter
60ab0737df gsocket: fix -Wsign-compare warnings when socklen_t is signed
under cygwin socklen_t is signed which leads to warnings like:

warning: comparison of integer expressions of different signedness:
‘long unsigned int’ and ‘socklen_t’ {aka ‘int’} [-Wsign-compare]

In both cases we compare against some small fixed sizes, so cast them
to socklen_t.
2022-12-02 21:17:42 +01:00
Christoph Reiter
e31c6accc5 gsocket: use socklen_t in more places to fix build under cygwin
cygwin defines socklen_t as int, unlike everywhere else where it is uint32_t (afaics),
so signed vs unsigned.

The recently added -Werror=pointer-sign in 4353813058
makes the build fail under cygwin now with something like:

error: pointer targets in passing argument 5 of ‘getsockopt’ differ in signedness [-Werror=pointer-sign]

This changes guint to socklen_t where needed for getsockname, getpeername and getsockopt.
2022-12-02 21:17:22 +01:00
Philip Withnall
3387ab9086 Merge branch 'search-app-strstr' into 'main'
gdesktopappinfo: Use strstr instead of g_str_has_prefix for search

Closes #1152

See merge request GNOME/glib!3104
2022-12-02 19:19:47 +00:00
Alynx Zhou
6dd5f2515f gdesktopappinfo: Use strstr instead of g_str_has_prefix for search
Fixes: #1152
2022-12-02 19:19:47 +00:00
Sebastian Dröge
108f129096 Merge branch 'floating-closures' into 'main'
gclosure: Documentation improvements around floating closures

See merge request GNOME/glib!3103
2022-12-02 12:25:07 +00:00
Philip Withnall
3df45aba20 gsignal: Document that floating GClosures are sunk
It’s not clear about that otherwise.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-12-02 11:59:43 +00:00
Philip Withnall
c09216f810 gclosure: Use (transfer floating) for closure construction functions
They return floating references, so that should be reflected in the
introspection annotations.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-12-02 11:59:16 +00:00
Marco Trevisan (Treviño)
65303537b0 gobject: Remove initial goto to repeat unref operation 2022-12-01 16:20:46 +01:00
Marco Trevisan
dddfdb8488 Merge branch 'coverity-array-fixes' into 'main'
garray: Add assertions to help static analysis

See merge request GNOME/glib!3097
2022-11-30 15:22:05 +00:00
Sebastian Dröge
4e5850946b Merge branch 'sctrl-deser-nullable' into 'main'
gsocketcontrolmessage: add nullable annotation to deserialize return

See merge request GNOME/glib!3099
2022-11-30 07:51:15 +00:00
Jason Francis
acfeb65633
gsocketcontrolmessage: add nullable annotation to deserialize return 2022-11-29 17:46:16 -05:00
Marco Trevisan (Treviño)
a89048c4f1 gobject: Use a while instead of goto to repeat atomic increment
We can use a cleaner solution now that we do not require to init the
same value multiple times in the same way.
2022-11-29 21:35:04 +01:00
Marco Trevisan (Treviño)
c95bf0514c gobject: Use compare and exchange full to re-read old ref value
In case g_atomic_int_compare_and_exchange() check fails we ended up doing
another atomic get to figure out what it was the old reference count,
however, we can avoid this by using the full version of the function that
returns the value before the exchange happened as an out value.
2022-11-29 20:53:06 +01:00
Philip Withnall
8b863cfd78 garray: Add assertions to help static analysis
In both these cases, the static analyser (Coverity) was worrying that
the array `data`/`pdata` wasn’t allocated before an element was written
to. That was a false positive: all the necessary conditions are met in
both cases for `g_{ptr_,}array_maybe_expand()` to always allocate the
array.

But it makes things a bit easier for the analyser if we add an assertion
to double-check that.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Coverity CID: #1474426, #1489512
2022-11-29 12:16:11 +00:00
Philip Withnall
5f945e5464 Merge branch '2820-str-equal-cxx' into 'main'
gstrfuncs: Fix regression in C++ types accepted by g_str_equal()

Closes #2820

See merge request GNOME/glib!3094
2022-11-29 12:00:12 +00:00