glibc string.h declares memcpy() with attribute(nonnull(1,2)), causing
calls with NULL arguments to be treated as undefined behaviour.
This is consistent with ISO C99 and C11, which state that passing 0
to string functions as an array length does not remove the requirement
that the pointer to the array is a valid pointer.
gcc -fsanitize=undefined catches this while running OSTree's test suite.
Similarly, running the GLib test suite reports similar issues for
qsort(), memmove(), memcmp().
(This is a partial cherry-pick of commit e5ed410c8c from GLib.)
Signed-off-by: Simon McVittie <smcv@debian.org>
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=775510
Reviewed-by: Colin Walters
GVDB is essentially part of GLib, so should have the same maintainer
list.
At least this way, it’s not just maintained by one absentee maintainer.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Drop gvdb_table_new_from_data() and add gvdb_table_new_from_bytes().
Since the underlying backingstore of a GvdbTable is now always
refcounted, drop the refcounting on GvdbTable itself.
The attempt at the simple method for preventing unbounded recursion
proved to be insufficient due to the existence of dconf databases in the
wild that violated the rule (leading to the entire content of the
database being scrapped). It also still had the ugly assert for less
than 64 levels of recursion that could have been hit by a determined
advisary.
gvdb_table_get_names() allows the dconf-service to do everything it
needs without the troubles associated with the walk approach.
Improve the robustness of gvdb-reader in two ways.
First: ensure that the result of gvdb_table_has_value() always agrees
with gvdb_table_get_value(). Those two could disagree in the case that
the value was recorded as existing but pointed to an out-of-bounds
region.
Second: prevent gvdb_table_walk() from getting stuck in finite loops due
to self-referential directories.
Our hashing of non-ASCII strings was undefined due to the fact that
'char' is signed on some platforms, unsigned on others. Always use a
signed char.
Discovered by Alexander Larsson.
https://bugzilla.gnome.org/show_bug.cgi?id=658806
