Commit Graph

8785 Commits

Author SHA1 Message Date
Philip Withnall
9e680ff8f4 Merge branch 'wip/pwithnall/gsocket-eaddrnotavail-macos' into 'main'
gioerror: Map EADDRNOTAVAIL to G_IO_ERROR_CONNECTION_REFUSED

Closes #3394

See merge request GNOME/glib!4111
2024-06-13 19:57:24 +00:00
Philip Withnall
f09a8e2be4
gioerror: Map EADDRNOTAVAIL to G_IO_ERROR_CONNECTION_REFUSED
Previously it was mapped (as a default) to `G_IO_ERROR_FAILED`.

It’s the error that macOS returns when trying to connect to a socket which
is bound but not listened to. Linux returns `ECONNREFUSED` in this case.
It’s helpful if they both map to the same `GIOError` value.

This should fix the `/socket-client/connection-fail` test on macOS,
which is currently
[failing](https://gitlab.gnome.org/GNOME/glib/-/jobs/3970547) with:
```
 # GLib-GIO-DEBUG: GSocketClient: Starting TCP connection attempt
 # GLib-GIO-DEBUG: GSocketClient: Connection attempt failed: Can't assign requested address
 # GLib-GIO-DEBUG: GSocketClient: Starting new address enumeration
 # GLib-GIO-DEBUG: GSocketClient: Address enumeration completed (out of addresses)
 # GLib-GIO-DEBUG: GSocketClient: Address enumeration failed: (null)
 # GLib-GIO-DEBUG: GSocketClient: Connection failed: Could not connect to localhost: Can't assign requested address
not ok /socket-client/connection-fail - GLib-GIO:ERROR:../gio/tests/gsocketclient-slow.c:231:test_connection_failed: assertion failed (local_error == (g-io-error-quark, 39)): Could not connect to localhost: Can't assign requested address (g-io-error-quark, 0)
Bail out!
```

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

See: #3184
Fixes: #3394
2024-06-13 20:00:12 +01:00
José Guilherme
efe2c24757 gdbus: factor out untranslatable parts of error messages 2024-06-13 18:30:58 +00:00
Biswapriyo Nath
7e69f88480 gcontenttype-win32: Copy documetation comment from gcontenttype
Fixes https://gitlab.gnome.org/GNOME/gobject-introspection/-/issues/509
2024-06-09 14:30:03 +00:00
Philip Withnall
601b8b45fb Merge branch '3184-socket-client-leak-with-unit-test' into 'main'
gsocketclient: Unit test for "Fix a leak of the task data on an error path"

Closes #3184

See merge request GNOME/glib!4104
2024-06-05 12:08:33 +00:00
Johan Sternerup
61e006e16c gsocketclient: Add unit test for leak of task data in error path
The unit test cover the error path that causes the leak described in
https://gitlab.gnome.org/GNOME/glib/-/issues/3184.
2024-06-05 12:54:15 +01:00
Philip Withnall
234871f1f9
gsocketclient: Fix a leak of the task data on an error path
Once the task is completed (and `g_task_return_*()` has been called),
the task is no longer needed. It would make more sense to unref it in
`complete_connection_with_error()`, where `g_task_return_*()` is called,
but that complicates other call sites significantly, so I didn’t do it.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Fixes: #3184
2024-06-05 12:54:05 +01:00
Bilal Elmoussaoui
b845d04918 gio/g-i: Mark Application:action-group property as deprecated
To avoid bindings making use of it
2024-06-04 14:38:02 +00:00
Maximiliano Sandoval
a7557f125e
gfile: Fix finish-func annotations
The finish-func should not contain the library_class prefix.
2024-06-01 16:49:34 +02:00
Philip Withnall
04de380f74 Merge branch 'wip/smcv/gdbusconn-comment' into 'main'
gdbusconnection: Fix a misleading comment

See merge request GNOME/glib!4063
2024-05-16 23:42:06 +00:00
Simon McVittie
434c105bbe gdbusconnection: Fix a misleading comment
While backporting CVE-2024-34397 fixes I noticed that this comment
claimed that the reference count is immutable after construction, which
is clearly not true. In fact the reference count is the only
mutable field.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-05-16 22:53:11 +01:00
Simon McVittie
510d0716be gdbus: Use symbolic constants for the most common D-Bus error names
To avoid adding a large block of macros to gdbusprivate.h, I've only
added a subset of the well-known error names. I chose to draw the
line by adding constants for the errors emitted via their string names
in GDBusConnection, but not for error names that are only mentioned
in `gdbuserror.c` or in tests.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-05-16 22:52:23 +01:00
Simon McVittie
7c609f8142 gdbus: Use symbolic constants for interfaces from dbus-specification
Most D-Bus interfaces are domain-specific, but these interfaces from the
D-Bus Specification are intended to be commonly used in any context for
which they are found to be appropriate.

Most of these use `gdbusprivate.h`. One exception is that
`gio/tests/gdbus-example-*` redefine the constants locally: due to these
files' dual role as part of the unit tests and as sample code, it seems
desirable to ensure that they can still be compiled outside GLib.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-05-16 22:52:23 +01:00
Simon McVittie
b4f8d4a5d5 gdbus: Use symbolic constants for the reserved Local path and interface
These are reserved by the D-Bus Specification.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-05-16 22:52:23 +01:00
Simon McVittie
7401577074 gdbus: Move protocol constants from gdbusdaemon into gdbusprivate.h
These well-known flags and replies are part of the D-Bus Specification,
and also exist with the same names in libdbus header files.
Moving them into a private header means that unit tests like
gdbus-proxy-threads and gdbus-subscribe don't have to reinvent them.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-05-16 22:52:23 +01:00
Simon McVittie
b0e8612a3b gdbusdaemon: Use shared constants for message bus name, path, interface
Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-05-16 22:52:23 +01:00
Simon McVittie
131a061aca gdbus: Use symbolic constants for various references to the message bus
Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-05-16 22:52:23 +01:00
Simon McVittie
19223803f5 gdbus: Use symbolic constants to subscribe to message bus signals
Unlike the various functions to call D-Bus methods, these sort their
arguments in a non-obvious order (bus name, interface, signal, path),
presumably aiming to sort the most-likely-to-be-used arguments first.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-05-16 22:52:23 +01:00
Simon McVittie
fe14968c0d gdbus: Use symbolic constants to call message bus methods
These function arguments are arranged in the obvious order from
conceptually largest to smallest: (bus name, path, interface, method).

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-05-16 22:52:22 +01:00
Simon McVittie
2151a82007 gdbus tests: Fix a typo
This test was subscribing to the NameOwnerChanged signal with an
incorrect object path, so the callback would never be called. In this
particular case it doesn't actually matter, because the callback does
nothing anyway (the purpose of this particular test was to test that
the user-data is freed on unsubscription).

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-05-16 22:52:22 +01:00
Michael Catanzaro
b9490a499a Merge branch '3366-menu-exporter-error-handling' into 'main'
gmenuexporter: Fix a NULL pointer dereference on an error handling path

Closes #3366

See merge request GNOME/glib!4073
2024-05-15 14:55:18 +00:00
Philip Withnall
7a7137838e
gactiongroupexporter: Fix memory problems on an error handling path
Almost identically to the previous commit, fix a similar latent bug in
`g_dbus_connection_export_action_group()`, which was not ready to handle
the fledgling `GActionGroupExporter` being freed early on an error
handling path.

See the previous commit message for details of the approach.

This includes a unit test.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Fixes: #3366
2024-05-15 14:00:09 +01:00
Philip Withnall
df2c5d925a
gmenuexporter: Fix a NULL pointer dereference on an error handling path
This latent bug wasn’t triggered until commit 3f30ec86c (or its
cherry-pick onto `glib-2-80`, 747e3af99, which was first released in
2.80.1).

That change means that `g_menu_exporter_free()` is now called on the
registration failure path by `g_dbus_connection_register_object()`
before it returns. The caller then tries to call `g_slice_free()` on the
exporter again. The call to `g_menu_exporter_free()` tries to
dereference/free members of the exporter which it expects to be
initialised — but because this is happening in an error handling path,
they are not initialised.

If it were to get any further, the `g_slice_free()` would then be a
double-free on the exporter allocation.

Fix that by making `g_menu_exporter_free()` robust to some of the
exporter members being `NULL`, and moving some of the initialisation
code higher in `g_dbus_connection_export_menu_model()`, and removing the
duplicate free code on the error handling path.

This includes a unit test.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Fixes: #3366
2024-05-15 12:52:38 +01:00
Dr. David Alan Gilbert
1bc83f9495 Remove unused structs
gio/glocalfileinfo.c has a struct 'ThumbMD5Context'
that's been unused since
commit d013d46b98 ("Replace the copy-and-paste MD5 digest generation
with GChecksum.")
Remove it.

Signed-off-by: Dr. David Alan Gilbert <dave@treblig.org>
2024-05-15 12:10:25 +01:00
Marco Trevisan (Treviño)
486ad65535 gio/tests: Enable gsocketclient-slow under address santizer
The test can run properly, even though we won't do the right checks on
the preloaded library
2024-05-10 02:44:07 +02:00
Marco Trevisan (Treviño)
0eb6c85606 build: Define glib_sanitizers variable to easily get the sanitizers in use
It's an array containing the list of sanitizers in use, normally it
contains a value, but in some cases may have more than one (e.g.
'address' and 'undefined').

And so use it to avoid repeated checks
2024-05-10 02:15:52 +02:00
Marco Trevisan (Treviño)
84259c46fa gio/tests/subprocess: Skip the trapped test under ASAN since it uses ptrace
And as the sanitizer tells us, it doesn't support it
2024-05-09 17:51:10 +02:00
Marco Trevisan (Treviño)
5c84823342 gio/tests/gsettings: Cleanup allocated new locales 2024-05-09 17:25:56 +02:00
Marco Trevisan (Treviño)
ddfc8e2918 glocalfile: Trash, free values when done avoiding leaks on early returns
In glocalfile we're allocating some temporary strings but we don't free
them on early returns, so free them once done and unset the variables
to prevent them being used incorrectly.
2024-05-09 17:25:56 +02:00
Marco Trevisan (Treviño)
365411ea32 gio/tests/cancellable: Explain failure on GCancellableSource tests on valgrind
It looks like that finally also valgrind notices the same leaks as
address sanitizer does. It does it more randomly but it still happens,
so better to inform about until #2309 is resolved.
2024-05-09 17:25:56 +02:00
Philip Withnall
86dd02f487 Merge branch 'convert-bytes' into 'main'
Add g_converter_convert_bytes

See merge request GNOME/glib!4035
2024-05-09 15:03:56 +00:00
Matthias Clasen
0855968727 Add g_converter_convert_bytes
Add a utility api to apply a GConverter to data in memory.

Test included.
2024-05-09 15:03:55 +00:00
Marco Trevisan (Treviño)
8966099e9b gdbusmessage: Clean the cached arg0 when setting the message body
We're now caching arg0 but such value is not cleared when a new body is
set as it's in the connection filter test cases where we've a leak as
highlighted by both valgrind and leak sanitizer
2024-05-08 22:56:24 +02:00
Simon McVittie
7d65f6c5a2 gdbusconnection: Allow name owners to have the syntax of a well-known name
In a D-Bus-Specification-compliant message bus, the owner of a well-known
name is a unique name. However, ibus has its own small implementation
of a message bus (src/ibusbus.c) in which org.freedesktop.IBus is
special-cased to also have itself as its owner (like org.freedesktop.DBus
on a standard message bus), and connects to that bus with the
G_DBUS_CONNECTION_FLAGS_MESSAGE_BUS_CONNECTION flag. The ability to do
this regressed when CVE-2024-34397 was fixed.

Relax the checks to allow the owner of a well-known name to be any valid
D-Bus name, even if it is not syntactically a unique name.

Fixes: 683b14b9 "gdbus: Track name owners for signal subscriptions"
Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/3353
Bug-Debian: https://bugs.debian.org/1070730
Bug-Debian: https://bugs.debian.org/1070736
Bug-Debian: https://bugs.debian.org/1070743
Bug-Debian: https://bugs.debian.org/1070745
Signed-off-by: Simon McVittie <smcv@debian.org>
2024-05-08 14:46:08 +00:00
Marco Trevisan
4623c960c1 Merge branch 'fix-gdbus-connection-test' into 'main'
gdbusconnection: Fix test signal subscription ordering

See merge request GNOME/glib!4051
2024-05-07 23:38:31 +00:00
Ray Strode
47866d252f gdbusconnection: Fix test signal subscription ordering
The test case assumes signals will dispatched in a different order than
they're subscribed. In fact, signals can be dispatched in any order,
and are often dispatched in order.

This commit reorders the subscriptions so they're in order, which is
more logical, and also changes the code to only exit the event loops
when there are no pending handlers ready to dispatch.
2024-05-07 18:45:45 -04:00
Philip Withnall
b9e655b4d4
gapplication: Fix a small leak on an error handling path
This was highlighted (but not introduced) by
0144feb41f. Previously the test coverage
didn’t cover this branch, I think.

`iter` was leaked, and at this point `parameter` had never been set, so
clearing it was unnecessary.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #3349
2024-05-07 17:04:28 +01:00
Philip Withnall
d22c4574cd Merge branch '2.82-bus-name-owners' into 'main'
gdbusconnection: Don't deliver signals if the sender doesn't match

Closes #3268

See merge request GNOME/glib!4038
2024-05-07 14:30:22 +00:00
Simon McVittie
7b15b1db40 gdbus-proxy test: Wait before asserting name owner has gone away
GDBusConnection sends each signal to recipients in a separate idle
callback, and there's no particular guarantee about the order in which
they're scheduled or dispatched. For the NameOwnerChanged signal that
reports the name becoming unowned, it's possible that g_bus_watch_name()
gets its idle callback called before the GDBusProxy:g-name-owner
machinery has updated the name owner, in which case the assertion
will fail.

Fixing GNOME/glib#3268 introduced a new subscription to NameOwnerChanged
which can alter the order of delivery, particularly in the case where
G_DBUS_PROXY_FLAGS_NO_MATCH_RULE was used (as tested in
/gdbus/proxy/no-match-rule). The resulting test failure is intermittent,
but reliably appears within 100 repetitions of that test.

Fixes: 511c5f5b "tests: Wait for gdbus-testserver to die when killing it"
Signed-off-by: Simon McVittie <smcv@debian.org>
2024-05-07 14:40:52 +01:00
Matthias Clasen
64cd43029e Revert "Add GBase64Encoder and Decoder"
This reverts commit b2c11516e2.
2024-05-05 14:58:43 -04:00
Matthias Clasen
b2c11516e2 Add GBase64Encoder and Decoder
These are GConverter implementations that convert to/from
base64 encoding.

Originally written by Christian Persch.

Fixes: #305
2024-05-05 14:53:14 -04:00
Simon McVittie
43c5af517c gdocumentportal: Treat more error codes as a permissions error
If the file to be added is on a read-only filesystem, opening read/write
will fail with EROFS. In this case we should fall back to opening it
read-only, the same way we already do if write access is forbidden by
DAC or MAC.

An easy way to reproduce this test failure is to build and test GLib
in a podman container, with its source code read-only and its build
directory read/write:

    podman run --rm -it \
    -v $(pwd):$(pwd):ro \
    -v $(pwd)/_build:$(pwd)/_build:rw \
    -w $(pwd) ...

Before this commit, the dbus-appinfo test would fail, because opening
${srcdir}/gio/tests/org.gtk.test.dbusappinfo.flatpak.desktop read/write
would fail with EROFS.

For completeness, give similar handling to the other error codes
documented in Linux open(2) that might succeed if re-attempted using
read-only access: according to that documentation, we could get EPERM
if opening read/write is prevented by fcntl F_ADD_SEALS, or ETXTBSY
if the file is an executable that is currently being run.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-05-01 18:34:04 +01:00
Simon McVittie
8c533510ee gdocumentportal: Factor out opening_ro_might_succeed()
No functional change.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-05-01 18:33:37 +01:00
Ray Strode
c7caf98646 Merge branch 'track-bus-name-owners-for-signal-subscriptions' into 'main'
Track bus name owners for signal subscriptions

See merge request GNOME/Security/glib!1
2024-05-01 13:34:40 +00:00
Simon McVittie
96e3190aef tests: Ensure that unsubscribing with GetNameOwner in-flight doesn't crash
This was a bug that existed during development of this branch; make sure
it doesn't come back.

This test fails with a use-after-free and crash if we comment out the
part of name_watcher_unref_watched_name() that removes the name watcher
from `map_method_serial_to_name_watcher`.

It would also fail with an assertion failure if we asserted in
name_watcher_unref_watched_name() that get_name_owner_serial == 0
(i.e. that GetNameOwner is not in-flight at destruction).

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-05-01 13:42:27 +01:00
Simon McVittie
f6d1b5471a tests: Add a test for signal filtering by well-known name
The vulnerability reported as GNOME/glib#3268 can be characterized
as: these signals from an attacker should not be delivered to either
the GDBusConnection or the GDBusProxy, but in fact they are (in at
least some scenarios).

Reproduces: https://gitlab.gnome.org/GNOME/glib/-/issues/3268
Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-05-01 13:42:27 +01:00
Simon McVittie
fc0ee92072 tests: Add a test for matching by two well-known names
The expected result is that because TEST_CONN_SERVICE owns
ALREADY_OWNED_NAME but not (yet) OWNED_LATER_NAME, the signal will be
delivered to the subscriber for the former but not the latter.
Before #3268 was fixed, it was incorrectly delivered to both.

Reproduces: https://gitlab.gnome.org/GNOME/glib/-/issues/3268 (partially)
Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-05-01 13:42:27 +01:00
Simon McVittie
d4b6537651 gdbusconnection: Don't deliver signals if the sender doesn't match
Otherwise a malicious connection on a shared bus, especially the system
bus, could trick GDBus clients into processing signals sent by the
malicious connection as though they had come from the real owner of a
well-known service name.

Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/3268
Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-05-01 13:42:27 +01:00
Simon McVittie
683b14b981 gdbus: Track name owners for signal subscriptions
We will use this in a subsequent commit to prevent signals from an
impostor from being delivered to a subscriber.

To avoid message reordering leading to misleading situations, this does
not use the existing mechanism for watching bus name ownership, which
delivers the ownership changes to other main-contexts. Instead, it all
happens on the single thread used by the GDBusWorker, so the order in
which messages are received is the order in which they are processed.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-05-01 13:27:24 +01:00
Philip Withnall
fd93e12669
gdbusconnection: Fix a crash on arg0 matching
If a connection has two signal subscriptions active for the same signal,
one with arg0 matching and one without, a signal which doesn’t contain
an arg0 value (i.e. `g_dbus_message_get_arg0()` returns `NULL`) will
cause `NULL` to be passed to `strcmp()` when checking for a match
against the signal subscription which *has* arg0 matching, causing a
crash.

Fix that by adding the obvious `NULL` check, and add a unit test.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Fixes: #3342
2024-04-30 18:33:57 +01:00
Julian Sparber
0144feb41f GApplication: Allow multiple parameters for D-Bus activation
D-Bus Activation allows passing an array of parameters. Allow apps to
export actions that accept tuples to match the number of elements in the
parameters so the full potential of the D-Bus interface can be used.

Closes: https://gitlab.gnome.org/GNOME/glib/-/issues/3333
2024-04-29 16:30:36 +02:00
Philip Withnall
d2f5cd4153
tests: Fix a -Wmaybe-uninitialized warning in gdbus-serialization test
It’s a false positive, but easy enough to squash.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-04-25 23:57:55 +01:00
Philip Withnall
9f3322c784
gdbusdaemon: Disable scan-build for GDBusDaemon name refcounting
See the code comment. scan-build can’t handle analysis over the
refcounts, so consistently complains about potential use-after-free
errors in the code, essentially because:
 * It understands `name_unref()`, but completely ignores `name_ref()`
 * The code often calls `name_unref()` on the ‘wrong’ pointer, in the
   sense that it knows that if another struct exists, that struct holds
   a ref on a `Name`, but without actually having a pointer to the
   `Name`. So the code calls `name_unref (name); name_unref (name)`.
   That’s valid, but quite understandably looks like a recipe for a
   use-after-free.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #1767
2024-04-25 23:57:51 +01:00
Philip Withnall
672a33002e
gunixmounts: Squash a static analyser false positive
scan-build thinks that there can be a `NULL` pointer dereference of
`error` here because it doesn’t understand that the function return
value and `GError` are related: when a valid return value is returned,
the error is `NULL` and vice-versa.

Try and make that clearer to the static analyser by checking whether the
error is `NULL`, rather than the return value.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #1767
2024-04-25 23:57:46 +01:00
Philip Withnall
a1ff120a98
gsrvtarget: Silence false positive NULL pointer dereference
scan-build thinks there could be a `NULL` pointer dereference of
`t->data` here. It’s wrong, so add an assertion to try and help it
understand the control flow.

The loop is exited as soon as a target is found whose weight is greater
than or equal to a random value between 0 and the sum of all the weights
in the set of remaining targets in the loop. By definition, the last
target in the loop always satisfies this condition, so a target will
always be chosen, and hence `t` will never be `NULL` within the loop.

`t->data` will never be `NULL` by construction of the target list.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #1767
2024-04-25 23:57:41 +01:00
Philip Withnall
066298b6ef
gdbusconnection: Fix a false positive memory leak from scan-build
scan-build thinks that `data` could be leaked. It’s not, though; it’s
passed as the `user_data` to `g_dbus_connection_register_object()` along
with its free function.

Try and persuade scan-build that there’s no leak by annotating the
transfer.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #1767
2024-04-25 23:57:36 +01:00
Philip Withnall
4894168631
gproxyaddressenumerator: Strengthen some type assertions
scan-build was complaining that `dest_hostname` and `dest_protocol` were
used after being freed, which could potentially happen if the code is
built with `G_DISABLE_CHECKS`. This is a false positive, because the
state of types in the program should be the same regardless of whether
`G_DISABLE_CHECKS` is used.

However, the code did smell. If we are trying to free things and return
gracefully if the underlying socket address enumerator returns something
of the wrong type, why not free the rest of the function’s state, or
skip the invalid address and move on to the next one? Or if we are trying
to make an assertion, why bother freeing some temporary data at all?
This halfway house doesn’t make sense.

So turn the `g_return_val_if_fail()` into a full assertion.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #1767
2024-04-25 23:16:30 +01:00
Philip Withnall
3e68debb13
xdgmime: Add assertion to silence static analysis false positive
After a lot of loop unwinding, during which I think it might have lost
its knowledge that `cache->buffer != NULL` (from a prior check on line
765), scan-build seems to think that there can be a `NULL` pointer
dereference of `cache->buffer` within `cache_magic_compare_to_data()`.
There can’t be. Add an assertion to try and help the analyser.

Upstreamed as
https://gitlab.freedesktop.org/xdg/xdgmime/-/merge_requests/38.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #1767
2024-04-25 23:16:08 +01:00
Philip Withnall
ff4c17bc30
gnetworkmonitornetlink: Refactor error handling in read_netlink_messages()
scan-build thinks that it’s possible for `read_netlink_messages()` to
return `FALSE` and an unset error (or `TRUE` and a set error), and this
belief causes it to emit warnings for code which calls
`read_netlink_messages()`.

That’s not possible, but the function is written in such a way that
following the control flow would be hard for a static analyser. It would
have to work out that `retval` and `local_error == NULL` are identical
on all control flow branches.

Avoid the need for such complex analysis by eliminating `retval` and
just using `local_error` throughout.

This introduces no functional changes to the code.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #1767
2024-04-25 23:16:00 +01:00
Philip Withnall
b3cd9aaa98
gdesktopappinfo: Fix a maybe-uninitialized warning
scan-build thinks that `term_arg` could be used uninitialised. I think
there isn’t a bug here because that use is protected by the
`found_terminal == NULL` check and early return. But perhaps that logic
is a bit too complex for static analysis, so add a default value for the
variable.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #1767
2024-04-25 23:15:55 +01:00
Philip Withnall
e7aa0039b9
gsocks5proxy: Rework functions to separate length and success/failure
The previous approach was to return a length as a `gssize`, with
negative values indicating failure. That works fine, but causes a lot of
signed/unsigned comparisons or assignments.

Tidy the code up by splitting success from length, returning success as
a boolean, and length as a `size_t*` out argument. This introduces no
functional changes, but does tidy the code up and fix some compiler
integer warnings.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-04-25 00:39:13 +01:00
Philip Withnall
6e362ce3b6
gio: Fix various implicit conversions from size_t to smaller types
Basically various trivial instances of the following MSVC compiler
warning:
```
../gio/gio-tool-set.c(50): warning C4267: '=': conversion from 'size_t' to 'int', possible loss of data
```

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-04-25 00:37:47 +01:00
maxrdz
f0b4f50f66
gfileinfo: Fixed broken link to gio/file-attributes.html
Looks like the original author mixed up where the link label and the
link URL goes. :p

Previously the link would point to "https://docs.gtk.org/gio/file
attributes", with a space and no file extension.
2024-04-23 14:33:45 -07:00
Simon McVittie
26a3fb8518 gdbusconnection: Stop storing sender_unique_name in SignalData
This will become confusing when we start tracking the owner of a
well-known-name sender, and it's redundant anyway. Instead, track the
1 bit of data that we actually need: whether it's a well-known name.

Strictly speaking this too is redundant, because it's syntactically
derivable from the sender, but only via extra string operations.
A subsequent commit will add a data structure to keep track of the
owner of a well-known-name sender, at which point this boolean will
be replaced by the presence or absence of that data structure.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-04-23 21:42:24 +01:00
Simon McVittie
7d21b719ed gdbusconnection: Factor out remove_signal_data_if_unused
No functional change, just removing some nesting. The check for whether
signal_data->subscribers is empty changes from a conditional that tests
whether it is into an early-return if it isn't.

A subsequent commit will add additional conditions that make us consider
a SignalData to be still in use and therefore not eligible to be removed.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-04-23 21:42:24 +01:00
Simon McVittie
5d7ad6897c gdbusconnection: Factor out add_signal_data()
No functional changes.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-04-23 21:42:24 +01:00
Simon McVittie
816da60571 gdbusconnection: Factor out signal_data_new_take()
No functional changes, except that the implicit ownership-transfer
for the rule field becomes explicit (the local variable is set to NULL
afterwards).

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-04-23 21:42:24 +01:00
Simon McVittie
8dfea5609e gdbusconnection: Move SignalData, SignalSubscriber higher up
Subsequent changes will need to access these data structures from
on_worker_message_received(). No functional change here, only moving
code around.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-04-23 21:42:24 +01:00
Simon McVittie
1e648b677f gdbusprivate: Add symbolic constants for the message bus itself
Using these is a bit more clearly correct than repeating them everywhere.
To avoid excessive diffstat in a branch for a bug fix, I'm not
immediately replacing all existing occurrences of the same literals with
these names.

The names of these constants are chosen to be consistent with libdbus,
despite using somewhat outdated terminology (D-Bus now uses the term
"well-known bus name" for what used to be called a service name,
reserving the word "service" to mean specifically the programs that
have .service files and participate in service activation).

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-04-23 21:41:53 +01:00
Simon McVittie
fd265663f2 tests: Add test coverage for signals that match the message bus's name
This is a special case of unique names, even though it's syntactically
a well-known name.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-04-23 19:14:32 +01:00
Simon McVittie
984354e02d tests: Add a test-case for what happens if a unique name doesn't exist
On GNOME/glib#3268 there was some concern about whether this would
allow an attacker to send signals and have them be matched to a
GDBusProxy in this situation, but it seems that was a false alarm.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-04-23 19:14:32 +01:00
Simon McVittie
14c3d6938e tests: Add support for subscribing to signals from a well-known name
Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-04-23 19:14:32 +01:00
Simon McVittie
124b4571bb tests: Add a data-driven test for signal subscriptions
This somewhat duplicates test_connection_signals(), but is easier to
extend to cover different scenarios.

Each scenario is tested three times: once with lower-level
GDBusConnection APIs, once with the higher-level GDBusProxy (which
cannot implement all of the subscription scenarios, so some message
counts are lower), and once with both (to check that delivery of the
same message to multiple destinations is handled appropriately).

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-04-23 19:08:19 +01:00
Ondrej Holy
dbb7a12a96 gunixmounts: Use fallback if libmount monitoring fails
The recently added libmount-based unix mount monitoring may fail when the
device exceeds inotify limits. Let's fallback to the older implementation
in case of the `mnt_monitor_get_fd` function failure. This among others
fixes tracker-miners failures caused by seccomp rules.

Fixes: https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/315
2024-04-23 12:59:40 +02:00
Michael Catanzaro
81eaabb308 Merge branch 'completion-bins' into 'main'
completion: Invoke the command being completed

See merge request GNOME/glib!4013
2024-04-17 18:04:02 +00:00
Philip Withnall
70c0f3bff6
completion: Rework quoting in gsettings completion script
This is a partial revert and rework of commit
c79575362e, for the `gsettings` script
only (the other completion scripts are fine).

I blindly added quoting to everything shellcheck told me to, without
testing it properly.

As it turns out, the `$schemadir` argument to `gsettings` invocations
was deliberately not quoted, so that it would expand to zero arguments
if unset, and two arguments (`--schemadir /some/path`) if set earlier in
the command-being-completed.

Quoting it meant that it expanded to one argument (the empty string) if
unset, which caused the `gsettings` subcommands to fail, and hence any
further tab completion to fail.

Fix that as suggested on https://www.shellcheck.net/wiki/SC2086 by
turning `schemadir` into an array, which either has zero members if
unset, or two members if set.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-04-17 17:43:50 +01:00
Philip Withnall
295a6fb965
completion: Add missing copyright and licensing headers
The copyright entries come from looking at `git log gio/completion/*`
and, in particular, `git log -- gio/gsettings-bash-completion.sh` (etc.)
as the files were moved after being originally written, and haven’t
really changed since.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #1415
2024-04-17 17:43:44 +01:00
Philip Withnall
cc22637856
completion: Invoke the command being completed
As suggested by Ville Skyttä in
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4012#note_2084405,
make sure to invoke the copy of the command which is being completed
when asking for completions of a given subcommand.

This avoids accidentally invoking any old `gdbus`/`gresource`/etc.
binary which is hanging around in another part of `$PATH`.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-04-17 17:43:38 +01:00
Philip Withnall
8138246ab8
inotify: Add license and copyright headers to meson.build
The copyright from `git log gio/inotify/meson.build` is now included in
the file header. The following commits are too trivial to be
copyrightable:
 - d10be6102f
 - 03e86d000f
 - 1741fc2c6e
 - 8733d172a3

The file was contributed while the `COPYING` file for GLib was
LGPL-2.1-or-later, so was previously implicitly licensed as that.
Let’s make that explicit.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #1415
2024-04-17 15:46:23 +01:00
Philip Withnall
417f6a4bde
inotify: Trivially add SPDX-License-Identifier to inotify files
The license and copyright are already stated in human-readable form in
these files, so this should be uncontroversial.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #1415
2024-04-17 15:46:11 +01:00
Philip Withnall
34050a5c12
codegen: Add license and copyright headers to remaining files
The `.flake8` file has a trivial version history, so the copyright is
straightforward from that.

`meson.build` has a more complex history, but the only significant
contributions were from Centricular. From `git log
gio/gdbus-2.0/codegen/meson.build`, the other (following) commits are
too trivial to be copyrightable:
 - d10be6102f
 - 30b25a6fd9
 - 95fa229f34
 - 631c3534b7
 - 00d7568e4f
 - 9734e4854e
 - 65be80c3ed
 - 66e4ba806a
 - a1c78d63ef
 - a73ca336aa
 - 19353017a7
 - b4231844a2
 - 4cb945d780
 - 4ce58df854
 - e2433308c4
 - 013980d839

Both files were contributed while the `COPYING` file for GLib was
LGPL-2.1-or-later, so both were previously implicitly licensed as that.
Let’s make that explicit.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #1415
2024-04-17 15:33:24 +01:00
Philip Withnall
68d8f721f3
codegen: Trivially add SPDX-License-Identifier to codegen Python files
The license and copyright are already stated in human-readable form in
these files, so this should be uncontroversial.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #1415
2024-04-17 15:31:50 +01:00
Philip Withnall
869ef92858 Merge branch 'shellcheck-completions' into 'main'
tests: Enable shellcheck for bash completion scripts

See merge request GNOME/glib!4012
2024-04-17 07:43:12 +00:00
Jan Tojnar
156e0c865a docs: Fix broken links
The file was renamed in 5d80471d4b.
2024-04-16 14:33:45 +01:00
Philip Withnall
827bca3212
completion: Ignore SC2207 for COMPREPLY assigments
Using the same justification as in
https://gitlab.gnome.org/GNOME/dconf/-/merge_requests/81#note_2083220:
it’s hard to get this right, with error handling, in a way which is
understandable to people reading it, and which both bash and shellcheck
will be happy with.

On the assumption that none of the completions generated by any of these
utilities will include ‘problematic’ characters (ones which would cause
word splitting or globbing in bash), just ignore the shellcheck
warnings. Note that I have not actually closely verified that these
utilities can’t return ‘problematic’ characters.

This means we can enable shellcheck, with fatal warnings, for these
scripts, and hence catch future regressions.

If someone wants to improve the handling of globbing/word splitting in
some/all of these array assignments in future, the shellcheck disables
can be removed.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-04-16 14:09:36 +01:00
Philip Withnall
6024fb9753
completion: Quote argument to unset
Otherwise it gets globbed and the wrong thing potentially gets unset.
Spotted by shellcheck.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-04-16 14:08:39 +01:00
Philip Withnall
17f0cad2c7
completion: Drop some unused variables
Spotted by shellcheck.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-04-16 14:08:08 +01:00
Philip Withnall
7ad93a0c95
completion: Use read -r rather then plain read
This means that backslashes in the input (which is unlikely, but I guess
possible) won’t affect line splitting. Spotted by shellcheck.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-04-16 14:07:12 +01:00
Philip Withnall
b1ef6a125e
completion: Quote variable dereferences within variable dereferences
Otherwise they could get split. Spotted by shellcheck.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-04-16 14:06:13 +01:00
Philip Withnall
d3d811f4e5
completion: Split declaration and assignment of variables
Having them on the same line masks failure of the subcommand generating
the value being assigned. Spotted by shellcheck.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-04-16 14:05:04 +01:00
Philip Withnall
a7ad2a4c3a
completion: Drop unnecessary $ from variables in arithmetic expressions
It’s not needed, according to shellcheck.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-04-16 14:03:19 +01:00
Philip Withnall
c79575362e
completion: Add missing quoting
As suggested by shellcheck.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-04-16 13:58:49 +01:00
Philip Withnall
aaf715a046
completion: Stop using old backtick quoting for subcommands
Fixes a shellcheck warning.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-04-16 13:54:33 +01:00
Philip Withnall
f95e8b4e7c
completion: Add shellcheck shell hints to all completion scripts
Because completion scripts are not executed directly, they don’t have a
shebang line, so shellcheck can’t be sure which shell syntax to use for
them. Help it out.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-04-16 13:51:44 +01:00
Michael Catanzaro
5c8fbc3cda Merge branch 'scan-build' into 'main'
Fix various bugs found by scan-build and refresh scan-build config in CI

See merge request GNOME/glib!4005
2024-04-15 15:47:45 +00:00
Michael Catanzaro
e831627881 Merge branch '3310-subprocess-sigpipe' into 'main'
gsubprocess: Globally ignore SIGPIPE

Closes #3310

See merge request GNOME/glib!3991
2024-04-15 15:33:00 +00:00
Philip Withnall
ad0532f2bf
xdgmimeglob: Fix a memory leak on a duplicate-entry path
Rather than `strdup()`ing strings when passing them into
`_xdg_glob_list_append()`, `strdup()` them *inside* the function
instead.

This avoids a leak in the case that the list entry (tuple of `data` and
`mime_type`) already exists in the list.

This has been upstreamed as
https://gitlab.freedesktop.org/xdg/xdgmime/-/merge_requests/36.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-04-12 18:45:52 +01:00
Philip Withnall
ae3bd19108
gresource: Improve resource unregistration performance slightly
Rather than iterating over the list twice: once to find the resource,
and once to re-find its link and delete it, just use
`g_list_delete_link()` to delete what was found.

This has the lovely side-effect of squashing a false positive from
scan-build, which thought there was a use-after-free of `resource` in
the caller, due to `g_resource_unref()` being called on it here.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #1767
2024-04-12 18:45:46 +01:00
Philip Withnall
1ed199a881
tests: Use g_assert_*() rather than g_assert() in gdbus-export tests
It won’t get compiled out with `G_DISABLE_ASSERT`.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-04-12 18:45:39 +01:00
Philip Withnall
3f30ec86cd
gdbusconnection: Fix user_data leaks on error
There were a couple of functions in `GDBusConnection` which take a
`user_data` argument, but which then leak it if they error out early.

A true positive spotted by scan-build!

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #1767
2024-04-12 18:45:31 +01:00