Commit Graph

8049 Commits

Author SHA1 Message Date
Philip Withnall
d7c813cf5b gdbusprivate: Improve ownership docs for write_message_async()
The ownership transfers in this code are a bit complex, so adding some
extra documentation and `g_steal_pointer()` calls should hopefully help
clarify things.

This doesn’t introduce any functional changes, just code documentation.

Another drive-by improvement in the quest for #1264.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1264
2023-04-14 15:37:21 +01:00
Philip Withnall
861741ef4b gdbusprivate: Ensure data->task is cleared when it returns
The existing comment in the code was correct that `data` is freed when
the task callback is called, because `data` is also pointed to by the
`user_data` for the task, and that’s freed at the end of the callback.

So the existing code was correct to take a copy of `data->task` before
calling `g_task_return_*()`.

After calling `g_task_return_*()`, the existing code unreffed the task
(which is correct), but then didn’t clear the `data->task` pointer,
leaving `data->task` dangling. That could cause a use-after-free or a
double-unref.

Avoid that risk by explicitly clearing `data->task` before calling
`g_task_return_*()`.

After some testing, it turns out this doesn’t actually fix any bugs, but
it’s still a good robustness improvement.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1264
2023-04-14 15:36:32 +01:00
Philip Withnall
ed7044b5f3 gdbusprivate: Improve docs on message ownership in MessageToWriteData
This doesn’t introduce any functional changes, but should make the code
a little clearer.

Drive-by improvements while trying to debug #1264.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1264
2023-02-23 12:11:24 +00:00
Philip Withnall
90af20d950 gdbusconnection: Improve docs of message ownership in closures
This introduces no functional changes, but makes it a little clearer how
the ownership of these `GDBusMessage` instances works. The free function
is changed to `g_clear_object()` to avoid the possibility of somehow
using the messages after freeing them.

Basically just some drive-by docs improvements while trying to debug
issue #1264.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1264
2023-02-23 12:11:24 +00:00
Philip Withnall
127c899a2e gdbusconnection: Fix the type of a free function
This didn’t actually cause any observable bugs, since the structures of
`PropertyData` and `PropertyGetAllData` were equivalent for the members
which the free function touches.

Definitely should be fixed though.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2023-02-23 12:11:24 +00:00
Philip Withnall
4900ea5215 gdbusconnection: Fix double unref on timeout/cancel sending a message
This appears to fix an intermittent failure seen when sending a D-Bus
message with either of a cancellable or a timeout set.

In particular, I can reliably reproduce it with:
```
meson test gdbus-test-codegen-min-required-2-64 --repeat 10000
```

It can be caught easily with asan when reproduced. Tracking down the
location of the refcount mismatch was a little tricky, but was
simplified by replacing a load of `g_object_ref (message)` calls with
`g_dbus_message_copy (message, NULL)` to switch `GDBusMessage` handling
to using copy semantics. This allowed asan to home in on where the
refcount mismatch was happening.

The problem was that `send_message_data_deliver_error()` takes ownership
of the `GTask` passed to it, but the
`send_message_with_replace_cancelled_idle_cb()` and
`send_message_with_reply_timeout_cb()` functions which were calling it,
were not passing in a strong reference as they should have.

Another approach to fixing this would have been to change the transfer
semantics of `send_message_data_deliver_error()` so it was `(transfer
none)` on its `GTask`. That would probably have resulted in cleaner
code, but would have been a lot harder to verify/review the fix, and
easier to inadvertently introduce new bugs.

The fact that the bug was only triggered by the cancellation and timeout
callbacks explains why it was intermittent: these code paths are
typically never hit, but the timeout path may sometimes be hit on a very
slow test run.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #1264
2023-02-23 12:11:24 +00:00
Simon McVittie
88fd3f0a76 Merge branch 'build-with-llvm-toolchain' into 'main'
Fix building gio/tests/test_resources.o with LLVM ld

Closes #2720

See merge request GNOME/glib!3186
2023-02-22 16:51:05 +00:00
Philip Withnall
0a715be599 Merge branch 'cloexec-other' into 'main'
Close-on-exec flag few missed places

See merge request GNOME/glib!3292
2023-02-22 13:07:35 +00:00
Philip Withnall
ddf85f9d9e Merge branch 'g-win32-app-info-enhancements-2' into 'main'
GWin32AppInfo: Retrieve display name for UWP / Packaged apps

See merge request GNOME/glib!3168
2023-02-22 12:55:24 +00:00
Emmanuele Bassi
4c17e3b122 Merge branch '2907-file-info-docs' into 'main'
gfileinfo: Document required attributes for helper getters

Closes #2907

See merge request GNOME/glib!3261
2023-02-22 12:35:38 +00:00
Luca Bacci
01889cd348 GWin32AppInfo: Retrieve display name of UWP (packaged) apps 2023-02-22 13:24:13 +01:00
Emmanuele Bassi
c669baab4c Merge branch 'live-g-file-test-logging' into 'main'
tests: Remove custom printerr logging from live-g-file

See merge request GNOME/glib!3281
2023-02-22 01:36:10 +00:00
Maciej S. Szmigiero
8f8ebb1bd0 g_mkstemp: Use O_CLOEXEC for race-free setting of the close-on-exec flag
mkstemp-like family of functions also use g_open () under the hood so
they should pass the O_CLOEXEC flag there for race-free setting of the
close-on-exec flag.
2023-02-22 00:38:13 +01:00
Maciej S. Szmigiero
cbc15d6ceb gunixmounts: Use "e" mode flag in setmntent () call for race-free setting of the close-on-exec flag
setmntent () call uses the same mode flag set as fopen (), so it should
also include the "e" mode flag for race-free setting of the close-on-exec
flag.
2023-02-22 00:32:33 +01:00
Luca Bacci
0f0520ffa2 Add VTable definition for IPackage2
Derived from MIT-licensed code:
https://github.com/microsoft/windows-rs/blob/0.43.0/crates/libs/windows/src/Windows/ApplicationModel/mod.rs#L554
2023-02-21 18:01:51 +01:00
Philip Withnall
339aaa3719 Merge branch 'cloexec-audit' into 'main'
Make sure new file descriptors have close-on-exec flag set on them in a race-free way

See merge request GNOME/glib!3283
2023-02-21 12:58:01 +00:00
Maciej S. Szmigiero
0e7bf99ec2 Use "e" mode flag in fopen () calls for race-free setting of the close-on-exec flag
All Unix CRTs examined: glibc, musl, BSDs, Apple libc, Android bionic
ignore unknown fopen () mode flags, so this flag can be added
unconditionally for Unix builds.

Only Windows CRT is intolerant of these, so the single case in
g_dbus_address_connect () where the fopen () call is shared between Unix
and Windows needs appropriate platform-specific handling.

Skipped the call sites in libcharset and xdgmime copylibs.
2023-02-21 12:42:55 +00:00
Maciej S. Szmigiero
3f2e18b07c Use O_CLOEXEC in {g_,}open () calls for race-free setting of the close-on-exec flag
The remaining call sites are either Windows-only, between fork () and
exec () or in xdgmime copylib.

Hope I haven't missed any site.
2023-02-21 12:42:55 +00:00
Maciej S. Szmigiero
dd36ee0abf gtestdbus: Use g_unix_open_pipe_internal () for creating pipes
This attempts to create the pipes with race-free setting of the
close-on-exec flag.
2023-02-21 12:42:55 +00:00
Sebastian Dröge
7c5e930170 Allow passing a NULL item to g_list_store_find_with_equal_func()
The `equal_func` closure can already have all required information
available without the item, and passing the item via the closure instead
of an explicit parameter is more natural for languages that have a
concept of closures that can capture variables.
2023-02-20 10:16:11 +02:00
Maciej S. Szmigiero
3dc77fef24 gsocket: Use accept4 () for race-free setting of the close-on-exec flag
The code was already setting the close-on-exec flag for the new socket,
just in a racy way.
2023-02-19 16:47:13 +01:00
Philip Withnall
5d469dbe5a tests: Remove custom printerr logging from live-g-file
Use `g_test_message()` instead, so that the logs get treated properly
for TAP output.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2023-02-16 13:50:15 +00:00
Marius Vollmer
8f02681f6e gdbus: Never buffer reads during server authentication
Otherwise, the content of the buffer is thrown away when switching
from reading via a GDataInputStream to unbuffered reads when waiting
for the "BEGIN" line.

(The code already tried to protect against over-reading like this by
using unbuffered reads for the last few lines of the auth protocol,
but it might already be too late at that point.  The buffer of the
GDataInputStream might already contain the "BEGIN" line for example.)

This matters when connecting a sd-bus client directly to a GDBus
client.  A sd-bus client optimistically sends the whole auth
conversation in one go without waiting for intermediate replies.  This
is done to improve performance for the many short-lived connections
that are typically made.
2023-02-15 14:33:15 +00:00
Philip Withnall
bde724e5ac Revert "Revert "tests: Temporarily disable socket test due to a kernel bug""
This reverts commit 27bee8fe5d.

Inevitably, despite testing the CI multiple times before merging commit
27bee8fe, the CI is now failing again in the `socket` test due to (what
I continue to assume is) the kernel regression:

https://gitlab.gnome.org/martinpitt/glib/-/jobs/2585332

In order to unblock development on `main` expediently, I guess I’ll just
revert the revert.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Reopens: #2879
2023-02-15 13:23:13 +00:00
Philip Withnall
27bee8fe5d Revert "tests: Temporarily disable socket test due to a kernel bug"
This reverts commit 1507585869.

Maybe it works now? It will work as soon as the CI host kernel is
updated.

Fixes: #2879
2023-02-13 19:35:30 +00:00
Philip Withnall
438bd5cfa1 gutils: Make g_find_program_for_path() a proper private API
It’s not meant to be exposed publicly yet (we’re not ready to stabilise
it), but it was incorrectly decorated with `GLIB_AVAILABLE_IN_2_76`.

We can’t remove the decorator and use it that way, as it’s called in
libgio, so we have to expose it using `GLIB_PRIVATE_CALL()`.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2876
2023-02-13 16:12:07 +00:00
Philip Withnall
728ad64b44 glocalfileinfo: Ensure boolean file attributes are set
Don’t just set them when they’re true and rely on their non-presence
being evaluated to `FALSE`. That means that they erroneously don’t get
returned in `g_file_info_list_attributes()`.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2907
2023-02-08 11:58:15 +00:00
Philip Withnall
7082f03dbf gio-tool-info: Add missing attribute check
`g_file_info_get_is_hidden()` should not be called without checking the
attribute is set first, just as with the calls higher up in this code.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2907
2023-02-08 11:58:15 +00:00
Philip Withnall
ed8e86a7d4 gfileinfo: Add critical warnings for helper getters
As documented in a previous commit, these functions should not be called
without the right attributes being present in the `GFileInfo`. Add
critical warnings to make this more obvious.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2907
2023-02-08 11:58:15 +00:00
Philip Withnall
8cee721df8 gfileinfo: Remove erroneous GFileType casts from returns
Looks like copy/paste errors.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2023-02-08 10:00:43 +00:00
Philip Withnall
2f862993cc gfileinfo: Fix some minor documentation typos
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2023-02-08 09:57:51 +00:00
Philip Withnall
937c6f15cd gfileinfo: Document required attributes for helper getters
It doesn’t make sense to (for example) call `g_file_info_get_name()` if
the `GFileInfo` doesn’t contain `G_FILE_ATTRIBUTE_STANDARD_NAME`, given
that building the `GFileInfo` is typically a static process and entirely
under the control of the programmer.

By being this restrictive, we avoid having to return ‘unknown’ values
for some of these standard APIs, particularly the numeric ones such as
`g_file_info_get_size()`. If APIs like that were to work correctly in
the face of a `GFileInfo` without `G_FILE_ATTRIBUTE_STANDARD_SIZE`
specified, they’d have to be able to return a value to indicate the
attribute is missing. Returning `0` or `G_MAXSIZE` to indicate that
would be ambiguous.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2907
2023-02-08 09:54:54 +00:00
Eli Schwartz
740440774a
fix underspecified dependencies on generated headers
Since gmodule-visibility.h is now a custom target and produced at
buildtime, it might not always exist in time for use in other source
files. This was the case for gio-inotify.

Add it as an additional source file to ensure in-time generation.
2023-02-06 23:00:04 -05:00
Philip Withnall
622e1d8c83 Merge branch 'wip/ernestask/converter-null-out' into 'main'
gio: converter: Forbid null out arguments

See merge request GNOME/glib!3245
2023-02-02 22:39:57 +00:00
Ernestas Kulik
e0976efee9 gio: converter: Forbid null out arguments
Currently, inbuf_size and outbuf_size are not documented as not
nullable, but they are expected to be so, which might lead to unexpected
crashes. Moreover, outbuf itself is also expected to not be null, so
this commit adds the appropriate GI annotations and early returns on
failed preconditions.
2023-02-02 21:25:56 +02:00
Marco Trevisan
155e44652e Merge branch 'gstring-free-warning' into 'main'
Make g_string_free (_, FALSE) warn on unused result

See merge request GNOME/glib!3226
2023-02-01 16:28:02 +00:00
Philip Withnall
bd5e57ef17 tests: Fix a few minor leaks in gdbus-example-peer
One leak spotted by the Coverity, the others found via valgrind.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Coverity CID: #1504322
2023-01-31 11:44:44 +00:00
Alex Richardson
c434743111 Fix build of gio/ttests/est_resources2.o with LLVM objcopy
LLVM objcopy's --strip-all is more aggressive that GNU objcopy --strip-all
and will remove everything that is not actually used. In this case we
see the following error:
`error: 'gio/tests/test_resources.o': Symbol table has link index of 5 which is not a valid index`

Fix this by only removing debug symbols instead of all unused symbols and
sections.

Helps: https://gitlab.gnome.org/GNOME/glib/-/issues/2720
2023-01-28 10:46:50 +00:00
Alex Richardson
6d93568e36 Fix building gio/tests/test_resources.o with LLVM ld
Unlike GNU ld which has a default target architecture, ld.lld is always a
cross-linker and has the same behaviour for all targets. If you don't tell
ld.lld what the target architecture is it can't infer the right ELF flags
for the resulting object file.
```
$ ~/cheri/output/sdk/bin/ld -r -b binary gio/tests/test5.gresource -o gio/tests/test_resources.o -v
LLD 14.0.0 (compatible with GNU linkers)
ld: error: target emulation unknown: -m or at least one .o file required
```

As you can see from the error message it can't infer the target
architecture (you need a least one valid .o file or the -m flag).
If you use the compiler instead of directly invoking the linker it will
pass the appropriate flags:
```
$ ~/cheri/output/sdk/bin/clang -r -Wl,-b,binary gio/tests/test5.gresource -o gio/tests/test_resources.o -v
clang version 14.0.0 (https://github.com/CTSRD-CHERI/llvm-project.git ff66b683475fc44355b2010dbcbe1202d785e6f8)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/alexrichardson/cheri/output/sdk/bin
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/10
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/11
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/12
Selected GCC installation: /usr/lib/gcc/x86_64-linux-gnu/12
Candidate multilib: .;@m64
Selected multilib: .;@m64
 "/home/alexrichardson/cheri/output/sdk/bin/ld" --eh-frame-hdr -m elf_x86_64 -dynamic-linker /lib64/ld-linux-x86-64.so.2 -o gio/tests/test_resources.o -L/usr/lib/gcc/x86_64-linux-gnu/12 -L/usr/lib/gcc/x86_64-linux-gnu/12/../../../../lib64 -L/lib/x86_64-linux-gnu -L/lib/../lib64 -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib64 -L/home/alexrichardson/cheri/output/sdk/bin/../lib -L/lib -L/usr/lib -r -b binary gio/tests/test5.gresource
❯ file gio/tests/test_resources.o
gio/tests/test_resources.o: ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
```

This works for most architectures, but ones that need additional metadata
sections to encode the used ABI, etc. will require a different approach
using .incbin. However, that is a change for another MR.

Partially fixes: https://gitlab.gnome.org/GNOME/glib/-/issues/2720
2023-01-28 10:46:50 +00:00
Sergey Bugaev
c121118bc4 tests: Silence a warning
In case the OS does not support epoll and kqueue, we get the warning:

gio/tests/pollable.c: In function ‘test_pollable_unix_nulldev’:
gio/tests/pollable.c:266:7: warning: unused variable ‘fd’
[-Wunused-variable]
  266 |   int fd;

Get rid of it.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-01-27 11:58:56 +03:00
Sergey Bugaev
bccff754b6 Use g_string_free_and_steal () more
Now that there is g_string_free_and_steal (), we can use it instead of
the older g_string_free (_, FALSE). Make sure to use its return value
while doing so, as opposed to manually accessing string->str, to avoid
compiler warnings and make the intent more explicit.

This is all done in preparation for making g_string_free (_, FALSE) warn
on unused return value much like g_string_free_and_steal (), which will
happen in the next commit.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-01-27 11:55:27 +03:00
Marco Trevisan
5e40004bdb Merge branch 'gstrdup-inline' into 'main'
gstrfuncs: Add inline version of g_strdup()

See merge request GNOME/glib!3209
2023-01-26 18:38:37 +00:00
Marco Trevisan
2cbc90cc1e Merge branch '2901-gio-executable-docs' into 'main'
gappinfo: Document that g_app_info_get_executable() should not be spawned

Closes #2901

See merge request GNOME/glib!3240
2023-01-26 16:41:16 +00:00
Marco Trevisan (Treviño)
23da6bade0 {glib,gio}/cxx: Add more tests for C++ inline funcs
These could behave differently in C++ so let's ensure this is not the
case.
2023-01-26 16:52:36 +01:00
Marco Trevisan
452e9957a4 Merge branch 'leak-suppressions' into 'main'
Add a few suppressions to glib.supp and fix a minor bug in gapplication test

See merge request GNOME/glib!3223
2023-01-26 15:40:22 +00:00
Philip Withnall
ac30b7d824 Merge branch 'leak-fix' into 'main'
tests/desktop-app-info: fix stack-use-after-scope

See merge request GNOME/glib!3187
2023-01-26 15:36:22 +00:00
Philip Withnall
c53f9c0d37 gappinfo: Document that g_app_info_get_executable() should not be spawned
Spawning a process correctly is a lot more complicated than just bunging
an argument onto the return value from this function.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2901
2023-01-26 14:54:35 +00:00
Marc-André Lureau
f50a4f8501 tests/desktop-app-info: fix stack-use-after-scope
Fix the tests, by allocating the structure.

==121338==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffe44018610 at pc 0x00000040ff71 bp 0x7ffe440178f0 sp 0x7ffe440178e8
READ of size 8 at 0x7ffe44018610 thread T0
    #0 0x40ff70 in test_launch_uris_with_terminal ../gio/tests/desktop-app-info.c:1393
    #1 0x7efd97b831e8 in test_case_run ../glib/gtestutils.c:2947
    #2 0x7efd97b831e8 in g_test_run_suite_internal ../glib/gtestutils.c:3037
    #3 0x7efd97b82d23 in g_test_run_suite_internal ../glib/gtestutils.c:3056
    #4 0x7efd97b82d23 in g_test_run_suite_internal ../glib/gtestutils.c:3056
    #5 0x7efd97b82d23 in g_test_run_suite_internal ../glib/gtestutils.c:3056
    #6 0x7efd97b84189 in g_test_run_suite ../glib/gtestutils.c:3136
    #7 0x7efd97b842c5 in g_test_run ../glib/gtestutils.c:2248
    #8 0x4055bc in main ../gio/tests/desktop-app-info.c:1901
    #9 0x7efd9564a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
    #10 0x7efd9564a5c8 in __libc_start_main_alias_1 (/lib64/libc.so.6+0x275c8)
    #11 0x4059f4 in _start (/home/elmarco/src/gnome/glib/build/gio/tests/desktop-app-info+0x4059f4)

Address 0x7ffe44018610 is located in stack of thread T0 at offset 128 in frame
    #0 0x404d1f in main ../gio/tests/desktop-app-info.c:1823

  This frame has 6 object(s):
    [48, 52) 'argc' (line 1821)
    [64, 72) 'path' (line 1870)
    [96, 104) 'argv' (line 1822)
    [128, 144) '<unknown>' <== Memory access at offset 128 is inside this variable
    [160, 176) '<unknown>'
    [192, 288) 'supported_terminals' (line 1825)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2023-01-24 23:43:20 +04:00
Philip Withnall
1507585869 tests: Temporarily disable socket test due to a kernel bug
There’s a kernel bug on the CI machines which is causing this test to
fail all the time and it’s getting my goat.

The test can be re-enabled later (by reverting this commit) when the
kernel on the CI VM host is fixed. I don’t know when that’s going to
happen.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2879
2023-01-24 11:46:25 +00:00
Philip Withnall
73205b8bbd tests: Explicitly remove a timeout handler in gapplication test
Otherwise if, for whatever reason, the `app` loses its D-Bus name,
`g_application_quit()` is called from `name_was_lost()` before it’s
called from `quit_already()`, and then `quit_already()` does an invalid
read on `app`.

If the name was not meant to be lost at this point in the test, the
subsequent `g_assert_false (name_lost)` will catch that, so this change
shouldn’t cause the test to pass unnecessarily.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2023-01-24 11:25:34 +00:00