String inputs to convenience conversion functions g_locale_from_utf8(),
g_filename_from_utf8(), and g_filename_to_utf8(), are annotated for the
bindings as NUL-terminated strings of (type utf8) or (type filename).
There is also a len parameter that allows converting part of the string,
but it is exposed to the bindings as a value independent from the string
buffer. Absent any more sophisticated ways to annotate, the way to
provide a safeguard against len argument values longer than the
string length is to check that no nul is encountered within the first
len bytes of the string. strdup_len() includes this check as part of
UTF-8 validation, but g_convert() permits embedded nuls.
For g_filename_from_utf8(), also check the output to prevent embedded NUL
bytes. It's not safe to allow embedded NULs in a string that is going
to be used as (type filename), and no known bytestring encoding for
file names allows them.
https://bugzilla.gnome.org/show_bug.cgi?id=792516
The character encoding conversion utility functions g_locale_to_utf8()
and g_filename_to_utf8() had inconsistent behavior on producing strings
with inner NUL bytes: in the all-UTF-8 strdup path, the input string
validation prohibits embedded NULs, while g_convert(), using iconv(),
can produce UTF-8 output with NUL bytes inside the output buffer.
This, while valid UTF-8 per the Unicode standard, is not valid for
the nul-terminated (type utf8) return value format that the *_to_utf8()
functions are annotated with (as per discussion in bug 756128).
Check the output of g_convert() for embedded NUL bytes, and if any
are found, set the newly introduced error
G_CONVERT_ERROR_EMBEDDED_NUL.
Also document the error set by g_{locale,filename}_{from,to}_utf8()
when the input string contains nul bytes.
https://bugzilla.gnome.org/show_bug.cgi?id=792516
In the strdup_len() path, no need to do what g_utf8_validate()
already does: locate the string-terminating nul byte.
Also in strdup_len(), make the out parameter bytes_read receive the length
of the valid (meaning also nul-free) part of the input string, as the
documentation on g_{locale,filename}_{from,to}_utf8() says it does.
https://bugzilla.gnome.org/show_bug.cgi?id=792516
This reverts the following commits (but keeps the other recent changes
to gmain.c):
• e4ee3079c Do not wake up main loop if change is from same thread
• 208702404 main: Create a helper function for "owner wakeup" optimization
• 0c0469b56 gmain: Signal wakeups if context has never been acquired as well
• 9ba95e25b gmain: only signal GWakeup right before or during a blocking poll
Some combination of them is causing problems with LibreOffice and/or
WebKit, and the safest thing to do at the moment is revert them all
until we work out what’s going on. The previous revert (4976e8109) was
not sufficient (it fixed WebKit, but re-broken LibreOffice).
By reverting, we gain some spurious wakeups, but avoid dropping
necessary wakeups, which is presumably what’s causing problems in the
other modules.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://bugzilla.gnome.org/show_bug.cgi?id=761102
It was documented at strange places: in g_sequence_search*() and
g_sequence_lookup*(), but how to insert and sort data is not done by
those functions.
So instead, add the information to the class description (since it
involves several functions), and add also the information in
g_sequence_insert_sorted() and g_sequence_insert_sorted_iter() as a kind
of warning when using those functions.
Note that before this commit, it was not explained *why* it is better to
call g_sequence_sort() after doing a lot of unsorted insertions. Now it
is documented as "more efficient" (I think it's the only reason that
makes sense, otherwise why was it documented?).
https://bugzilla.gnome.org/show_bug.cgi?id=792455
When debug output is enabled then certain messages will be logged to
stdout. stdout however is block buffered by default when it isn't going
to a TTY meaning that debug logging will not be flushed out properly
when it is being redirected. One example of this happening may be tests
that rely on parsing g_debug messages.
Adding an explicit fflush ensures all log messages will reach the output.
https://bugzilla.gnome.org/show_bug.cgi?id=792432
On i386, we were seeing that this calculation was producing an incorrect
result, probably because usec was being stored in an 80-bit register
before being written back into a 64-bit float in memory. If we mark the
variables as volatile, they are not stored in registers and we avoid
this bug.
gtk-doc doesn’t support them any more since it was ported to Markdown,
so they end up appearing in the generated documentation, which isn’t
great.
Mostly, they were used to split up things invisibly, which we can do in
other ways.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Reviewed-by: nobody
There is no requirement that groups is NULL terminated, so we should check
that the bounds are within the specified length before checking for a
NULL terminating value.
https://bugzilla.gnome.org/show_bug.cgi?id=792351
gpointer* cannot be aliased with arbitrary types. In order to fix
-Wstrict-aliasing=2 warnings with the g_clear_pointer() macro, we need
to cast through char*, which is allowed to alias with anything.
Even if we don’t make GLib strict-aliasing safe, it’s important to
ensure this macro is safe, since it could be used from projects which do
compile with -fstrict-aliasing.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://bugzilla.gnome.org/show_bug.cgi?id=791622
Fix various strict aliasing problems caused by casting between (struct
sockaddr *) and (struct sockaddr_storage *): the correct code here is to
keep the two in a union.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://bugzilla.gnome.org/show_bug.cgi?id=791622
When using g_key_file_get_locale_string() or get_locale_string_list(),
the GKeyFile must have been loaded with G_KEY_FILE_KEEP_TRANSLATIONS if
the lookup locale differs from the one which was current when the key
file was loaded.
Document that.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://bugzilla.gnome.org/show_bug.cgi?id=792324
Commit 281e3010 narrowed the race between GCancellable::cancelled and
GCancellableSource's finalize(), but did not prevent it: there was
nothing to stop cancellation from occurring after the refcount drops
to 0, but before g_source_unref_internal() bumps it back up to 1 to
run finalize().
GCancellable cannot be expected to detect that situation, because the
only way it has to detect last-unref is finalize(), but in that
situation finalize() hasn't happened yet.
Instead of detecting last-unref, relax the precondition a little
to make it detect finalization: priv is only poisoned (set to NULL)
after the finalize() function has been called, so we can assume that
GCancellable has already seen finalize() by then.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=791754
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884654
If we don't take the lock, then we don't have the necessary
"happens before" relationships to avoid this situation:
* source->priv->ready_time was equal to ready_time until recently
* another thread has set source->priv->ready_time to a different value
* that write hasn't become visible to this thread yet
* result: we should reset the ready_time, but we don't
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=791754
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884654
Properly define GLIB/GOBJECT_STATIC_COMPILATION when static build is enabled.
Use library() instead of shared_library() to allow selecting static builds.
https://bugzilla.gnome.org/show_bug.cgi?id=784995
The introspection scanner chokes fairly badly on the types we create,
and that got even worse when the autolist support landed. Now, every
time we declare a new GObject type we automatically get incomplete
aliases to container types that gobject-introspection and Vala do not
know how to handle.
Since the autoptr machinery is not really introspectable to begin with,
as it's a C utility extension that depends on the C compiler being used
to compile a C project that depends on GLib, we can mark the whole
section as non-introspectable using the __GI_SCANNER__ pre-processor
symbol.
https://bugzilla.gnome.org/show_bug.cgi?id=791342
WCOREDUMP is not a separate "mode" as suggested by the previous
code to interpret wait status: instead, it is an extra bit of
information if the "mode" is WIFSIGNALED.
(Modified by Philip Withnall to fix a nitpick missing space.)
https://bugzilla.gnome.org/show_bug.cgi?id=748534
This avoids losing information that might be useful for later debugging.
(Modified by Philip Withnall to add comments to child_status and
test_trap_last_status.)
https://bugzilla.gnome.org/show_bug.cgi?id=748534
When using python3 as interpreter, range only takes integer arguments or
it results in errors like:
File "/usr/bin/gtester-report", line 78, in html_indent_string
for i in range (0, (n + 1) / 2):
TypeError: 'float' object cannot be interpreted as an integer
https://bugzilla.gnome.org/show_bug.cgi?id=791296
Clarify that the return value may be floating, or may not be (depends
on whether the input @value was in normal form).
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://bugzilla.gnome.org/show_bug.cgi?id=741167
Divide first, *then* cast. Otherwise a very long "now", which is
64-bit, gets truncated into a 32-bit time_t, which can't hold the
value, and turns negative more often than not.
https://bugzilla.gnome.org/show_bug.cgi?id=791128
Rather than unreffing them _after_ finalising the GSource and freeing
its struct. This fixes the case where the GSourceCallbackFuncs data
contains a pointer to the GSource, and the unref() function operates on
that pointer, e.g. by calling g_source_destroy(). This happens when
using g_source_set_dummy_callback() on a GSource, as the generated
GClosure needs to destroy the GSource when it is invalidated, which
could happen (at latest) when the GSourceCallbackFuncs.unref() function
is called during finalisation of the GSource.
By moving the GSourceCallbackFuncs.unref() invocation higher up in
g_source_unref_internal(), it becomes re-entrancy-safe for GSource
methods.
https://bugzilla.gnome.org/show_bug.cgi?id=692034
This is happening since f591366eee341f2c40516821e8a5a0bc7a9bd288, that
changed the way tests were skipped to use g_test_skip() instead of just
ignoring them. They are now reported to the log with G_TEST_RUN_SKIPPED
as result.
https://bugzilla.gnome.org/show_bug.cgi?id=790934
If nl_langinfo() doesn’t support a particular item, it returns the empty
string. We should check for that and return NULL from
g_date_time_format() accordingly, otherwise the user could unwittingly
end up with a formatted date/time which is missing some or all of its
components.
This arose with %r in de_DE, which is unsupported by nl_langinfo()
because Germans almost never write time in 12-hour format.
Add a unit test.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://bugzilla.gnome.org/show_bug.cgi?id=790416
When doing a level traverse of a GNode with depth of -1, the depth was
implicitly being converted to an unsigned integer. This worked (making
the depth limit G_MAXUINT), but was a bit mystical.
Change g_node_depth_traverse_level() to explicitly take a signed depth
and handle it appropriately.
Coverity issue: #1159465https://bugzilla.gnome.org/show_bug.cgi?id=732003
