XDG_CONFIG_DIR and HOME can be overridden with test environments. Read
these variables before building them again.
It's not possible to call the getter functions directly because the
caller of load_user_special_dirs already holds a lock and locking again
is undefined behavior and could lead to deadlocks.
Separate the functionality out into unlocked functions which definitely
have to be static to not expose them. Use them while holding the lock.
Allow more than G_MAXUINT replacements in g_string_replace. Even
though the return value type is guint, do as many replacements
as requested if limit is 0 and return G_MAXUINT if even more
operations were performed to satisfy current ABI/API.
With input by Philip Withnall.
If the input string is too large on a 32 bit system, it is possible
to trigger an integer overflow which subsequently leads to an out of
boundary write.
The gintptr data type is already used in iterator. Keep versions in sync
to avoid issues when one of them overflows while the other did not
(yet). Since integer overflows could eventually happen anyway, make
version unsigned.
The size attribute is actually a "capacity" instead of a size in a more
classical sense: It doesn't represent the byte size but the amount of
elements within the hash table.
This is always a power of two, capped at 32 bit. This limit is required
to satisfy the support of converting a GHash into a GArray, which is
capped at G_MAXUINT elements.
Treat the size as capacity and bring it to the same data type as nnodes
and other element counters for better performance.
While at it, turn all variables taking the value of size into a guint
as well.
Closes: #672
Having unsigned values guarantees that g_hash_table_find_closest_shift
will never loop endlessly. Also make sure that it's impossible to
evade the sanity check of size in g_hash_table_set_shift. Since the
value will be an index, do not allow negative values.
Helps: #672
If nnodes value is very large, multiplying by 4 could overflow its guint
data type. Instead, first check that size is not 0, subtract by one, divide
by 4 and then check if that value is larger or equal to nnodes.
Flipping these checks has a nice advantage for small hash tables.
Helps: #672
Using the builtin multiplication checks leads to less instructions used
for these common functions (true for clang as well as gcc on x86_64).
Also, from a C perspective, the result is re-used, making code audits
easier.
With these adjustments, building with clang leads to no warnings:
- The "{ NULL }" statement could be replaced with "{ 0 }" to satisfy
clang, but this way it's explicitly filling all fields
- Even though "i" is not read with these g_array_binary_search calls,
it rightfully should be set
He’s been listed in `docs/CODEOWNERS` as one of the co-maintainers for a
long time, and it seems like an administrative oversight that the right
record was never added to `glib.doap` to give the GitLab maintainer
rights bit.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
