Commit Graph

21903 Commits

Author SHA1 Message Date
Philip Withnall
f9d165add1 guri: Fix buffer overrun when decoding %-encoded URI components
There is a limited (1 or 2 byte) read off the end of the buffer if its
final or penultimate byte is `%` and it’s not nul-terminated after that.
If the buffer *is* nul-terminated then the first `g_ascii_isxdigit()`
call safely returns `FALSE` and the code moves on.

Fix it by adding an additional check, and some unit tests to catch the
behaviour.

This bug is present in libsoup, which `GUri` is based on, but not
exploitable due to how the external API only exposes nul-terminated
strings. See https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/126
for the fix there.

oss-fuzz#23815
oss-fuzz#23818

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-07-01 13:28:09 +01:00
Philip Withnall
67ba5bfe60 fuzzing: Test g_uri_unescape_segment() as well as g_uri_unescape_bytes()
They have different `%`-encoding behaviour, and probably both deserve to
be tested.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-07-01 13:28:09 +01:00
Philip Withnall
0b198104e5 tests: Test the length argument of g_uri_unescaped_bytes()
Modify the existing test function to run each test twice: once
nul-terminated and once with a length specified.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-07-01 13:28:09 +01:00
Philip Withnall
7656399cf9 tests: Rewrite another URI test to use an array of test strings
This introduces no functional changes, but will make it easier to add
more tests in future.

It splits the unescaping tests out so the different types of unescaping
(string, bytes, segment) are tested separately, since they have
different limitations.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-07-01 13:28:09 +01:00
Philip Withnall
836fee7a08 tests: Test the length argument of g_uri_parse_params()
Modify the existing test function to run each test twice: once
nul-terminated and once with a length specified.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-07-01 12:25:49 +01:00
Philip Withnall
67c9d34d71 guri: Allow params to be NULL if length is 0
Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-07-01 12:25:49 +01:00
Philip Withnall
ab33896bcc tests: Rewrite a URI test to use an array of test strings
This introduces no functional changes, but will make it easier to add
more tests in future.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-07-01 12:25:49 +01:00
Philip Withnall
f77c75a1bb Merge branch 'ossfuzz-fix-again' into 'master'
fuzzing: Another fix for g_uri_parse() test

See merge request GNOME/glib!1556
2020-06-30 10:35:53 +00:00
Philip Withnall
39f8aff8f5 fuzzing: Test URI parsing with and without the strict flag
This should test a few more code paths.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-06-30 11:10:51 +01:00
Philip Withnall
0bf12c8bfa fuzzing: Use nul-terminated array introduced in previous commit
This fixes commit b2a6a9a434. Doh.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-06-30 11:08:05 +01:00
Daniel Mustieles
f1a9599bcd Updated Spanish translation 2020-06-30 09:44:13 +02:00
Daniel Mustieles
3cb19804a0 Updated Spanish translation 2020-06-29 15:56:30 +02:00
Yuri Chornoivan
a910513873 Update Ukrainian translation 2020-06-29 13:06:49 +00:00
Sebastian Dröge
18b89c1486 Merge branch 'uri-parsing-fix' into 'master'
GUri build fixes

See merge request GNOME/glib!1554
2020-06-29 11:24:17 +00:00
Philip Withnall
b2a6a9a434 fuzzing: Ensure input to g_uri_parse() is nul-terminated
The fuzzer will produce arbitrary binary blobs, which might not be
nul-terminated. `g_uri_parse()` has no length argument, so relies on
receiving a nul-terminated string as input. Guarantee that.

This should fix fuzzing build failures like
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23750.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-06-29 11:52:40 +01:00
Piotr Drąg
1cf3ae6343 Update POTFILES.in 2020-06-29 11:48:41 +01:00
Philip Withnall
da948f7218 gmain: Fix use of atomic primitives with sig_atomic_t
It seems that `sig_atomic_t` is not the same width as `int` on FreeBSD,
which is causing CI failures:
```
 ../glib/gmain.c:5206:3: error: '_GStaticAssertCompileTimeAssertion_73' declared as an array with a negative size
  g_atomic_int_set (&any_unix_signal_pending, 0);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../glib/gatomic.h💯5: note: expanded from macro 'g_atomic_int_set'
    G_STATIC_ASSERT (sizeof *(atomic) == sizeof (gint));                     \
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

Fix that by only using `sig_atomic_t` if the code is *not* using atomic
primitives (i.e. in the fallback case). `sig_atomic_t` is only a typedef
around an integer type and is not magic. Its typedef is chosen by the
platform to be async-signal-safe (i.e. read or written in one instruction),
but not necessarily thread-safe.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-06-29 10:42:00 +01:00
Aurimas Černius
7cb5cd8d98 Updated Lithuanian translation 2020-06-28 22:26:44 +03:00
Yuri Chornoivan
adf6a57cf8 Update Ukrainian translation 2020-06-25 19:20:21 +00:00
Daniel Șerbănescu
8c9b7669ad Update Romanian translation 2020-06-25 13:10:17 +00:00
Philip Withnall
582ffcd6ea Merge branch 'cancellable-test-debugging' into 'master'
tests: Fix intermittent failure in GCancellableSource test

Closes #1764

See merge request GNOME/glib!1539
2020-06-25 13:02:18 +00:00
Philip Withnall
38be0214a8 Merge branch 'binding' into 'master'
Add g_tls_connection_get_channel_binding_data call and enums

See merge request GNOME/glib!1527
2020-06-25 12:40:34 +00:00
Ruslan Marchenko
44524b9daa Add g_(d)tls_connection_get_channel_binding_data calls and enums
* Add g_tls_connection_get_channel_binding_data API call
 * Add g_dtls_connection_get_channel_binding_data API call
 * Add get_binding_data method to GTlsConnection class
 * Add get_binding_data method to GDtlsConnection interface
 * Add GTlsChannelBindingType enum with tls-unique and
   tls-server-end-point types
 * Add GTlsChannelBindingError enum and G_TLS_CHANNEL_BINDING_ERROR
   quark
 * Add new API calls to documentation reference gio-sections-common
2020-06-25 12:40:34 +00:00
Philip Withnall
ee3216b31b tests: Iterate the GMainContext directly rather than using a GMainLoop
This speeds up the `cancellable` test a little by stopping waiting for
the threads to start up as soon as they have started, rather than after
an arbitrary timeout.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Helps: #1764
2020-06-25 13:12:51 +01:00
Philip Withnall
5e49d53cd5 tests: Use G_SOURCE_CONTINUE/G_SOURCE_REMOVE instead of booleans
This makes no functional difference, but clarifies the code a little.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-06-25 13:12:51 +01:00
Philip Withnall
a956b096af tests: Use atomics to access counter shared between threads
This should fix some sporadic test failures in this test, although I
can’t be sure as I was unable to reproduce the original failure.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Closes: #1764
2020-06-25 13:12:51 +01:00
Philip Withnall
5571aaa1c5 tests: Use g_test_message() rather than g_printerr() in cancellable test
This makes sure the message gets formatted correctly and sent to the
right log file.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-06-25 13:12:51 +01:00
Philip Withnall
5b12608157 tests: Fix intermittent failure in GCancellableSource test
It seems that allowing the GCancellable to be finalised in either the
main thread or the worker thread sometimes leads to crashes when running
on CI.

I cannot reproduce these crashes locally, and various analyses with
memcheck, drd and helgrind have failed to give any clues.

Fix this for this particular test case by deferring destruction of the
`GCancellable` instances until after the worker thread has joined.
That’s OK because this test is specifically checking a race between
`g_cancellable_cancel()` and disposal of a `GCancellableSource`.

The underlying bug remains unfixed, though, and I can only hope that we
eventually find a reliable way of reproducing it so it can be analysed
and fixed.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-06-25 13:12:51 +01:00
Philip Withnall
6801e06d83 Merge branch 'uri' into 'master'
guri: new URI parsing and generating functions

See merge request GNOME/glib!1328
2020-06-25 11:52:07 +00:00
Sebastian Dröge
9ddffa1803 Merge branch '2136-more-suppressions' into 'master'
glib.supp: Suppress calloc() variant of g_get_charset()

Closes #2136

See merge request GNOME/glib!1550
2020-06-25 10:30:52 +00:00
Philip Withnall
dd11160f7f fuzzing: Add fuzz tests for GUri parsing and escaping
Signed-off-by: Philip Withnall <withnall@endlessm.com>

Helps: #110
2020-06-25 13:57:35 +04:00
Dan Winship
d83d68d64c guri: new URI parsing and generating functions
Add a set of new URI parsing and generating functions, including a new
parsed-URI type GUri. Move all the code from gurifuncs.c into guri.c,
reimplementing some of those functions (and
g_string_append_uri_encoded()) in terms of the new code.

Fixes:
https://gitlab.gnome.org/GNOME/glib/issues/110

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-06-25 13:57:35 +04:00
Philip Withnall
0859a8904a Merge branch '1670-unix-signal-handling-safety' into 'master'
gmain: Access Unix signal handler state atomically

Closes #1670

See merge request GNOME/glib!1297
2020-06-25 09:30:58 +00:00
Philip Withnall
02f0d4fc6a glib.supp: Suppress calloc() variant of g_get_charset()
Signed-off-by: Philip Withnall <withnall@endlessm.com>

Fixes: #2136
2020-06-25 10:00:58 +01:00
Marc-André Lureau
167b950122 misc: code style
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-06-25 12:08:25 +04:00
Baurzhan Muftakhidinov
0dbdd22c57 Update Kazakh translation
(cherry picked from commit 8e7a483a73)
2020-06-25 07:40:42 +00:00
Sebastian Dröge
e48e1447e6 Merge branch '2140-spawn-async-signal-safety' into 'master'
Resolve "calling malloc in fork child is undefined-behaviour"

Closes #2140

See merge request GNOME/glib!1544
2020-06-24 10:07:19 +00:00
Philip Withnall
dd36248f9e gspawn: Don’t use malloc() when running a binary under /bin/sh
Allocate a working buffer before calling `fork()` to avoid calling
`malloc()` in the async-signal-safe context between `fork()` and
`exec()`, where it’s not safe to use.

In this case, the buffer is used to assemble a wrapper around `argv` so
it can be run under `/bin/sh`.

See `man 7 signal-safety`.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Fixes: #2140
2020-06-23 12:03:30 +01:00
Philip Withnall
cf5af28169 gspawn: Don’t use malloc() when searching for a binary
Allocate a working buffer before calling `fork()` to avoid calling
`malloc()` in the async-signal-safe context between `fork()` and
`exec()`, where it’s not safe to use.

In this case, the buffer is used to assemble elements from `PATH` with
the binary from `argv[0]` to try executing them.

See `man 7 signal-safety`.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Helps: #2140
2020-06-23 12:03:30 +01:00
Philip Withnall
62ce66d4e7 gspawn: Don’t use getenv() in async-signal-safe context
Query the environment before calling `fork()` so that it doesn’t have to
be called in the async-signal-safe context between `fork()` and
`exec()`.

See `man 7 signal-safety`.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Helps: #2140
2020-06-23 12:03:30 +01:00
Philip Withnall
84f188ae24 gspawn: Don’t use getrlimit() or sysconf() in async-signal-safe context
They’re not safe to call in an async-signal-safe context on Linux.
`sysconf()` is safe to call on FreeBSD and OpenBSD (at least), so
continue doing that.

This will reduce performance in the (already low performance) fallback
case where `/proc` is inaccessible to a forked process on Linux, while
spawning a subprocess.

See `man 7 signal-safety`.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Helps: #2140
2020-06-23 12:03:30 +01:00
Philip Withnall
1051bfe11e gspawn: Don’t use g_assert() in async-signal-safe context
Use the error handling infrastructure which already exists for other
failures in the async-signal-safe context.

`g_assert()` is unlikely to have caused problems in practice because it
is only async-signal-unsafe when the assertion condition fails.

See `man 7 signal-safety`.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Helps: #2140
2020-06-23 12:03:30 +01:00
Philip Withnall
33948929df gspawn: Don’t use g_ascii_isdigit() in async-signal-safe context
While `g_ascii_isdigit()` *is* currently async-signal-safe, it’s going
to be hard to remember to keep it that way if the implementation changes
in future.

It seems more robust to just reimplement it here, given that it’s not
much code.

See `man 7 signal-safety`.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Helps: #2140
2020-06-23 12:03:30 +01:00
Philip Withnall
6f46294227 gspawn: Don’t use g_close() in async-signal-safe context
Use normal `close()` instead, which is guaranteed to be
async-signal-safe.

See `man 7 signal-safety`.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Helps: #2140
2020-06-23 12:03:30 +01:00
Philip Withnall
0e05ef7750 gspawn: Audit for async-signal-safety
Functions called between `fork()` and `exec()` have to be
async-signal-safe.

Add a comment to each function which is called in that context, and
`FIXME` comments to the non-async-signal-safe functions which end up
being called as leaves of the call graph.

The following commits will fix those `FIXME`s.

See `man 7 signal-safety`.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Helps: #2140
2020-06-23 12:02:13 +01:00
Sebastian Dröge
50ce2792ff Merge branch 'sane-fixes' into 'master'
tree: Fix various ableist language

See merge request GNOME/glib!1546
2020-06-23 10:41:28 +00:00
Philip Withnall
d1ec0466dd Merge branch 'stringcopyrevert' into 'master'
gvalue: Do copy non-interned strings

Closes #2141

See merge request GNOME/glib!1545
2020-06-23 10:30:55 +00:00
Edward Hervey
e21ab81ce0 gvalue: Do copy non-interned strings
The G_VALUE_NOCOPY_CONTENTS for strings can only be used when collecting them
and not when copying them.

Instead only avoid copies for strings that are interned.

Fixes #2141
2020-06-23 10:30:55 +00:00
Philip Withnall
a63efa4291 tree: Fix various ableist language
In almost all cases, rewording the documentation/comments made things
more specific and a little clearer.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

See: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1544#note_846645
2020-06-23 10:49:44 +01:00
Matej Urbančič
aa46b2405f Updated Slovenian translation 2020-06-22 21:00:48 +02:00