Low-level core library that forms the basis for projects such as GTK+ and GNOME.
Go to file
Philip Withnall 96205fc7fe
gutf8: Drop ifunc code and always call strlen() when validating UTF-8
This fixes a heap buffer overflow read in `g_utf8_validate()` and
`g_str_is_ascii()`, at the cost of always calling `strlen()` on the
input string if its length isn’t known already.

The overflow read was not a security vulnerability, but getting valgrind
and asan to understand that, across all platforms and build
configurations, doesn’t seem to be possible with the resources available
to us. In particular, the `ifunc` approach doesn’t work on muslc, and
doesn’t work when statically linked.

The UTF-8 validation code should still be faster than the old approach
(GLib 2.82 and older), as `strlen()` is SIMD-accelerated in glibc, and
UTF-8 validation is SIMD accelerated in GLib. The combination of the two
should still be faster than the bytewise read loop we used to have.

Unfortunately, correctness and testability have to be prioritised over
absolute performance.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Fixes: #3493
Fixes: #3511
Fixes: #3526
2024-11-19 14:19:38 +00:00
.gitlab-ci Revert "CI: Rebuild a slightly newer version of ninja for debian-stable-i386" 2024-11-19 09:47:58 +00:00
.reuse reuse: License all .gitignore files as CC0-1.0 (public domain) 2024-04-17 15:32:42 +01:00
docs docs: Document 32-bit support policy 2024-10-18 13:59:23 +01:00
fuzzing fuzzing: Fix buffer overread error in the fuzz test itself 2024-10-22 13:18:59 +01:00
gio Merge branch 'uninstalled_variables' into 'main' 2024-11-19 12:01:06 +00:00
girepository gir: Ignore function-inline and method-inline elements 2024-10-03 18:35:38 +02:00
glib gutf8: Drop ifunc code and always call strlen() when validating UTF-8 2024-11-19 14:19:38 +00:00
gmodule build: Drop redundant install_tag arguments for headers 2024-09-11 22:04:39 -07:00
gobject Add missing (array zero-terminated=1) annotations 2024-11-06 22:26:06 +01:00
gthread docs: spelling and grammar fixes 2024-04-01 11:01:06 +00:00
LICENSES girepository: Add remaining license/copyright SPDX headers 2023-10-25 17:12:25 +01:00
m4macros m4macros: drop unused m4 files 2023-07-30 17:03:07 +04:00
po Merge branch 'main' into 'main' 2024-09-12 22:23:46 +00:00
subprojects subprojects: Update the wrap file for gi-docgen 2024-09-25 17:24:56 +01:00
tests tests: Run lint tests with detected bash 2024-08-27 11:40:18 -07:00
tools tools: Add missing license and SPDX header to update-unicode-data.sh 2024-10-21 19:31:35 +01:00
.clang-format CI: Code check formating in CI 2019-11-21 14:03:01 -06:00
.dir-locals.el Add .dir-locals.el to tell Emacs users not to use tabs for C 2012-07-30 04:09:08 -04:00
.editorconfig docs: Add .editorconfig file 2021-10-28 14:47:53 +01:00
.gitignore .gitignore: Add vs2019-arm64.txt 2024-10-18 14:59:20 +08:00
.gitlab-ci.yml Revert "CI: Rebuild a slightly newer version of ninja for debian-stable-i386" 2024-11-19 09:47:58 +00:00
.gitmodules build: Bump gvdb subproject dependency and disable tests 2024-09-12 21:15:42 +01:00
.lcovrc lcov: Fix use of deprecated lcov_branch_coverage option 2024-09-28 22:38:00 +01:00
CODE_OF_CONDUCT.md docs: Update Code of Conduct URI 2024-04-12 20:36:29 +01:00
CONTRIBUTING.md ci: Use meson compile rather than bare ninja 2023-08-16 13:07:05 +01:00
COPYING docs: Add all used licenses in a REUSE-compatible directory 2022-05-17 17:23:34 +01:00
glib.doap doap: Remove invalid maintainer entry 2024-08-12 11:46:22 +00:00
INSTALL.md docs: Document issue and merge request triaging and review guidelines 2023-06-29 16:50:00 +01:00
meson.build Enable GNetworkMonitorNetlink on FreeBSD 2024-10-29 21:18:36 +03:00
meson.options Add Meson option that allows selecting GFileMonitor's backend implementation 2024-09-18 12:01:27 +03:00
NEWS 2.83.0 2024-11-06 14:20:19 +00:00
README.md docs: Clarify link in README.md 2024-08-29 08:58:36 +01:00
SECURITY.md Expand security policy to cover previous stable branch 2023-10-03 09:12:37 +01:00

GLib

GLib is the low-level core library that forms the basis for projects such as GTK and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system.

The official download locations are: https://download.gnome.org/sources/glib

The official web site is: https://www.gtk.org/

Installation

See the file INSTALL.md. There is separate and more in-depth documentation for building GLib on Windows.

Supported versions

Upstream GLib only supports the most recent stable release series, the previous stable release series, and the current development release series. All older versions are not supported upstream and may contain bugs, some of which may be exploitable security vulnerabilities.

See SECURITY.md for more details.

Documentation

API documentation is available online for GLib for the:

Discussion

If you have a question about how to use GLib, seek help on GNOMEs Discourse instance. Alternatively, ask a question on StackOverflow and tag it glib.

Reporting bugs

Bugs should be reported to the GNOME issue tracking system. You will need to create an account for yourself. You may also submit bugs by e-mail (without an account) by e-mailing incoming+gnome-glib-658-issue-@gitlab.gnome.org, but this will give you a degraded experience.

Bugs are for reporting problems in GLib itself, not for asking questions about how to use it. To ask questions, use one of our discussion forums.

In bug reports please include:

  • Information about your system. For instance:
    • What operating system and version
    • For Linux, what version of the C library
    • And anything else you think is relevant.
  • How to reproduce the bug.
    • If you can reproduce it with one of the test programs that are built in the tests/ subdirectory, that will be most convenient. Otherwise, please include a short test program that exhibits the behavior. As a last resort, you can also provide a pointer to a larger piece of software that can be downloaded.
  • If the bug was a crash, the exact text that was printed out when the crash occurred.
  • Further information such as stack traces may be useful, but is not necessary.

Contributing to GLib

Please follow the contribution guide to know how to start contributing to GLib.

Patches should be submitted as merge requests to gitlab.gnome.org. Note that you will need to be logged in to the site to use this page. If the patch fixes an existing issue, please refer to the issue in your commit message with the following notation (for issue 123):

Closes: #123

Otherwise, create a new merge request that introduces the change. Filing a separate issue is not required.