bb40105fe9
g_get_user_database_entry() capitalises the first letter of pw_name with g_ascii_toupper (pw->pw_name[0]). However, the manpage for getpwnam() and getpwuid() says the result of those calls "may point to a static area". GLib is then trying to edit static memory which belongs to a shared library, so segfaults. The reentrant variants of the above calls are supposed to fill the user buffer supplied to them, however Michael Catanzaro also found a bug in systemd where the data is not copied to the user buffer and still points to static memory, resulting in the same sort of segfault. See: https://github.com/systemd/systemd/issues/20679 Solve both these cases in GLib by copying pw_name off to a temporary variable, set uppercase on that variable, and use the variable to join into the desired string. Free the variable after it is no longer needed. Signed-off-by: Jamie Bainbridge <jamie.bainbridge@gmail.com>
GLib
GLib is the low-level core library that forms the basis for projects such as GTK and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system.
The official download locations are: https://download.gnome.org/sources/glib
The official web site is: https://www.gtk.org/
Installation
See the file 'INSTALL.in'
Supported versions
Only the most recent unstable and stable release series are supported. All older versions are not supported upstream and may contain bugs, some of which may be exploitable security vulnerabilities.
See SECURITY.md for more details.
How to report bugs
Bugs should be reported to the GNOME issue tracking system. (https://gitlab.gnome.org/GNOME/glib/issues/new). You will need to create an account for yourself.
In the bug report please include:
- Information about your system. For instance:
- What operating system and version
- For Linux, what version of the C library
- And anything else you think is relevant.
- How to reproduce the bug.
- If you can reproduce it with one of the test programs that are built in the tests/ subdirectory, that will be most convenient. Otherwise, please include a short test program that exhibits the behavior. As a last resort, you can also provide a pointer to a larger piece of software that can be downloaded.
- If the bug was a crash, the exact text that was printed out when the crash occurred.
- Further information such as stack traces may be useful, but is not necessary.
Patches
Patches should also be submitted as merge requests to gitlab.gnome.org. If the patch fixes an existing issue, please refer to the issue in your commit message with the following notation (for issue 123): Closes: #123
Otherwise, create a new merge request that introduces the change, filing a separate issue is not required.
Default branch renamed to main
The default development branch of GLib has been renamed to main. To update
your local checkout, use:
git checkout master
git branch -m master main
git fetch
git branch --unset-upstream
git branch -u origin/main
git symbolic-ref refs/remotes/origin/HEAD refs/remotes/origin/main