1. 04 Feb, 2021 1 commit
    • Philip Withnall's avatar
      glib: Use g_memdup2() instead of g_memdup() in obvious places · 0736b7c1
      Philip Withnall authored
      
      
      Convert all the call sites which use `g_memdup()`’s length argument
      trivially (for example, by passing a `sizeof()` or an existing `gsize`
      variable), so that they use `g_memdup2()` instead.
      
      In almost all of these cases the use of `g_memdup()` would not have
      caused problems, but it will soon be deprecated, so best port away from
      it
      
      In particular, this fixes an overflow within `g_bytes_new()`, identified
      as GHSL-2021-045 by GHSL team member Kevin Backhouse.
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <pwithnall@endlessos.org>
      Fixes: GHSL-2021-045
      Helps: #2319
      0736b7c1
  2. 23 Jun, 2020 1 commit
  3. 08 Mar, 2019 1 commit
  4. 23 Oct, 2018 1 commit
    • Philip Withnall's avatar
      gvarianttype: Impose a recursion limit of 128 on variant types · 7c4e6e9f
      Philip Withnall authored
      
      
      Previously, GVariant has allowed ‘arbitrary’ recursion on GVariantTypes,
      but this isn’t really feasible. We have to deal with GVariants from
      untrusted sources, and the nature of GVariantType means that another
      level of recursion (and hence, for example, another stack frame in your
      application) can be added with a single byte in a variant type signature
      in the input. This gives malicious input sources far too much leverage
      to cause deep stack recursion or massive memory allocations which can
      DoS an application.
      
      Limit recursion to 128 levels (which should be more than enough for
      anyone™), document it and add a test. This is, handily, also the limit
      of 64 applied by the D-Bus specification (§(Valid Signatures)), plus a
      bit to allow wrapping of D-Bus messages in additional layers of
      variants.
      
      oss-fuzz#9857
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
      7c4e6e9f
  5. 11 Jul, 2018 1 commit
  6. 24 May, 2017 1 commit
    • Sébastien Wilmet's avatar
      glib/: LGPLv2+ -> LGPLv2.1+ · f9faac76
      Sébastien Wilmet authored
      All glib/*.{c,h} files have been processed, as well as gtester-report.
      
      12 of those files are not licensed under LGPL:
      
      	gbsearcharray.h
      	gconstructor.h
      	glibintl.h
      	gmirroringtable.h
      	gscripttable.h
      	gtranslit-data.h
      	gunibreak.h
      	gunichartables.h
      	gunicomp.h
      	gunidecomp.h
      	valgrind.h
      	win_iconv.c
      
      Some of them are generated files, some are licensed under a BSD-style
      license and win_iconv.c is in the public domain.
      
      Sub-directories inside glib/:
      
      	deprecated/: processed in a previous commit
      	glib-mirroring-tab/: already LGPLv2.1+
      	gnulib/: not modified, the code is copied from gnulib
      	libcharset/: a copy
      	pcre/: a copy
      	tests/: processed in a previous commit
      
      https://bugzilla.gnome.org/show_bug.cgi?id=776504
      f9faac76
  7. 27 Apr, 2017 1 commit
    • Krzesimir Nowak's avatar
      gvariant: Fix some typos in documentation · 75cd848e
      Krzesimir Nowak authored
      Reformatted the docs for G_VARIANT_TYPE_UINT64 to avoid having a
      number in the beginning of the line, because apparently gtk-doc treats
      that as a first element of the numbered list. The number being that
      big probably makes gtk-doc to treat it as 1.
      
      Fixed the g_variant_new_fixed_array documentation - it was partially
      copy-pasted from the g_variant_get_fixed_array documentation.
      
      The rest should be quite obvious.
      
      https://bugzilla.gnome.org/show_bug.cgi?id=781830
      75cd848e
  8. 22 Nov, 2016 1 commit
  9. 08 Feb, 2014 1 commit
  10. 06 Feb, 2014 1 commit
  11. 02 Feb, 2014 1 commit
  12. 01 Feb, 2014 1 commit
  13. 31 Jan, 2014 1 commit
  14. 27 Aug, 2012 1 commit
  15. 16 Jul, 2012 1 commit
  16. 31 Mar, 2012 1 commit
  17. 21 Nov, 2011 1 commit
  18. 06 Aug, 2011 1 commit
  19. 27 May, 2011 1 commit
  20. 04 Apr, 2011 1 commit
  21. 24 Mar, 2011 1 commit
  22. 04 Mar, 2011 1 commit
  23. 01 Feb, 2011 1 commit
  24. 07 Jul, 2010 1 commit
  25. 22 Feb, 2010 1 commit
  26. 07 Feb, 2010 1 commit
  27. 30 Jan, 2010 2 commits
  28. 26 Jan, 2010 2 commits
  29. 25 Jan, 2010 1 commit