1. 19 Mar, 2021 1 commit
    • Philip Withnall's avatar
      glib: Use g_memdup2() instead of g_memdup() in obvious places · 0ace82d7
      Philip Withnall authored
      
      
      Convert all the call sites which use `g_memdup()`’s length argument
      trivially (for example, by passing a `sizeof()` or an existing `gsize`
      variable), so that they use `g_memdup2()` instead.
      
      In almost all of these cases the use of `g_memdup()` would not have
      caused problems, but it will soon be deprecated, so best port away from
      it
      
      In particular, this fixes an overflow within `g_bytes_new()`, identified
      as GHSL-2021-045 (aka CVE-2021-27219) by GHSL team member Kevin Backhouse.
      
      Adapted for GLib 2.58 by Simon McVittie.
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <pwithnall@endlessos.org>
      Fixes: CVE-2021-27219
      Fixes: GHSL-2021-045
      Helps: #2319
      (cherry picked from commit 0736b7c1
      
      )
      [Backport to 2.58: Omit changes to ghash.c, will be a separate commit]
      [Backport to 2.58: Omit changes to giochannel.c, not needed in this branch]
      [Backport to 2.58: Omit changes to uri test, not needed in this branch]
      Signed-off-by: Simon McVittie's avatarSimon McVittie <smcv@collabora.com>
      0ace82d7
  2. 18 Mar, 2021 1 commit
    • Philip Withnall's avatar
      gstrfuncs: Add internal g_memdup2() function · 24b94469
      Philip Withnall authored
      
      
      This will replace the existing `g_memdup()` function for use within
      GLib. It has an unavoidable security flaw of taking its `byte_size`
      argument as a `guint` rather than as a `gsize`. Most callers will
      expect it to be a `gsize`, and may pass in large values which could
      silently be truncated, resulting in an undersize allocation compared
      to what the caller expects.
      
      This could lead to a classic buffer overflow vulnerability for many
      callers of `g_memdup()`.
      
      `g_memdup2()`, in comparison, takes its `byte_size` as a `gsize`.
      
      Spotted by Kevin Backhouse of GHSL.
      
      In GLib 2.68, `g_memdup2()` will be a new public API. In this version
      for backport to older stable releases, it’s a new `static inline` API
      in a private header, so that use of `g_memdup()` within GLib can be
      fixed without adding a new API in a stable release series.
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <pwithnall@endlessos.org>
      Helps: CVE-2021-27219
      Helps: GHSL-2021-045
      Helps: #2319
      (cherry picked from commit...
      24b94469
  3. 08 Oct, 2019 1 commit
  4. 21 Jul, 2019 1 commit
  5. 09 Feb, 2019 1 commit
  6. 29 Jan, 2019 1 commit
  7. 28 Jan, 2019 2 commits
  8. 21 Jan, 2019 1 commit
  9. 18 Jan, 2019 1 commit
  10. 17 Jan, 2019 2 commits
  11. 15 Jan, 2019 2 commits
  12. 12 Jan, 2019 1 commit
  13. 09 Jan, 2019 1 commit
    • Ondrej Holy's avatar
      gunixmounts: Fix segfaults caused by new filter of mounts · e695ca9f
      Ondrej Holy authored
      Commit ed88b23f added libmount-based implementation to filter out mounts
      with repeated device path. Unfortunately, this introduced a new bug, which
      may cause segfaults from in certain configurations.
      
      The problem is that `mnt_table_uniq_fs ()` is called from the loop which
      already operates with the `fs` structs from that table. It may happen that
      the current `fs` is removed from the table, which may consequently lead to
      segfaults.
      
      Closes: #1645
      e695ca9f
  14. 04 Jan, 2019 2 commits
  15. 03 Jan, 2019 1 commit
  16. 21 Dec, 2018 1 commit
    • Kouhei Sutou's avatar
      Suppress -Wint-in-bool-context warning with G_DEFINE_INTERFACE and g++ · 32bdd718
      Kouhei Sutou authored
      Note that it's not reported with gcc. It's only reported with g++.
      
      C++ code to reproduce this warning:
      
          #include <glib-object.h>
      
          G_BEGIN_DECLS
      
          #define GARROW_TYPE_FILE (garrow_file_get_type())
          G_DECLARE_INTERFACE(GArrowFile,
                              garrow_file,
                              GARROW,
                              FILE,
                              GObject)
      
          struct _GArrowFileInterface {
            GTypeInterface g_iface;
          };
      
          G_DEFINE_INTERFACE(GArrowFile,
                             garrow_file,
                             G_TYPE_OBJECT)
      
          static void
          garrow_file_default_init(GArrowFileInterface *iface)
          {
          }
      
          G_END_DECLS
      
      Build command line:
      
          % g++ -Wall -shared -o liba.so a.cpp $(pkg-config --cflags --libs gobject-2.0)
      
      Message:
      
          In file included from /tmp/local.glib/include/glib-2.0/gobject/gobject.h:24,
                           from /tmp/local.glib/include/glib-2.0/gobject/gbinding.h:29,
                           from /tmp/local.glib/include/glib-2.0/glib-object.h:23,
                           from a.cpp:1:
          a.cpp: In function 'GType garrow_file_get_type()':
          /tmp/local.glib/include/glib-2.0/gobject/gtype.h:219:50: warning: '<<' in boolean context, did you mean '<' ? [-Wint-in-bool-context]
           #define G_TYPE_MAKE_FUNDAMENTAL(x) ((GType) ((x) << G_TYPE_FUNDAMENTAL_SHIFT))
                                                       ~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~
          /tmp/local.glib/include/glib-2.0/gobject/gtype.h:2026:11: note: in definition of macro '_G_DEFINE_INTERFACE_EXTENDED_BEGIN'
                 if (TYPE_PREREQ) \
                     ^~~~~~~~~~~
          /tmp/local.glib/include/glib-2.0/gobject/gtype.h:1758:47: note: in expansion of macro 'G_DEFINE_INTERFACE_WITH_CODE'
           #define G_DEFINE_INTERFACE(TN, t_n, T_P)      G_DEFINE_INTERFACE_WITH_CODE(TN, t_n, T_P, ;)
                                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
          a.cpp:16:1: note: in expansion of macro 'G_DEFINE_INTERFACE'
           G_DEFINE_INTERFACE(GArrowFile,
           ^~~~~~~~~~~~~~~~~~
          /tmp/local.glib/include/glib-2.0/gobject/gtype.h:178:25: note: in expansion of macro 'G_TYPE_MAKE_FUNDAMENTAL'
           #define G_TYPE_OBJECT   G_TYPE_MAKE_FUNDAMENTAL (20)
                                   ^~~~~~~~~~~~~~~~~~~~~~~
          a.cpp:18:20: note: in expansion of macro 'G_TYPE_OBJECT'
                              G_TYPE_OBJECT)
                              ^~~~~~~~~~~~~
      32bdd718
  17. 19 Dec, 2018 2 commits
  18. 18 Dec, 2018 4 commits
  19. 17 Dec, 2018 7 commits
  20. 11 Dec, 2018 4 commits
    • Will Thompson's avatar
      gdbus-codegen: test --interface-info-{header,body} · 0569daeb
      Will Thompson authored
      This test is rudimentary but better than nothing.
      
      (Backport to glib-2-58: Fix minor merge conflict.)
      0569daeb
    • Will Thompson's avatar
      gdbus-codegen: sort input files · fe7b608f
      Will Thompson authored
      This means the output (including lists of filenames) does not depend on
      the order of the input files, which may matter if this tool is invoked
      with a glob or some other mechanism that doesn't guarantee an order.
      fe7b608f
    • Will Thompson's avatar
      gdbus-codegen: don't sort args in --interface-info-body · 4c4acb6f
      Will Thompson authored
      Previously, method and signal arguments were sorted by name, which
      (assuming you don't happen to give your arguments
      lexicographically-ordered names) means the generated signatures were
      incorrect when there is more than 1 argument.
      
      While sorting the methods and signals themselves (and properties, and
      annotations on all these) is fine, it's easiest to not sort anything.
      4c4acb6f
    • Will Thompson's avatar
      gdbus-codegen: make --interface-info-{header,body} not crash · 06e1d72f
      Will Thompson authored
      Since 1217b1bc, LICENSE_STR has taken two
      parameters, not one. Without this change, running either mode fails
      with a traceback like:
      
          Traceback (most recent call last):
            File "../gdbus-codegen", line 55, in <module>
              sys.exit(codegen_main.codegen_main())
            File ".../codegen_main.py", line 294, in codegen_main
              gen.generate()
            File ".../codegen.py", line 896, in generate
              self.generate_body_preamble()
            File ".../codegen.py", line 682, in generate_body_preamble
              self.outfile.write(LICENSE_STR.format(config.VERSION))
          IndexError: tuple index out of range
      
      8916874e, which introduced these flags,
      was actually merged after that commit, but I assume it was written
      beforehand.
      06e1d72f
  21. 10 Dec, 2018 2 commits
  22. 07 Dec, 2018 1 commit