1. 03 Jan, 2019 1 commit
  2. 19 Dec, 2018 1 commit
  3. 17 Dec, 2018 1 commit
    • Mart Raudsepp's avatar
      gtimezone: Fallback to /etc/timezone on Gentoo · 062f185e
      Mart Raudsepp authored
      On non-systemd Gentoo systems the chosen timezone is expressed in
      /etc/timezone and /etc/localtime may be a copy of the timezone
      file instead of symlink. Add this path to the fallback test to
      not regress dates into UTC.
      062f185e
  4. 10 Dec, 2018 2 commits
  5. 27 Nov, 2018 2 commits
    • Peter Wu's avatar
      gspawn: Fix g_spawn deadlock in a multi-threaded program on Linux · 07bd8eb5
      Peter Wu authored
      opendir and closedir are not async-signal-safe, these may call malloc
      under the hood and cause a deadlock in a multi-threaded program.
      This only affected Linux when /proc is mounted, other systems use a
      slower path that iterates through all potential file descriptors.
      Fixes a long-standing problem (since GLib 2.14.2).
      
      Closes #945 and #1014
      07bd8eb5
    • Tomasz Miąsko's avatar
      gdate: Use longest matching month name in g_date_set_parse · 7fd130b3
      Tomasz Miąsko authored
      There are languages where a name of one month is a substring of another.
      Instead of stopping search on the first match use the month that
      constitutes the longest match.
      
      (Backport to glib-2-58: Fix minor merge conflict.)
      
      Fixes #1343.
      7fd130b3
  6. 06 Nov, 2018 15 commits
    • Marco Trevisan's avatar
      bookmarkfile: Don't move an item if the uri has not changed · 338614bf
      Marco Trevisan authored
      This was causing a crash, because we were first removing an item, freeing
      both the instance itself and the key, and then trying to reuse those.
      
      So, in this case, instead of reassigning an item, we can just return TRUE
      as we have already the item at the right place, while it's not needed to
      update the modified timestamp, since no modification happened in reality.
      
      Fixes #1588
      338614bf
    • Marco Trevisan's avatar
      bookmarkfile: test that moving to the same name works · a02e111c
      Marco Trevisan authored
      Verify that we can move a bookmark item to the same name, but actually this
      causes a crash right now.
      a02e111c
    • Philip Withnall's avatar
      tests: Rework markup parsing test to not stop on first failure · 0c3db317
      Philip Withnall authored
      Previously, the markup parsing test would load a given markup file and
      try to parse it several ways. It would return as soon as one of the
      attempts failed — meaning that bugs only seen with non-nul-terminated,
      or differently chunked, parse runs could never be caught.
      
      Rework the tests so that all markup files are tested all ways, and we
      assert that all ways of parsing them give the same result.
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
      0c3db317
    • Philip Withnall's avatar
      gmarkup: Fix validation of element names · 97674cce
      Philip Withnall authored
      Previously, the element name validation only happened if a start_element
      callback was specified on the context. Element name validation should be
      unconditional.
      
      This was causing test-5.gmarkup to fail when run against the improved
      tests in the following commit.
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
      97674cce
    • Philip Withnall's avatar
      gmarkup: Avoid reading off the end of a buffer when non-nul-terminated · 8cfe53f0
      Philip Withnall authored
      When extracting a UTF-8 character to put in an error message on parse
      failure, pass the remaining buffer length to utf8_str() to avoid it
      running off the end of the input buffer. It previously assumed that the
      buffer was nul-terminated, which was the case in all the tests until
      now.
      
      A following commit will add test coverage for this.
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
      8cfe53f0
    • Philip Withnall's avatar
      tests: Run GMarkup tests with and without nul-termination · 29c1b6e7
      Philip Withnall authored
      When using GMarkup to parse a string, the string can be provided with an
      explicit length specified, or with no length and a nul terminator
      instead. Run all the GMarkup tests both ways, to catch problems with
      length checks, or with nul terminator checks.
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
      29c1b6e7
    • Philip Withnall's avatar
      tests: Add another GMarkup test from oss-fuzz · f23ae18d
      Philip Withnall authored
      This doesn’t trigger any new failures, but is distinct from other tests
      we have, so would be good to retain.
      
      Related to commit cec71705.
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
      f23ae18d
    • Philip Withnall's avatar
      glib: Port various callers to use g_utf8_validate_len() · f998b28c
      Philip Withnall authored
      These were callers which explicitly specified the string length to
      g_utf8_validate(), when it couldn’t be negative, and hence should be
      able to unconditionally benefit from the increased string handling
      length.
      
      At least one call site would have previously silently changed behaviour
      if called with strings longer than G_MAXSSIZE in length.
      
      Another call site was passing strlen(string) to g_utf8_validate(), which
      seems pointless: just pass -1 instead, and let g_utf8_validate()
      calculate the string length. Its behaviour on embedded nul bytes
      wouldn’t change, as strlen() stops at the first one.
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
      f998b28c
    • Philip Withnall's avatar
      gutf8: Add a g_utf8_validate_len() function · 31747d10
      Philip Withnall authored
      This is a variant of g_utf8_validate() which requires the length to be
      specified, thereby allowing string lengths up to G_MAXSIZE rather than
      just G_MAXSSIZE.
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
      31747d10
    • Philip Withnall's avatar
    • Philip Withnall's avatar
      gvariant: Limit GVariant strings to G_MAXSSIZE · d8e1290b
      Philip Withnall authored
      When validating a string to see if it’s valid UTF-8, we pass a gsize to
      g_utf8_validate(), which only takes a gssize. For large gsize values,
      this will result in the gssize actually being negative, which will
      change g_utf8_validate()’s behaviour to stop at the first nul byte. That
      would allow subsequent nul bytes through the string validator, against
      its documented behaviour.
      
      Add a test case.
      
      oss-fuzz#10319
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
      d8e1290b
    • Philip Withnall's avatar
      gvariant: Check tuple offsets against serialised data length · 13af758c
      Philip Withnall authored
      As with the previous commit, when getting a child from a serialised
      tuple, check its offset against the length of the serialised data of the
      tuple (excluding the length of the offset table). The offset was already
      checked against the length of the entire serialised tuple (including the
      offset table) — but a child should not be able to start inside the
      offset table.
      
      A test is included.
      
      oss-fuzz#9803
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
      13af758c
    • Philip Withnall's avatar
      gvariant: Check array offsets against serialised data length · d5468b90
      Philip Withnall authored
      When getting a child from a serialised variable array, check its offset
      against the length of the serialised data of the array (excluding the
      length of the offset table). The offset was already checked against the
      length of the entire serialised array (including the offset table) — but a
      child should not be able to start inside the offset table.
      
      A test is included.
      
      oss-fuzz#9803
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
      d5468b90
    • Philip Withnall's avatar
      gvarianttype: Impose a recursion limit of 128 on variant types · e78f0a79
      Philip Withnall authored
      Previously, GVariant has allowed ‘arbitrary’ recursion on GVariantTypes,
      but this isn’t really feasible. We have to deal with GVariants from
      untrusted sources, and the nature of GVariantType means that another
      level of recursion (and hence, for example, another stack frame in your
      application) can be added with a single byte in a variant type signature
      in the input. This gives malicious input sources far too much leverage
      to cause deep stack recursion or massive memory allocations which can
      DoS an application.
      
      Limit recursion to 128 levels (which should be more than enough for
      anyone™), document it and add a test. This is, handily, also the limit
      of 64 applied by the D-Bus specification (§(Valid Signatures)), plus a
      bit to allow wrapping of D-Bus messages in additional layers of
      variants.
      
      oss-fuzz#9857
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
      e78f0a79
    • Philip Withnall's avatar
      gvariant: Fix checking arithmetic for tuple element ends · bfc0e49f
      Philip Withnall authored
      When checking whether a serialised GVariant tuple is in normal form,
      it’s possible for `offset_ptr -= offset_size` to underflow and wrap
      around, resulting in gvs_read_unaligned_le() reading memory outside the
      serialised GVariant bounds.
      
      See §(Tuples) in gvariant-serialiser.c for the documentation on how
      tuples are serialised. Briefly, all variable-length elements in the
      tuple have an offset to their end stored in an array of offsets at the
      end of the tuple. The width of each offset is in offset_size. offset_ptr
      is added to the start of the serialised tuple to get the offset which is
      currently being examined. The offset array is in reverse order compared
      to the tuple elements, hence the subtraction.
      
      The bug can be triggered if a tuple contains a load of variable-length
      elements, each of whose length is actually zero (i.e. empty arrays).
      
      Includes a unit test.
      
      oss-fuzz#9801
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
      bfc0e49f
  7. 01 Nov, 2018 2 commits
  8. 31 Oct, 2018 3 commits
  9. 30 Oct, 2018 1 commit
  10. 29 Oct, 2018 1 commit
  11. 23 Oct, 2018 2 commits
    • Colin Walters's avatar
      build-sys: Pass CFLAGS to $(DTRACE) · 452eb1df
      Colin Walters authored
      Fedora is using https://fedoraproject.org/wiki/Changes/Annobin
      to try to ensure that all objects are built with hardening flags.
      Pass down `CFLAGS` to ensure the SystemTap objects use them.
      452eb1df
    • Fabrice Fontaine's avatar
      grefcount: add missing gatomic.h · 57efb14f
      Fabrice Fontaine authored
      Without gatomic.h, build fails on:
      In file included from garcbox.c:24:0:
      garcbox.c: In function ‘g_atomic_rc_box_acquire’:
      grefcount.h:101:13: error: implicit declaration of function ‘g_atomic_int_get’; did you mean ‘__atomic_store’? [-Werror=implicit-function-declaration]
           (void) (g_atomic_int_get (rc) == G_MAXINT ? 0 : g_atomic_int_inc ((rc))); \
                   ^
      garcbox.c:292:3: note: in expansion of macro ‘g_atomic_ref_count_inc’
         g_atomic_ref_count_inc (&real_box->ref_count);
      Signed-off-by: Fabrice Fontaine's avatarFabrice Fontaine <fontaine.fabrice@gmail.com>
      57efb14f
  12. 19 Oct, 2018 1 commit
  13. 10 Oct, 2018 8 commits