1. 21 Mar, 2021 2 commits
  2. 19 Mar, 2021 13 commits
  3. 18 Mar, 2021 1 commit
    • Philip Withnall's avatar
      gstrfuncs: Add internal g_memdup2() function · 24b94469
      Philip Withnall authored
      
      
      This will replace the existing `g_memdup()` function for use within
      GLib. It has an unavoidable security flaw of taking its `byte_size`
      argument as a `guint` rather than as a `gsize`. Most callers will
      expect it to be a `gsize`, and may pass in large values which could
      silently be truncated, resulting in an undersize allocation compared
      to what the caller expects.
      
      This could lead to a classic buffer overflow vulnerability for many
      callers of `g_memdup()`.
      
      `g_memdup2()`, in comparison, takes its `byte_size` as a `gsize`.
      
      Spotted by Kevin Backhouse of GHSL.
      
      In GLib 2.68, `g_memdup2()` will be a new public API. In this version
      for backport to older stable releases, it’s a new `static inline` API
      in a private header, so that use of `g_memdup()` within GLib can be
      fixed without adding a new API in a stable release series.
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <pwithnall@endlessos.org>
      Helps: CVE-2021-27219
      Helps: GHSL-2021-045
      Helps: #2319
      (cherry picked from commit 5e5f75a7)
      24b94469
  4. 08 Oct, 2019 1 commit
  5. 21 Jul, 2019 1 commit
  6. 09 Feb, 2019 1 commit
  7. 29 Jan, 2019 1 commit
  8. 28 Jan, 2019 2 commits
  9. 21 Jan, 2019 1 commit
  10. 18 Jan, 2019 1 commit
  11. 17 Jan, 2019 2 commits
  12. 15 Jan, 2019 2 commits
  13. 12 Jan, 2019 1 commit
  14. 09 Jan, 2019 1 commit
    • Ondrej Holy's avatar
      gunixmounts: Fix segfaults caused by new filter of mounts · e695ca9f
      Ondrej Holy authored
      Commit ed88b23f added libmount-based implementation to filter out mounts
      with repeated device path. Unfortunately, this introduced a new bug, which
      may cause segfaults from in certain configurations.
      
      The problem is that `mnt_table_uniq_fs ()` is called from the loop which
      already operates with the `fs` structs from that table. It may happen that
      the current `fs` is removed from the table, which may consequently lead to
      segfaults.
      
      Closes: #1645
      e695ca9f
  15. 04 Jan, 2019 2 commits
  16. 03 Jan, 2019 1 commit
  17. 21 Dec, 2018 1 commit
    • Kouhei Sutou's avatar
      Suppress -Wint-in-bool-context warning with G_DEFINE_INTERFACE and g++ · 32bdd718
      Kouhei Sutou authored
      Note that it's not reported with gcc. It's only reported with g++.
      
      C++ code to reproduce this warning:
      
          #include <glib-object.h>
      
          G_BEGIN_DECLS
      
          #define GARROW_TYPE_FILE (garrow_file_get_type())
          G_DECLARE_INTERFACE(GArrowFile,
                              garrow_file,
                              GARROW,
                              FILE,
                              GObject)
      
          struct _GArrowFileInterface {
            GTypeInterface g_iface;
          };
      
          G_DEFINE_INTERFACE(GArrowFile,
                             garrow_file,
                             G_TYPE_OBJECT)
      
          static void
          garrow_file_default_init(GArrowFileInterface *iface)
          {
          }
      
          G_END_DECLS
      
      Build command line:
      
          % g++ -Wall -shared -o liba.so a.cpp $(pkg-config --cflags --libs gobject-2.0)
      
      Message:
      
          In file included from /tmp/local.glib/include/glib-2.0/gobject/gobject.h:24,
                           from /tmp/local.glib/include/glib-2.0/gobject/gbinding.h:29,
                           from /tmp/local.glib/include/glib-2.0/glib-object.h:23,
                           from a.cpp:1:
          a.cpp: In function 'GType garrow_file_get_type()':
          /tmp/local.glib/include/glib-2.0/gobject/gtype.h:219:50: warning: '<<' in boolean context, did you mean '<' ? [-Wint-in-bool-context]
           #define G_TYPE_MAKE_FUNDAMENTAL(x) ((GType) ((x) << G_TYPE_FUNDAMENTAL_SHIFT))
                                                       ~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~
          /tmp/local.glib/include/glib-2.0/gobject/gtype.h:2026:11: note: in definition of macro '_G_DEFINE_INTERFACE_EXTENDED_BEGIN'
                 if (TYPE_PREREQ) \
                     ^~~~~~~~~~~
          /tmp/local.glib/include/glib-2.0/gobject/gtype.h:1758:47: note: in expansion of macro 'G_DEFINE_INTERFACE_WITH_CODE'
           #define G_DEFINE_INTERFACE(TN, t_n, T_P)      G_DEFINE_INTERFACE_WITH_CODE(TN, t_n, T_P, ;)
                                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
          a.cpp:16:1: note: in expansion of macro 'G_DEFINE_INTERFACE'
           G_DEFINE_INTERFACE(GArrowFile,
           ^~~~~~~~~~~~~~~~~~
          /tmp/local.glib/include/glib-2.0/gobject/gtype.h:178:25: note: in expansion of macro 'G_TYPE_MAKE_FUNDAMENTAL'
           #define G_TYPE_OBJECT   G_TYPE_MAKE_FUNDAMENTAL (20)
                                   ^~~~~~~~~~~~~~~~~~~~~~~
          a.cpp:18:20: note: in expansion of macro 'G_TYPE_OBJECT'
                              G_TYPE_OBJECT)
                              ^~~~~~~~~~~~~
      32bdd718
  18. 19 Dec, 2018 2 commits
  19. 18 Dec, 2018 4 commits