1. 06 Nov, 2018 1 commit
  2. 23 Oct, 2018 1 commit
    • Philip Withnall's avatar
      gvarianttype: Impose a recursion limit of 128 on variant types · 7c4e6e9f
      Philip Withnall authored
      Previously, GVariant has allowed ‘arbitrary’ recursion on GVariantTypes,
      but this isn’t really feasible. We have to deal with GVariants from
      untrusted sources, and the nature of GVariantType means that another
      level of recursion (and hence, for example, another stack frame in your
      application) can be added with a single byte in a variant type signature
      in the input. This gives malicious input sources far too much leverage
      to cause deep stack recursion or massive memory allocations which can
      DoS an application.
      
      Limit recursion to 128 levels (which should be more than enough for
      anyone), document it and add a test. This is, handily, also the limit
      of 64 applied by the D-Bus specification (§(Valid Signatures)), plus a
      bit to allow wrapping of D-Bus messages in additional layers of
      variants.
      
      oss-fuzz#9857
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
      7c4e6e9f
  3. 24 May, 2017 1 commit
    • Sébastien Wilmet's avatar
      glib/: LGPLv2+ -> LGPLv2.1+ · f9faac76
      Sébastien Wilmet authored
      All glib/*.{c,h} files have been processed, as well as gtester-report.
      
      12 of those files are not licensed under LGPL:
      
      	gbsearcharray.h
      	gconstructor.h
      	glibintl.h
      	gmirroringtable.h
      	gscripttable.h
      	gtranslit-data.h
      	gunibreak.h
      	gunichartables.h
      	gunicomp.h
      	gunidecomp.h
      	valgrind.h
      	win_iconv.c
      
      Some of them are generated files, some are licensed under a BSD-style
      license and win_iconv.c is in the public domain.
      
      Sub-directories inside glib/:
      
      	deprecated/: processed in a previous commit
      	glib-mirroring-tab/: already LGPLv2.1+
      	gnulib/: not modified, the code is copied from gnulib
      	libcharset/: a copy
      	pcre/: a copy
      	tests/: processed in a previous commit
      
      https://bugzilla.gnome.org/show_bug.cgi?id=776504
      f9faac76
  4. 31 Jan, 2014 1 commit
  5. 13 Jan, 2013 1 commit
  6. 08 Mar, 2010 1 commit
    • Allison Karlitskaya's avatar
      GVariant variable arguments, tests, cleanups · 75f761bc
      Allison Karlitskaya authored
      Merge GVariant variable arguments support and put it under tests.
      
      Also, remove the hack of the test case directly '#include'ing .c files
      from glib/.  Instead, create a non-installed gvariant-internal.h that
      the tests can include and make the symbols in it visible on the symbol
      table of the shared library.  These symbols (as they are present in no
      installed header files) are not part of the API of GLib.
      
      Increase test coverage in a few other areas.
      75f761bc
  7. 06 Feb, 2010 1 commit