packages/glib2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!45 Upgrade to 2.66.8

Browse Source 
From: @kerongw
Reviewed-by: @yanan-rock
Signed-off-by: @yanan-rock
This commit is contained in:
openeuler-ci-bot 2021-06-09 09:38:16 +08:00 committed by Gitee
commit 4d676111bb
33 changed files with 245 additions and 2300 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
backport-0001-CVE-2021-28153.patch
View File

@ -1,28 +0,0 @@
From 78420a75aeb70569a8cd79fa0fea7b786b6f785f Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 24 Feb 2021 17:33:38 +0000
Subject: [PATCH 1/5] glocalfileoutputstream: Fix a typo in a comment
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885
---
gio/glocalfileoutputstream.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
index f34c3e439..e3d31d6b3 100644
--- a/gio/glocalfileoutputstream.c
+++ b/gio/glocalfileoutputstream.c
@@ -854,7 +854,7 @@ handle_overwrite_open (const char *filename,
mode = mode_from_flags_or_info (flags, reference_info);
/* We only need read access to the original file if we are creating a backup.
- * We also add O_CREATE to avoid a race if the file was just removed */
+ * We also add O_CREAT to avoid a race if the file was just removed */
if (create_backup || readable)
open_flags = O_RDWR | O_CREAT | O_BINARY;
else
--
GitLab

43
backport-0002-CVE-2021-28153.patch
View File

@ -1,43 +0,0 @@
From 32d3d02a50e7dcec5f4cf7908e7ac88d575d8fc5 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 24 Feb 2021 17:34:32 +0000
Subject: [PATCH 2/5] tests: Stop using g_test_bug_base() in file tests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Since a following commit is going to add a new test which references
Gitlab, so it鈥檚 best to move the URI bases inside the test cases.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885
---
gio/tests/file.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/gio/tests/file.c b/gio/tests/file.c
index d8769656c..39d51dadb 100644
--- a/gio/tests/file.c
+++ b/gio/tests/file.c
@@ -686,7 +686,7 @@ test_replace_cancel (void)
guint count;
GError *error = NULL;
- g_test_bug ("629301");
+ g_test_bug ("https://bugzilla.gnome.org/629301");
path = g_dir_make_tmp ("g_file_replace_cancel_XXXXXX", &error);
g_assert_no_error (error);
@@ -1785,8 +1785,6 @@ main (int argc, char *argv[])
{
g_test_init (&argc, &argv, NULL);
- g_test_bug_base ("http://bugzilla.gnome.org/");
-
g_test_add_func ("/file/basic", test_basic);
g_test_add_func ("/file/build-filename", test_build_filename);
g_test_add_func ("/file/parent", test_parent);
--
GitLab

59
backport-0003-CVE-2021-28153.patch
View File

@ -1,59 +0,0 @@
From ce0eb088a68171eed3ac217cb92a72e36eb57d1b Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 10 Mar 2021 16:05:55 +0000
Subject: [PATCH 3/5] glocalfileoutputstream: Factor out a flag check
This clarifies the code a little. It introduces no functional changes.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885
---
gio/glocalfileoutputstream.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
index beb8fee..8b087f7 100644
--- a/gio/glocalfileoutputstream.c
+++ b/gio/glocalfileoutputstream.c
@@ -847,6 +847,7 @@ handle_overwrite_open (const char *filename,
int res;
int mode;
int errsv;
+ gboolean replace_destination_set = (flags & G_FILE_CREATE_REPLACE_DESTINATION);
mode = mode_from_flags_or_info (flags, reference_info);
@@ -953,8 +954,8 @@ handle_overwrite_open (const char *filename,
* The second strategy consist simply in copying the old file
* to a backup file and rewrite the contents of the file.
*/
-
- if ((flags & G_FILE_CREATE_REPLACE_DESTINATION) ||
+
+ if (replace_destination_set ||
(!(original_stat.st_nlink > 1) && !is_symlink))
{
char *dirname, *tmp_filename;
@@ -973,7 +974,7 @@ handle_overwrite_open (const char *filename,
/* try to keep permissions (unless replacing) */
- if ( ! (flags & G_FILE_CREATE_REPLACE_DESTINATION) &&
+ if (!replace_destination_set &&
(
#ifdef HAVE_FCHOWN
fchown (tmpfd, original_stat.st_uid, original_stat.st_gid) == -1 ||
@@ -1112,7 +1113,7 @@ handle_overwrite_open (const char *filename,
}
}
- if (flags & G_FILE_CREATE_REPLACE_DESTINATION)
+ if (replace_destination_set)
{
g_close (fd, NULL);
--
2.23.0

283
backport-0004-CVE-2021-28153.patch
View File

@ -1,283 +0,0 @@
From 317b3b587058a05dca95d56dac26568c5b098d33 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 24 Feb 2021 17:36:07 +0000
Subject: [PATCH 4/5] glocalfileoutputstream: Fix CREATE_REPLACE_DESTINATION
with symlinks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The `G_FILE_CREATE_REPLACE_DESTINATION` flag is equivalent to unlinking
the destination file and re-creating it from scratch. That did
previously work, but in the process the code would call `open(O_CREAT)`
on the file. If the file was a dangling symlink, this would create the
destination file (empty). That鈥檚 not an intended side-effect, and has
security implications if the symlink is controlled by a lower-privileged
process.
Fix that by not opening the destination file if it鈥檚 a symlink, and
adjusting the rest of the code to cope with
- the fact that `fd == -1` is not an error iff `is_symlink` is true,
- and that `original_stat` will contain the `lstat()` results for the
symlink now, rather than the `stat()` results for its target (again,
iff `is_symlink` is true).
This means that the target of the dangling symlink is no longer created,
which was the bug. The symlink itself continues to be replaced (as
before) with the new file 鈥<> this is the intended behaviour of
`g_file_replace()`.
The behaviour for non-symlink cases, or cases where the symlink was not
dangling, should be unchanged.
Includes a unit test.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Fixes: #2325
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885
---
gio/glocalfileoutputstream.c | 65 +++++++++++++++------
gio/tests/file.c | 108 +++++++++++++++++++++++++++++++++++
2 files changed, 156 insertions(+), 17 deletions(-)
diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
index 8b087f7..e6edb5e 100644
--- a/gio/glocalfileoutputstream.c
+++ b/gio/glocalfileoutputstream.c
@@ -875,16 +875,22 @@ handle_overwrite_open (const char *filename,
/* Could be a symlink, or it could be a regular ELOOP error,
* but then the next open will fail too. */
is_symlink = TRUE;
- fd = g_open (filename, open_flags, mode);
+ if (!replace_destination_set)
+ fd = g_open (filename, open_flags, mode);
}
-#else
- fd = g_open (filename, open_flags, mode);
- errsv = errno;
+#else /* if !O_NOFOLLOW */
/* This is racy, but we do it as soon as possible to minimize the race */
is_symlink = g_file_test (filename, G_FILE_TEST_IS_SYMLINK);
+
+ if (!is_symlink || !replace_destination_set)
+ {
+ fd = g_open (filename, open_flags, mode);
+ errsv = errno;
+ }
#endif
- if (fd == -1)
+ if (fd == -1 &&
+ (!is_symlink || !replace_destination_set))
{
char *display_name = g_filename_display_name (filename);
g_set_error (error, G_IO_ERROR,
@@ -894,13 +900,26 @@ handle_overwrite_open (const char *filename,
g_free (display_name);
return -1;
}
-
+
+ if (!is_symlink)
+ {
#ifdef G_OS_WIN32
- res = GLIB_PRIVATE_CALL (g_win32_fstat) (fd, &original_stat);
+ res = GLIB_PRIVATE_CALL (g_win32_fstat) (fd, &original_stat);
#else
- res = fstat (fd, &original_stat);
+ res = fstat (fd, &original_stat);
#endif
- errsv = errno;
+ errsv = errno;
+ }
+ else
+ {
+#ifdef G_OS_WIN32
+ res = GLIB_PRIVATE_CALL (g_win32_fstat) (filename, &original_stat);
+#else
+ res = fstat (filename, &original_stat);
+#endif
+ errsv = errno;
+ }
+
if (res != 0)
{
@@ -917,16 +936,27 @@ handle_overwrite_open (const char *filename,
if (!S_ISREG (original_stat.st_mode))
{
if (S_ISDIR (original_stat.st_mode))
- g_set_error_literal (error,
- G_IO_ERROR,
- G_IO_ERROR_IS_DIRECTORY,
- _("Target file is a directory"));
- else
- g_set_error_literal (error,
+ {
+ g_set_error_literal (error,
+ G_IO_ERROR,
+ G_IO_ERROR_IS_DIRECTORY,
+ _("Target file is a directory"));
+ goto err_out;
+ }
+ else if (!is_symlink ||
+#ifdef S_ISLNK
+ !S_ISLNK (original_stat.st_mode)
+#else
+ FALSE
+#endif
+ )
+ {
+ g_set_error_literal (error,
G_IO_ERROR,
G_IO_ERROR_NOT_REGULAR_FILE,
_("Target file is not a regular file"));
- goto err_out;
+ goto err_out;
+ }
}
if (etag != NULL)
@@ -1007,7 +1037,8 @@ handle_overwrite_open (const char *filename,
}
}
- g_close (fd, NULL);
+ if (fd >= 0)
+ g_close (fd, NULL);
*temp_filename = tmp_filename;
return tmpfd;
}
diff --git a/gio/tests/file.c b/gio/tests/file.c
index d51ac6d..51b665f 100644
--- a/gio/tests/file.c
+++ b/gio/tests/file.c
@@ -804,6 +804,113 @@ test_replace_cancel (void)
g_object_unref (tmpdir);
}
+static void
+test_replace_symlink (void)
+{
+#ifdef G_OS_UNIX
+ gchar *tmpdir_path = NULL;
+ GFile *tmpdir = NULL, *source_file = NULL, *target_file = NULL;
+ GFileOutputStream *stream = NULL;
+ const gchar *new_contents = "this is a test message which should be written to source and not target";
+ gsize n_written;
+ GFileEnumerator *enumerator = NULL;
+ GFileInfo *info = NULL;
+ gchar *contents = NULL;
+ gsize length = 0;
+ GError *local_error = NULL;
+
+ g_test_bug ("https://gitlab.gnome.org/GNOME/glib/-/issues/2325");
+ g_test_summary ("Test that G_FILE_CREATE_REPLACE_DESTINATION doesnt follow symlinks");
+
+ /* Create a fresh, empty working directory. */
+ tmpdir_path = g_dir_make_tmp ("g_file_replace_symlink_XXXXXX", &local_error);
+ g_assert_no_error (local_error);
+ tmpdir = g_file_new_for_path (tmpdir_path);
+
+ g_test_message ("Using temporary directory %s", tmpdir_path);
+ g_free (tmpdir_path);
+
+ /* Create symlink `source` which points to `target`. */
+ source_file = g_file_get_child (tmpdir, "source");
+ target_file = g_file_get_child (tmpdir, "target");
+ g_file_make_symbolic_link (source_file, "target", NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ /* Ensure that `target` doesnt exist */
+ g_assert_false (g_file_query_exists (target_file, NULL));
+
+ /* Replace the `source` symlink with a regular file using
+ * %G_FILE_CREATE_REPLACE_DESTINATION, which should replace it *without*
+ * following the symlink */
+ stream = g_file_replace (source_file, NULL, FALSE /* no backup */,
+ G_FILE_CREATE_REPLACE_DESTINATION, NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ g_output_stream_write_all (G_OUTPUT_STREAM (stream), new_contents, strlen (new_contents),
+ &n_written, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_assert_cmpint (n_written, ==, strlen (new_contents));
+
+ g_output_stream_close (G_OUTPUT_STREAM (stream), NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ g_clear_object (&stream);
+
+ /* At this point, there should still only be one file: `source`. It should
+ * now be a regular file. `target` should not exist. */
+ enumerator = g_file_enumerate_children (tmpdir,
+ G_FILE_ATTRIBUTE_STANDARD_NAME ","
+ G_FILE_ATTRIBUTE_STANDARD_TYPE,
+ G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ info = g_file_enumerator_next_file (enumerator, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_assert_nonnull (info);
+
+ g_assert_cmpstr (g_file_info_get_name (info), ==, "source");
+ g_assert_cmpint (g_file_info_get_file_type (info), ==, G_FILE_TYPE_REGULAR);
+
+ g_clear_object (&info);
+
+ info = g_file_enumerator_next_file (enumerator, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_assert_null (info);
+
+ g_file_enumerator_close (enumerator, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_clear_object (&enumerator);
+
+ /* Double-check that `target` doesnt exist */
+ g_assert_false (g_file_query_exists (target_file, NULL));
+
+ /* Check the content of `source`. */
+ g_file_load_contents (source_file,
+ NULL,
+ &contents,
+ &length,
+ NULL,
+ &local_error);
+ g_assert_no_error (local_error);
+ g_assert_cmpstr (contents, ==, new_contents);
+ g_assert_cmpuint (length, ==, strlen (new_contents));
+ g_free (contents);
+
+ /* Tidy up. */
+ g_file_delete (source_file, NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ g_file_delete (tmpdir, NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ g_clear_object (&target_file);
+ g_clear_object (&source_file);
+ g_clear_object (&tmpdir);
+#else /* if !G_OS_UNIX */
+ g_test_skip ("Symlink replacement tests can only be run on Unix")
+#endif
+}
+
static void
on_file_deleted (GObject *object,
GAsyncResult *result,
@@ -1752,6 +1859,7 @@ main (int argc, char *argv[])
g_test_add_data_func ("/file/async-create-delete/4096", GINT_TO_POINTER (4096), test_create_delete);
g_test_add_func ("/file/replace-load", test_replace_load);
g_test_add_func ("/file/replace-cancel", test_replace_cancel);
+ g_test_add_func ("/file/replace-symlink", test_replace_symlink);
g_test_add_func ("/file/async-delete", test_async_delete);
#ifdef G_OS_UNIX
g_test_add_func ("/file/copy-preserve-mode", test_copy_preserve_mode);
--
2.23.0

56
backport-0005-CVE-2021-28153.patch
View File

@ -1,56 +0,0 @@
From 6c6439261bc7a8a0627519848a7222b3e1bd4ffe Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 24 Feb 2021 17:42:24 +0000
Subject: [PATCH 5/5] glocalfileoutputstream: Add a missing O_CLOEXEC flag to
replace()
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885
---
gio/glocalfileoutputstream.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
index a2c7e3cc0..4c512ea81 100644
--- a/gio/glocalfileoutputstream.c
+++ b/gio/glocalfileoutputstream.c
@@ -63,6 +63,12 @@
#define O_BINARY 0
#endif
+#ifndef O_CLOEXEC
+#define O_CLOEXEC 0
+#else
+#define HAVE_O_CLOEXEC 1
+#endif
+
struct _GLocalFileOutputStreamPrivate {
char *tmp_filename;
char *original_filename;
@@ -1239,7 +1245,7 @@ _g_local_file_output_stream_replace (const char *filename,
sync_on_close = FALSE;
/* If the file doesn't exist, create it */
- open_flags = O_CREAT | O_EXCL | O_BINARY;
+ open_flags = O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC;
if (readable)
open_flags |= O_RDWR;
else
@@ -1269,8 +1275,11 @@ _g_local_file_output_stream_replace (const char *filename,
set_error_from_open_errno (filename, error);
return NULL;
}
-
-
+#if !defined(HAVE_O_CLOEXEC) && defined(F_SETFD)
+ else
+ fcntl (fd, F_SETFD, FD_CLOEXEC);
+#endif
+
stream = g_object_new (G_TYPE_LOCAL_FILE_OUTPUT_STREAM, NULL);
stream->priv->fd = fd;
stream->priv->sync_on_close = sync_on_close;
--
GitLab

36
backport-CVE-2020-35457.patch
View File

@ -1,36 +0,0 @@
From 63c5b62f0a984fac9a9700b12f54fe878e016a5d Mon Sep 17 00:00:00 2001
From: Philip Withnall <withnall@endlessm.com>
Date: Wed, 2 Sep 2020 12:38:09 +0100
Subject: [PATCH] goption: Add a precondition to avoid GOptionEntry list
overflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
reason:Add a precondition to avoid GOptionEntry list overflow
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Fixes: #2197
---
glib/goption.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/glib/goption.c b/glib/goption.c
index 9f5b977c4..bb9093a33 100644
--- a/glib/goption.c
+++ b/glib/goption.c
@@ -2422,6 +2422,8 @@ g_option_group_add_entries (GOptionGroup *group,
for (n_entries = 0; entries[n_entries].long_name != NULL; n_entries++) ;
+ g_return_if_fail (n_entries <= G_MAXSIZE - group->n_entries);
+
group->entries = g_renew (GOptionEntry, group->entries, group->n_entries + n_entries);
/* group->entries could be NULL in the trivial case where we add no
--
GitLab

60
backport-CVE-2021-27218.patch
View File

@ -1,60 +0,0 @@
From acb7b0ec69f26a7df10af3992359890b09f076e8 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <qdlacz@gmail.com>
Date: Wed, 10 Feb 2021 23:51:07 +0100
Subject: [PATCH] gbytearray: Do not accept too large byte arrays
GByteArray uses guint for storing the length of the byte array, but it
also has a constructor (g_byte_array_new_take) that takes length as a
gsize. gsize may be larger than guint (64 bits for gsize vs 32 bits
for guint). It is possible to call the function with a value greater
than G_MAXUINT, which will result in silent length truncation. This
may happen as a result of unreffing GBytes into GByteArray, so rather
be loud about it.
(Test case tweaked by Philip Withnall.)
---
glib/garray.c | 6 ++++++
glib/gbytes.c | 4 ++++
2 files changed, 10 insertions(+)
diff --git a/glib/garray.c b/glib/garray.c
index de720210c..2b66f16a6 100644
--- a/glib/garray.c
+++ b/glib/garray.c
@@ -2261,6 +2261,10 @@ g_byte_array_steal (GByteArray *array,
* Create byte array containing the data. The data will be owned by the array
* and will be freed with g_free(), i.e. it could be allocated using g_strdup().
*
+ * Do not use it if @len is greater than %G_MAXUINT. #GByteArray
+ * stores the length of its data in #guint, which may be shorter than
+ * #gsize.
+ *
* Since: 2.32
*
* Returns: (transfer full): a new #GByteArray
@@ -2272,6 +2276,8 @@ g_byte_array_new_take (guint8 *data,
GByteArray *array;
GRealArray *real;
+ g_return_val_if_fail (len <= G_MAXUINT, NULL);
+
array = g_byte_array_new ();
real = (GRealArray *)array;
g_assert (real->data == NULL);
diff --git a/glib/gbytes.c b/glib/gbytes.c
index 00fd79155..aaadf451b 100644
--- a/glib/gbytes.c
+++ b/glib/gbytes.c
@@ -519,6 +519,10 @@ g_bytes_unref_to_data (GBytes *bytes,
* g_bytes_new(), g_bytes_new_take() or g_byte_array_free_to_bytes(). In all
* other cases the data is copied.
*
+ * Do not use it if @bytes contains more than %G_MAXUINT
+ * bytes. #GByteArray stores the length of its data in #guint, which
+ * may be shorter than #gsize, that @bytes is using.
+ *
* Returns: (transfer full): a new mutable #GByteArray containing the same byte data
*
* Since: 2.32
--
GitLab

808
backport-CVE-2021-27219.patch
View File

@ -1,808 +0,0 @@
From f8cf0b8672209e0b829542e194e302f1de169929 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 13:30:52 +0000
Subject: [PATCH 01/11] gstrfuncs: Add g_memdup2() function
This will replace the existing `g_memdup()` function, which has an
unavoidable security flaw of taking its `byte_size` argument as a
`guint` rather than as a `gsize`. Most callers will expect it to be a
`gsize`, and may pass in large values which could silently be truncated,
resulting in an undersize allocation compared to what the caller
expects.
This could lead to a classic buffer overflow vulnerability for many
callers of `g_memdup()`.
`g_memdup2()`, in comparison, takes its `byte_size` as a `gsize`.
Spotted by Kevin Backhouse of GHSL.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: GHSL-2021-045
Helps: #2319
reason:Fix CVE-2021-27219
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/20cfc75d148e3be0c026cc7eff3a9cdb72bf5c56
diff -Naur a/docs/reference/glib/glib-sections.txt b/docs/reference/glib/glib-sections.txt
--- a/docs/reference/glib/glib-sections.txt 2021-03-06 09:46:03.657000000 +0800
+++ b/docs/reference/glib/glib-sections.txt 2021-03-05 14:58:36.022000000 +0800
@@ -1275,6 +1275,7 @@
<SUBSECTION>
g_memmove
g_memdup
+g_memdup2
<SUBSECTION>
GMemVTable
diff -Naur a/gio/gdatainputstream.c b/gio/gdatainputstream.c
--- a/gio/gdatainputstream.c 2021-03-06 09:46:03.661000000 +0800
+++ b/gio/gdatainputstream.c 2021-03-05 15:10:26.335000000 +0800
@@ -856,7 +856,7 @@
scan_for_chars (GDataInputStream *stream,
gsize *checked_out,
const char *stop_chars,
- gssize stop_chars_len)
+ gsize stop_chars_len)
{
GBufferedInputStream *bstream;
const char *buffer;
@@ -952,7 +952,7 @@
gsize checked;
gchar *stop_chars;
- gssize stop_chars_len;
+ gsize stop_chars_len;
gsize length;
} GDataInputStreamReadData;
@@ -1078,12 +1078,16 @@
{
GDataInputStreamReadData *data;
GTask *task;
+ gsize stop_chars_len_unsigned;
data = g_slice_new0 (GDataInputStreamReadData);
- if (stop_chars_len == -1)
- stop_chars_len = strlen (stop_chars);
- data->stop_chars = g_memdup (stop_chars, stop_chars_len);
- data->stop_chars_len = stop_chars_len;
+ if (stop_chars_len < 0)
+ stop_chars_len_unsigned = strlen (stop_chars);
+ else
+ stop_chars_len_unsigned = (gsize) stop_chars_len;
+
+ data->stop_chars = g_memdup2 (stop_chars, stop_chars_len_unsigned);
+ data->stop_chars_len = stop_chars_len_unsigned;
data->last_saw_cr = FALSE;
task = g_task_new (stream, cancellable, callback, user_data);
@@ -1338,17 +1342,20 @@
gssize found_pos;
gssize res;
char *data_until;
+ gsize stop_chars_len_unsigned;
g_return_val_if_fail (G_IS_DATA_INPUT_STREAM (stream), NULL);
if (stop_chars_len < 0)
- stop_chars_len = strlen (stop_chars);
+ stop_chars_len_unsigned = strlen (stop_chars);
+ else
+ stop_chars_len_unsigned = (gsize) stop_chars_len;
bstream = G_BUFFERED_INPUT_STREAM (stream);
checked = 0;
- while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len)) == -1)
+ while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len_unsigned)) == -1)
{
if (g_buffered_input_stream_get_available (bstream) ==
g_buffered_input_stream_get_buffer_size (bstream))
diff -Naur a/gio/gdbusconnection.c b/gio/gdbusconnection.c
--- a/gio/gdbusconnection.c 2021-03-06 09:46:03.663000000 +0800
+++ b/gio/gdbusconnection.c 2021-03-05 15:14:19.973000000 +0800
@@ -3997,7 +3997,7 @@
/* Don't waste memory by copying padding - remember to update this
* when changing struct _GDBusInterfaceVTable in gdbusconnection.h
*/
- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer));
+ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer));
}
static void
@@ -4014,7 +4014,7 @@
/* Don't waste memory by copying padding - remember to update this
* when changing struct _GDBusSubtreeVTable in gdbusconnection.h
*/
- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer));
+ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer));
}
static void
diff -Naur a/gio/gdbusinterfaceskeleton.c b/gio/gdbusinterfaceskeleton.c
--- a/gio/gdbusinterfaceskeleton.c 2021-03-06 09:46:03.663000000 +0800
+++ b/gio/gdbusinterfaceskeleton.c 2021-03-05 15:36:52.369000000 +0800
@@ -701,7 +701,7 @@
* properly before building the hooked_vtable, so we create it
* once at the last minute.
*/
- interface_->priv->hooked_vtable = g_memdup (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable));
+ interface_->priv->hooked_vtable = g_memdup2 (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable));
interface_->priv->hooked_vtable->method_call = skeleton_intercept_handle_method_call;
}
diff -Naur a/gio/gfile.c b/gio/gfile.c
--- a/gio/gfile.c 2021-03-06 09:46:03.666000000 +0800
+++ b/gio/gfile.c 2021-03-05 15:44:25.759000000 +0800
@@ -7884,7 +7884,7 @@
g_main_context_invoke_full (g_task_get_context (task),
g_task_get_priority (task),
measure_disk_usage_invoke_progress,
- g_memdup (&progress, sizeof progress),
+ g_memdup2 (&progress, sizeof progress),
g_free);
}
@@ -7902,7 +7902,7 @@
data->progress_callback ? measure_disk_usage_progress : NULL, task,
&result.disk_usage, &result.num_dirs, &result.num_files,
&error))
- g_task_return_pointer (task, g_memdup (&result, sizeof result), g_free);
+ g_task_return_pointer (task, g_memdup2 (&result, sizeof result), g_free);
else
g_task_return_error (task, error);
}
@@ -7926,7 +7926,7 @@
task = g_task_new (file, cancellable, callback, user_data);
g_task_set_source_tag (task, g_file_real_measure_disk_usage_async);
- g_task_set_task_data (task, g_memdup (&data, sizeof data), g_free);
+ g_task_set_task_data (task, g_memdup2 (&data, sizeof data), g_free);
g_task_set_priority (task, io_priority);
g_task_run_in_thread (task, measure_disk_usage_thread);
diff -Naur a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
--- a/gio/gkeyfilesettingsbackend.c 2021-03-06 09:46:03.670000000 +0800
+++ b/gio/gkeyfilesettingsbackend.c 2021-03-05 17:24:26.933000000 +0800
@@ -145,8 +145,8 @@
gchar **group,
gchar **basename)
{
- gint key_len = strlen (key);
- gint i;
+ gsize key_len = strlen (key);
+ const gchar *last_slash;
if (key_len < kfsb->prefix_len ||
memcmp (key, kfsb->prefix, kfsb->prefix_len) != 0)
@@ -155,38 +155,36 @@
key_len -= kfsb->prefix_len;
key += kfsb->prefix_len;
- for (i = key_len; i >= 0; i--)
- if (key[i] == '/')
- break;
+ last_slash = strrchr (key, '/');
if (kfsb->root_group)
{
/* if a root_group was specified, make sure the user hasn't given
* a path that ghosts that group name
*/
- if (i == kfsb->root_group_len && memcmp (key, kfsb->root_group, i) == 0)
+ if (last_slash != NULL && (last_slash - key) == kfsb->root_group_len && memcmp (key, kfsb->root_group, last_slash - key) == 0)
return FALSE;
}
else
{
/* if no root_group was given, ensure that the user gave a path */
- if (i == -1)
+ if (last_slash == NULL)
return FALSE;
}
if (group)
{
- if (i >= 0)
+ if (last_slash != NULL)
{
- *group = g_memdup (key, i + 1);
- (*group)[i] = '\0';
+ *group = g_memdup2 (key, (last_slash - key) + 1);
+ (*group)[(last_slash - key)] = '\0';
}
else
*group = g_strdup (kfsb->root_group);
}
if (basename)
- *basename = g_memdup (key + i + 1, key_len - i);
+ *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key));
return TRUE;
}
diff -Naur a/gio/gsettingsschema.c b/gio/gsettingsschema.c
--- a/gio/gsettingsschema.c 2021-03-06 09:46:03.675000000 +0800
+++ b/gio/gsettingsschema.c 2021-03-05 16:08:24.724000000 +0800
@@ -1058,9 +1058,9 @@
if (g_str_has_suffix (key, "/"))
{
- gint length = strlen (key);
+ gsize length = strlen (key);
- strv[j] = g_memdup (key, length);
+ strv[j] = g_memdup2 (key, length);
strv[j][length - 1] = '\0';
j++;
}
diff -Naur a/gio/gsocket.c b/gio/gsocket.c
--- a/gio/gsocket.c 2021-03-06 09:46:03.675000000 +0800
+++ b/gio/gsocket.c 2021-03-05 16:34:42.236000000 +0800
@@ -174,7 +174,7 @@
GError **error);
static GSocketAddress *
-cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len);
+cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len);
static gssize
g_socket_receive_message_with_timeout (GSocket *socket,
@@ -260,7 +260,7 @@
struct {
GSocketAddress *addr;
struct sockaddr *native;
- gint native_len;
+ gsize native_len;
guint64 last_used;
} recv_addr_cache[RECV_ADDR_CACHE_SIZE];
};
@@ -5211,14 +5211,14 @@
}
static GSocketAddress *
-cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len)
+cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len)
{
GSocketAddress *saddr;
gint i;
guint64 oldest_time = G_MAXUINT64;
gint oldest_index = 0;
- if (native_len <= 0)
+ if (native_len == 0)
return NULL;
saddr = NULL;
@@ -5226,7 +5226,7 @@
{
GSocketAddress *tmp = socket->priv->recv_addr_cache[i].addr;
gpointer tmp_native = socket->priv->recv_addr_cache[i].native;
- gint tmp_native_len = socket->priv->recv_addr_cache[i].native_len;
+ gsize tmp_native_len = socket->priv->recv_addr_cache[i].native_len;
if (!tmp)
continue;
@@ -5256,7 +5256,7 @@
g_free (socket->priv->recv_addr_cache[oldest_index].native);
}
- socket->priv->recv_addr_cache[oldest_index].native = g_memdup (native, native_len);
+ socket->priv->recv_addr_cache[oldest_index].native = g_memdup2 (native, native_len);
socket->priv->recv_addr_cache[oldest_index].native_len = native_len;
socket->priv->recv_addr_cache[oldest_index].addr = g_object_ref (saddr);
socket->priv->recv_addr_cache[oldest_index].last_used = g_get_monotonic_time ();
@@ -5404,6 +5404,9 @@
/* do it */
while (1)
{
+ /* addrlen has to be of type int because thats how WSARecvFrom() is defined */
+ G_STATIC_ASSERT (sizeof addr <= G_MAXINT);
+
addrlen = sizeof addr;
if (address)
result = WSARecvFrom (socket->priv->fd,
diff -Naur a/gio/gtlspassword.c b/gio/gtlspassword.c
--- a/gio/gtlspassword.c 2021-03-06 09:46:03.678000000 +0800
+++ b/gio/gtlspassword.c 2021-03-05 16:36:55.266000000 +0800
@@ -287,9 +287,14 @@
g_return_if_fail (G_IS_TLS_PASSWORD (password));
if (length < 0)
- length = strlen ((gchar *)value);
+ {
+ /* FIXME: g_tls_password_set_value_full() doesnt support unsigned gsize */
+ gsize length_unsigned = strlen ((gchar *) value);
+ g_return_if_fail (length_unsigned > G_MAXSSIZE);
+ length = (gssize) length_unsigned;
+ }
- g_tls_password_set_value_full (password, g_memdup (value, length), length, g_free);
+ g_tls_password_set_value_full (password, g_memdup2 (value, (gsize) length), length, g_free);
}
/**
diff -Naur a/gio/gwin32registrykey.c b/gio/gwin32registrykey.c
--- a/gio/gwin32registrykey.c 2021-03-06 09:46:03.680000000 +0800
+++ b/gio/gwin32registrykey.c 2021-03-05 16:43:04.459000000 +0800
@@ -125,16 +125,34 @@
G_WIN32_REGISTRY_UPDATED_PATH = 1,
} GWin32RegistryKeyUpdateFlag;
+static gsize
+g_utf16_len (const gunichar2 *str)
+{
+ gsize result;
+
+ for (result = 0; str[0] != 0; str++, result++)
+ ;
+
+ return result;
+}
+
static gunichar2 *
-g_wcsdup (const gunichar2 *str,
- gssize str_size)
+g_wcsdup (const gunichar2 *str, gssize str_len)
{
- if (str_size == -1)
- {
- str_size = wcslen (str) + 1;
- str_size *= sizeof (gunichar2);
- }
- return g_memdup (str, str_size);
+ gsize str_len_unsigned;
+ gsize str_size;
+
+ g_return_val_if_fail (str != NULL, NULL);
+
+ if (str_len < 0)
+ str_len_unsigned = g_utf16_len (str);
+ else
+ str_len_unsigned = (gsize) str_len;
+
+ g_assert (str_len_unsigned <= G_MAXSIZE / sizeof (gunichar2) - 1);
+ str_size = (str_len_unsigned + 1) * sizeof (gunichar2);
+
+ return g_memdup2 (str, str_size);
}
/**
@@ -247,7 +265,7 @@
new_iter->value_name_size = iter->value_name_size;
if (iter->value_data != NULL)
- new_iter->value_data = g_memdup (iter->value_data, iter->value_data_size);
+ new_iter->value_data = g_memdup2 (iter->value_data, iter->value_data_size);
new_iter->value_data_size = iter->value_data_size;
@@ -268,8 +286,8 @@
new_iter->value_data_expanded_charsize = iter->value_data_expanded_charsize;
if (iter->value_data_expanded_u8 != NULL)
- new_iter->value_data_expanded_u8 = g_memdup (iter->value_data_expanded_u8,
- iter->value_data_expanded_charsize);
+ new_iter->value_data_expanded_u8 = g_memdup2 (iter->value_data_expanded_u8,
+ iter->value_data_expanded_charsize);
new_iter->value_data_expanded_u8_size = iter->value_data_expanded_charsize;
diff -Naur a/gio/tests/async-close-output-stream.c b/gio/tests/async-close-output-stream.c
--- a/gio/tests/async-close-output-stream.c 2021-03-06 09:46:03.682000000 +0800
+++ b/gio/tests/async-close-output-stream.c 2021-03-05 16:54:17.745000000 +0800
@@ -147,9 +147,9 @@
data->expected_size = g_memory_output_stream_get_data_size (G_MEMORY_OUTPUT_STREAM (data->data_stream));
- g_assert_cmpint (data->expected_size, >, 0);
+ g_assert_cmpuint (data->expected_size, >, 0);
- data->expected_output = g_memdup (written, (guint)data->expected_size);
+ data->expected_output = g_memdup2 (written, data->expected_size);
/* then recreate the streams and prepare them for the asynchronous close */
destroy_streams (data);
diff -Naur a/gio/tests/gdbus-export.c b/gio/tests/gdbus-export.c
--- a/gio/tests/gdbus-export.c 2021-03-06 09:46:03.685000000 +0800
+++ b/gio/tests/gdbus-export.c 2021-03-05 16:56:17.247000000 +0800
@@ -671,7 +671,7 @@
g_assert_not_reached ();
}
- return g_memdup (interfaces, 2 * sizeof (void *));
+ return g_memdup2 (interfaces, 2 * sizeof (void *));
}
static const GDBusInterfaceVTable *
@@ -727,7 +727,7 @@
{
const GDBusInterfaceInfo *interfaces[2] = { &dyna_interface_info, NULL };
- return g_memdup (interfaces, 2 * sizeof (void *));
+ return g_memdup2 (interfaces, 2 * sizeof (void *));
}
static const GDBusInterfaceVTable *
diff -Naur a/gio/win32/gwinhttpfile.c b/gio/win32/gwinhttpfile.c
--- a/gio/win32/gwinhttpfile.c 2021-03-06 09:46:03.693000000 +0800
+++ b/gio/win32/gwinhttpfile.c 2021-03-05 16:58:28.076000000 +0800
@@ -393,10 +393,10 @@
child = g_object_new (G_TYPE_WINHTTP_FILE, NULL);
child->vfs = winhttp_file->vfs;
child->url = winhttp_file->url;
- child->url.lpszScheme = g_memdup (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2);
- child->url.lpszHostName = g_memdup (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2);
- child->url.lpszUserName = g_memdup (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2);
- child->url.lpszPassword = g_memdup (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2);
+ child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, ((gsize) winhttp_file->url.dwSchemeLength + 1) * 2);
+ child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, ((gsize) winhttp_file->url.dwHostNameLength + 1) * 2);
+ child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, ((gsize) winhttp_file->url.dwUserNameLength + 1) * 2);
+ child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, ((gsize) winhttp_file->url.dwPasswordLength + 1) * 2);
child->url.lpszUrlPath = wnew_path;
child->url.dwUrlPathLength = wcslen (wnew_path);
child->url.lpszExtraInfo = NULL;
diff -Naur a/glib/gbytes.c b/glib/gbytes.c
--- a/glib/gbytes.c 2021-03-06 09:46:03.721000000 +0800
+++ b/glib/gbytes.c 2021-03-05 17:29:25.481000000 +0800
@@ -95,7 +95,7 @@
{
g_return_val_if_fail (data != NULL || size == 0, NULL);
- return g_bytes_new_take (g_memdup (data, size), size);
+ return g_bytes_new_take (g_memdup2 (data, size), size);
}
/**
@@ -499,7 +499,7 @@
* Copy: Non g_malloc (or compatible) allocator, or static memory,
* so we have to copy, and then unref.
*/
- result = g_memdup (bytes->data, bytes->size);
+ result = g_memdup2 (bytes->data, bytes->size);
*size = bytes->size;
g_bytes_unref (bytes);
}
diff -Naur a/glib/gdir.c b/glib/gdir.c
--- a/glib/gdir.c 2021-03-06 09:46:03.696000000 +0800
+++ b/glib/gdir.c 2021-03-06 09:11:06.646000000 +0800
@@ -112,7 +112,7 @@
return NULL;
#endif
- return g_memdup (&dir, sizeof dir);
+ return g_memdup2 (&dir, sizeof dir);
}
/**
diff -Naur a/glib/ghash.c b/glib/ghash.c
--- a/glib/ghash.c 2021-03-06 09:46:03.697000000 +0800
+++ b/glib/ghash.c 2021-03-06 09:12:58.243000000 +0800
@@ -964,7 +964,7 @@
if (hash_table->have_big_keys)
{
if (key != value)
- hash_table->values = g_memdup (hash_table->keys, sizeof (gpointer) * hash_table->size);
+ hash_table->values = g_memdup2 (hash_table->keys, sizeof (gpointer) * hash_table->size);
/* Keys and values are both big now, so no need for further checks */
return;
}
@@ -972,7 +972,7 @@
{
if (key != value)
{
- hash_table->values = g_memdup (hash_table->keys, sizeof (guint) * hash_table->size);
+ hash_table->values = g_memdup2 (hash_table->keys, sizeof (guint) * hash_table->size);
is_a_set = FALSE;
}
}
@@ -1000,7 +1000,7 @@
/* Just split if necessary */
if (is_a_set && key != value)
- hash_table->values = g_memdup (hash_table->keys, sizeof (gpointer) * hash_table->size);
+ hash_table->values = g_memdup2 (hash_table->keys, sizeof (gpointer) * hash_table->size);
#endif
}
diff -Naur a/glib/giochannel.c b/glib/giochannel.c
--- a/glib/giochannel.c 2021-03-06 09:46:03.697000000 +0800
+++ b/glib/giochannel.c 2021-03-06 09:20:11.237000000 +0800
@@ -883,16 +883,25 @@
const gchar *line_term,
gint length)
{
+ guint length_unsigned;
+
g_return_if_fail (channel != NULL);
g_return_if_fail (line_term == NULL || length != 0); /* Disallow "" */
if (line_term == NULL)
- length = 0;
- else if (length < 0)
- length = strlen (line_term);
+ length_unsigned = 0;
+ else if (length >= 0)
+ length_unsigned = (guint) length;
+ else
+ {
+ /* FIXME: Were constrained by line_term_len being a guint here */
+ gsize length_size = strlen (line_term);
+ g_return_if_fail (length_size > G_MAXUINT);
+ length_unsigned = (guint) length_size;
+ }
g_free (channel->line_term);
- channel->line_term = line_term ? g_memdup (line_term, length) : NULL;
+ channel->line_term = line_term ? g_memdup2 (line_term, length_unsigned) : NULL;
channel->line_term_len = length;
}
diff -Naur a/glib/gstrfuncs.c b/glib/gstrfuncs.c
--- a/glib/gstrfuncs.c 2021-03-06 09:46:03.703000000 +0800
+++ b/glib/gstrfuncs.c 2021-03-06 09:21:27.836000000 +0800
@@ -398,6 +398,38 @@
}
/**
+ * g_memdup2:
+ * @mem: (nullable): the memory to copy.
+ * @byte_size: the number of bytes to copy.
+ *
+ * Allocates @byte_size bytes of memory, and copies @byte_size bytes into it
+ * from @mem. If @mem is %NULL it returns %NULL.
+ *
+ * This replaces g_memdup(), which was prone to integer overflows when
+ * converting the argument from a #gsize to a #guint.
+ *
+ * Returns: (nullable): a pointer to the newly-allocated copy of the memory,
+ * or %NULL if @mem is %NULL.
+ * Since: 2.68
+ */
+gpointer
+g_memdup2 (gconstpointer mem,
+ gsize byte_size)
+{
+ gpointer new_mem;
+
+ if (mem && byte_size != 0)
+ {
+ new_mem = g_malloc (byte_size);
+ memcpy (new_mem, mem, byte_size);
+ }
+ else
+ new_mem = NULL;
+
+ return new_mem;
+}
+
+/**
* g_strndup:
* @str: the string to duplicate
* @n: the maximum number of bytes to copy from @str
diff -Naur a/glib/gstrfuncs.h b/glib/gstrfuncs.h
--- a/glib/gstrfuncs.h 2021-03-06 09:46:03.703000000 +0800
+++ b/glib/gstrfuncs.h 2021-03-06 09:23:07.268000000 +0800
@@ -257,6 +257,10 @@
gpointer g_memdup (gconstpointer mem,
guint byte_size) G_GNUC_ALLOC_SIZE(2);
+GLIB_AVAILABLE_IN_ALL
+gpointer g_memdup2 (gconstpointer mem,
+ gsize byte_size) G_GNUC_ALLOC_SIZE(2);
+
/* NULL terminated string arrays.
* g_strsplit(), g_strsplit_set() split up string into max_tokens tokens
* at delim and return a newly allocated string array.
diff -Naur a/glib/gtestutils.c b/glib/gtestutils.c
--- a/glib/gtestutils.c 2021-03-06 09:46:03.704000000 +0800
+++ b/glib/gtestutils.c 2021-03-06 09:24:38.454000000 +0800
@@ -3801,7 +3801,7 @@
if (p <= tbuffer->data->str + mlength)
{
g_string_erase (tbuffer->data, 0, mlength);
- tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup (&msg, sizeof (msg)));
+ tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup2 (&msg, sizeof (msg)));
return TRUE;
}
diff -Naur a/glib/gvariant.c b/glib/gvariant.c
--- a/glib/gvariant.c 2021-03-06 09:46:03.709000000 +0800
+++ b/glib/gvariant.c 2021-03-06 09:26:50.164000000 +0800
@@ -725,7 +725,7 @@
g_variant_ref_sink (value);
return g_variant_new_from_children (G_VARIANT_TYPE_VARIANT,
- g_memdup (&value, sizeof value),
+ g_memdup2 (&value, sizeof value),
1, g_variant_is_trusted (value));
}
@@ -1229,7 +1229,7 @@
return NULL;
}
- data = g_memdup (elements, n_elements * element_size);
+ data = g_memdup2 (elements, n_elements * element_size);
value = g_variant_new_from_data (array_type, data,
n_elements * element_size,
FALSE, g_free, data);
@@ -1908,7 +1908,7 @@
if (length)
*length = size;
- return g_memdup (original, size + 1);
+ return g_memdup2 (original, size + 1);
}
/**
diff -Naur a/glib/gvarianttype.c b/glib/gvarianttype.c
--- a/glib/gvarianttype.c 2021-03-06 09:46:03.709000000 +0800
+++ b/glib/gvarianttype.c 2021-03-06 09:28:03.190000000 +0800
@@ -1181,7 +1181,7 @@
g_assert (offset < sizeof buffer);
buffer[offset++] = ')';
- return (GVariantType *) g_memdup (buffer, offset);
+ return (GVariantType *) g_memdup2 (buffer, offset);
}
/**
diff -Naur a/glib/tests/array-test.c b/glib/tests/array-test.c
--- a/glib/tests/array-test.c 2021-03-06 09:46:03.712000000 +0800
+++ b/glib/tests/array-test.c 2021-03-06 09:28:56.467000000 +0800
@@ -1616,7 +1616,7 @@
GByteArray *gbarray;
guint8 *data;
- data = g_memdup ("woooweeewow", 11);
+ data = g_memdup2 ("woooweeewow", 11);
gbarray = g_byte_array_new_take (data, 11);
g_assert (gbarray->data == data);
g_assert_cmpuint (gbarray->len, ==, 11);
diff -Naur a/glib/tests/option-context.c b/glib/tests/option-context.c
--- a/glib/tests/option-context.c 2021-03-06 09:46:03.719000000 +0800
+++ b/glib/tests/option-context.c 2021-03-06 09:30:07.022000000 +0800
@@ -256,7 +256,7 @@
static char **
copy_stringv (char **argv, int argc)
{
- return g_memdup (argv, sizeof (char *) * (argc + 1));
+ return g_memdup2 (argv, sizeof (char *) * (argc + 1));
}
static void
@@ -2323,7 +2323,7 @@
g_option_context_add_group (context, group);
argv = split_string ("program --test arg1 -f arg2 --group-test arg3 --frob arg4 -z arg5", &argc);
- orig_argv = g_memdup (argv, (argc + 1) * sizeof (char *));
+ orig_argv = g_memdup2 (argv, (argc + 1) * sizeof (char *));
retval = g_option_context_parse (context, &argc, &argv, &error);
diff -Naur a/glib/tests/strfuncs.c b/glib/tests/strfuncs.c
--- a/glib/tests/strfuncs.c 2021-03-06 09:46:03.720000000 +0800
+++ b/glib/tests/strfuncs.c 2021-03-06 09:33:09.312000000 +0800
@@ -219,6 +219,26 @@
g_free (str_dup);
}
+/* Testing g_memdup2() function with various positive and negative cases */
+static void
+test_memdup2 (void)
+{
+ gchar *str_dup = NULL;
+ const gchar *str = "The quick brown fox jumps over the lazy dog";
+
+ /* Testing negative cases */
+ g_assert_null (g_memdup2 (NULL, 1024));
+ g_assert_null (g_memdup2 (str, 0));
+ g_assert_null (g_memdup2 (NULL, 0));
+
+ /* Testing normal usage cases */
+ str_dup = g_memdup2 (str, strlen (str) + 1);
+ g_assert_nonnull (str_dup);
+ g_assert_cmpstr (str, ==, str_dup);
+
+ g_free (str_dup);
+}
+
/* Testing g_strpcpy() function with various positive and negative cases */
static void
test_stpcpy (void)
@@ -2523,6 +2543,7 @@
g_test_add_func ("/strfuncs/has-prefix", test_has_prefix);
g_test_add_func ("/strfuncs/has-suffix", test_has_suffix);
g_test_add_func ("/strfuncs/memdup", test_memdup);
+ g_test_add_func ("/strfuncs/memdup2", test_memdup2);
g_test_add_func ("/strfuncs/stpcpy", test_stpcpy);
g_test_add_func ("/strfuncs/str_match_string", test_str_match_string);
g_test_add_func ("/strfuncs/str_tokenize_and_fold", test_str_tokenize_and_fold);
diff -Naur a/gobject/gsignal.c b/gobject/gsignal.c
--- a/gobject/gsignal.c 2021-03-06 09:46:03.722000000 +0800
+++ b/gobject/gsignal.c 2021-03-06 09:36:46.688000000 +0800
@@ -1730,7 +1730,7 @@
node->single_va_closure_is_valid = FALSE;
node->flags = signal_flags & G_SIGNAL_FLAGS_MASK;
node->n_params = n_params;
- node->param_types = g_memdup (param_types, sizeof (GType) * n_params);
+ node->param_types = g_memdup2 (param_types, sizeof (GType) * n_params);
node->return_type = return_type;
node->class_closure_bsa = NULL;
if (accumulator)
diff -Naur a/gobject/gtype.c b/gobject/gtype.c
--- a/gobject/gtype.c 2021-03-06 09:46:03.724000000 +0800
+++ b/gobject/gtype.c 2021-03-06 09:38:47.030000000 +0800
@@ -1470,7 +1470,7 @@
iholder->next = iface_node_get_holders_L (iface);
iface_node_set_holders_W (iface, iholder);
iholder->instance_type = NODE_TYPE (node);
- iholder->info = info ? g_memdup (info, sizeof (*info)) : NULL;
+ iholder->info = info ? g_memdup2 (info, sizeof (*info)) : NULL;
iholder->plugin = plugin;
/* create an iface entry for this type */
@@ -1731,7 +1731,7 @@
INVALID_RECURSION ("g_type_plugin_*", iholder->plugin, NODE_NAME (iface));
check_interface_info_I (iface, instance_type, &tmp_info);
- iholder->info = g_memdup (&tmp_info, sizeof (tmp_info));
+ iholder->info = g_memdup2 (&tmp_info, sizeof (tmp_info));
}
return iholder; /* we don't modify write lock upon returning NULL */
@@ -2016,10 +2016,10 @@
IFaceEntry *pentry = type_lookup_iface_entry_L (pnode, iface);
if (pentry)
- vtable = g_memdup (pentry->vtable, iface->data->iface.vtable_size);
+ vtable = g_memdup2 (pentry->vtable, iface->data->iface.vtable_size);
}
if (!vtable)
- vtable = g_memdup (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size);
+ vtable = g_memdup2 (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size);
entry->vtable = vtable;
vtable->g_type = NODE_TYPE (iface);
vtable->g_instance_type = NODE_TYPE (node);
diff -Naur a/gobject/gtypemodule.c b/gobject/gtypemodule.c
--- a/gobject/gtypemodule.c 2021-03-06 09:46:03.724000000 +0800
+++ b/gobject/gtypemodule.c 2021-03-06 09:39:57.337000000 +0800
@@ -436,7 +436,7 @@
module_type_info->loaded = TRUE;
module_type_info->info = *type_info;
if (type_info->value_table)
- module_type_info->info.value_table = g_memdup (type_info->value_table,
+ module_type_info->info.value_table = g_memdup2 (type_info->value_table,
sizeof (GTypeValueTable));
return module_type_info->type;
diff -Naur a/gobject/tests/param.c b/gobject/tests/param.c
--- a/gobject/tests/param.c 2021-03-06 09:46:03.725000000 +0800
+++ b/gobject/tests/param.c 2021-03-06 09:40:28.446000000 +0800
@@ -851,7 +851,7 @@
test_path = g_strdup_printf ("/param/implement/subprocess/%d-%d-%d-%d",
data.change_this_flag, data.change_this_type,
data.use_this_flag, data.use_this_type);
- test_data = g_memdup (&data, sizeof (TestParamImplementData));
+ test_data = g_memdup2 (&data, sizeof (TestParamImplementData));
g_test_add_data_func_full (test_path, test_data, test_param_implement_child, g_free);
g_free (test_path);
}
diff -Naur a/gio/gwin32appinfo.c b/gio/gwin32appinfo.c
index 9f335b3..2a0fe38 100644
--- a/gio/gwin32appinfo.c
+++ b/gio/gwin32appinfo.c
@@ -472,7 +472,7 @@ g_wcsdup (const gunichar2 *str, gssize str_size)
str_size = wcslen (str) + 1;
str_size *= sizeof (gunichar2);
}
- return g_memdup (str, str_size);
+ return g_memdup2 (str, str_size);
}
#define URL_ASSOCIATIONS L"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\"

68
backport-Correct-memory-leaks-of-error-in-completion-case.patch Normal file
View File

@ -0,0 +1,68 @@
From 1c7c849d34ee89a030fe0d85e326311741a0f3d1 Mon Sep 17 00:00:00 2001
From: Frederic Martinsons <frederic.martinsons@sigfox.com>
Date: Tue, 26 Jan 2021 15:43:46 +0100
Subject: [PATCH] Correct memory leaks of error in completion case.
Signed-off-by: Frederic Martinsons <frederic.martinsons@sigfox.com>
Conflict:NA
Reference:https://github.com/GNOME/glib/commit/1c7c849d34ee89a030fe0d85e326311741a0f3d1
---
gio/gdbus-tool.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/gio/gdbus-tool.c b/gio/gdbus-tool.c
index 5cb80b45f7..06f61cfac6 100644
--- a/gio/gdbus-tool.c
+++ b/gio/gdbus-tool.c
@@ -681,8 +681,8 @@ handle_emit (gint *argc,
else
{
g_printerr (_("Error connecting: %s\n"), error->message);
- g_error_free (error);
}
+ g_error_free (error);
goto out;
}
@@ -995,8 +995,8 @@ handle_call (gint *argc,
else
{
g_printerr (_("Error connecting: %s\n"), error->message);
- g_error_free (error);
}
+ g_error_free (error);
goto out;
}
@@ -1825,8 +1825,8 @@ handle_introspect (gint *argc,
else
{
g_printerr (_("Error connecting: %s\n"), error->message);
- g_error_free (error);
}
+ g_error_free (error);
goto out;
}
@@ -2057,8 +2057,8 @@ handle_monitor (gint *argc,
else
{
g_printerr (_("Error connecting: %s\n"), error->message);
- g_error_free (error);
}
+ g_error_free (error);
goto out;
}
@@ -2277,8 +2277,8 @@ handle_wait (gint *argc,
else
{
g_printerr (_("Error connecting: %s\n"), error->message);
- g_error_free (error);
}
+ g_error_free (error);
goto out;
}

81
backport-Fix-giomodule-cache-being-wrongly-considered-stale.patch
View File

@ -1,81 +0,0 @@
From 497c511a984d8c71b3ea48e4f5cfc2537b907021 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9o=20Stefanesco?= <leo.lveb@gmail.com>
Date: Fri, 3 Jul 2020 15:16:33 +0200
Subject: [PATCH 0698/1095] Fix giomodule.cache being wrongly considered stale
In ostree based systems, such as flatpak and fedora silverblue, the
time of modification of every system file is epoch 0, including
giomodule.cache, which means that every module is loaded and unloaded
every time.
The solution is to use the change time of the file as well. In a typical
system, it is equal to the mtime, and in an ostree based system, since
the directory is mounted as read-only, the user cannot add a module and
we must assume that the cache file corresponds to the modules.
reason:Fix giomodule.cache being wrongly considered stale
Conflict:NA
Reference:https://github.com/GNOME/glib/commit/497c511a984d8c71b3ea48e4f5cfc2537b907021
---
gio/giomodule.c | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
diff --git a/gio/giomodule.c b/gio/giomodule.c
index f49ea3e..d8d64be 100644
--- a/gio/giomodule.c
+++ b/gio/giomodule.c
@@ -462,7 +462,7 @@ g_io_modules_scan_all_in_directory_with_scope (const char *dirname,
GDir *dir;
GStatBuf statbuf;
char *data;
- time_t cache_mtime;
+ time_t cache_time;
GHashTable *cache;
if (!g_module_supported ())
@@ -477,21 +477,24 @@ g_io_modules_scan_all_in_directory_with_scope (const char *dirname,
cache = g_hash_table_new_full (g_str_hash, g_str_equal,
g_free, (GDestroyNotify)g_strfreev);
- cache_mtime = 0;
+ cache_time = 0;
if (g_stat (filename, &statbuf) == 0 &&
g_file_get_contents (filename, &data, NULL, NULL))
{
char **lines;
int i;
- /* Cache mtime is the time the cache file was created, any file
- * that has a ctime before this was created then and not modified
- * since then (userspace can't change ctime). Its possible to change
- * the ctime forward without changing the file content, by e.g.
- * chmoding the file, but this is uncommon and will only cause us
- * to not use the cache so will not cause bugs.
+ /* cache_time is the time the cache file was created; we also take
+ * into account the change time because in ostree based systems, all
+ * system file have mtime equal to epoch 0.
+ *
+ * Any file that has a ctime before this was created then and not modified
+ * since then (userspace can't change ctime). Its possible to change the
+ * ctime forward without changing the file content, by e.g. chmoding the
+ * file, but this is uncommon and will only cause us to not use the cache
+ * so will not cause bugs.
*/
- cache_mtime = statbuf.st_mtime;
+ cache_time = MAX(statbuf.st_mtime, statbuf.st_ctime);
lines = g_strsplit (data, "\n", -1);
g_free (data);
@@ -539,7 +542,7 @@ g_io_modules_scan_all_in_directory_with_scope (const char *dirname,
extension_points = g_hash_table_lookup (cache, name);
if (extension_points != NULL &&
g_stat (path, &statbuf) == 0 &&
- statbuf.st_ctime <= cache_mtime)
+ statbuf.st_ctime <= cache_time)
{
/* Lazy load/init the library when first required */
for (i = 0; extension_points[i] != NULL; i++)
--
1.8.3.1

49
backport-Fix-the-6-days-until-the-end-of-the-month-bug.patch
View File

@ -1,49 +0,0 @@
From da00779093f8c69b77b578795e8bec8e27f107d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=A0=D1=83=D1=81=D0=BB=D0=B0=D0=BD=20=D0=98=D0=B6=D0=B1?=
=?UTF-8?q?=D1=83=D0=BB=D0=B0=D1=82=D0=BE=D0=B2?= <lrn1986@gmail.com>
Date: Mon, 5 Oct 2020 16:53:47 +0000
Subject: [PATCH 1022/1095] Fix the 6-days-until-the-end-of-the-month bug
The addition causes the date to shift
forward into 1st of the next month, because a 0-based offset
is compared to be "more than" the days in the month instead of "more than
or equal to".
This is triggered by corner-cases where transition date is 6 days
off the end of the month and our calculations put it at N+1th day of the
month (where N is the number of days in the month). The subtraction should
be triggered to move the date back a week, putting it 6 days off the end;
for example, October 25 for CET DST transition; but due to incorrect comparison
the date isn't shifted back, we add 31 days to October 1st and end up
at November 1st).
Fixes issue #2215.
reason:Fix the 6-days-until-the-end-of-the-month bug
Conflict:NA
Reference:https://github.com/GNOME/glib/commit/da00779093f8c69b77b578795e8bec8e27f107d0
---
glib/gtimezone.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/glib/gtimezone.c b/glib/gtimezone.c
index ef67ec5..0de5c92 100644
--- a/glib/gtimezone.c
+++ b/glib/gtimezone.c
@@ -1041,7 +1041,11 @@ find_relative_date (TimeZoneDate *buffer)
/* week is 1 <= w <= 5, we need 0-based */
days = 7 * (buffer->week - 1) + wday - first_wday;
- while (days > days_in_month)
+ /* "days" is a 0-based offset from the 1st of the month.
+ * Adding days == days_in_month would bring us into the next month,
+ * hence the ">=" instead of just ">".
+ */
+ while (days >= days_in_month)
days -= 7;
g_date_add_days (&date, days);
--
1.8.3.1

24
backport-gapplication-Fix-a-memory-leak.patch Normal file
View File

@ -0,0 +1,24 @@
From a1203b3d3bbdf3f851ffa5a903cf4fb9644e5943 Mon Sep 17 00:00:00 2001
From: Mohammed Sadiq <sadiq@sadiqpk.org>
Date: Thu, 4 Feb 2021 18:36:45 +0530
Subject: [PATCH] gapplication: Fix a memory leak
Conflict:NA
Reference:https://github.com/GNOME/glib/commit/a1203b3d3bbdf3f851ffa5a903cf4fb9644e5943
---
gio/gapplication.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/gio/gapplication.c b/gio/gapplication.c
index 1c560e5e8c..3720146af9 100644
--- a/gio/gapplication.c
+++ b/gio/gapplication.c
@@ -1091,6 +1091,7 @@ g_application_real_local_command_line (GApplication *application,
if (!options)
{
g_printerr ("%s\n", error->message);
+ g_error_free (error);
*exit_status = 1;
return TRUE;
}

48
backport-gbookmarkfile-Fix-a-minor-leak-on-an-error-path.patch
View File

@ -1,48 +0,0 @@
From 4332e3b160a1fef92f86b38be3b7286712925d67 Mon Sep 17 00:00:00 2001
From: Philip Withnall <withnall@endlessm.com>
Date: Tue, 5 Nov 2019 10:08:45 +0000
Subject: [PATCH 0115/1095] gbookmarkfile: Fix a minor leak on an error path
Signed-off-by: Philip Withnall <withnall@endlessm.com>
reason:Fix a minor leak on an error path
Conflict:NA
Reference:https://github.com/GNOME/glib/commit/4332e3b160a1fef92f86b38be3b7286712925d67
---
glib/gbookmarkfile.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/glib/gbookmarkfile.c b/glib/gbookmarkfile.c
index 25f1234..e22f794 100644
--- a/glib/gbookmarkfile.c
+++ b/glib/gbookmarkfile.c
@@ -775,13 +775,22 @@ parse_bookmark_element (GMarkupParseContext *context,
item = bookmark_item_new (uri);
if (added != NULL && !timestamp_from_iso8601 (added, &item->added, error))
- return;
+ {
+ bookmark_item_free (item);
+ return;
+ }
if (modified != NULL && !timestamp_from_iso8601 (modified, &item->modified, error))
- return;
+ {
+ bookmark_item_free (item);
+ return;
+ }
if (visited != NULL && !timestamp_from_iso8601 (visited, &item->visited, error))
- return;
+ {
+ bookmark_item_free (item);
+ return;
+ }
add_error = NULL;
g_bookmark_file_add_item (parse_data->bookmark_file,
--
1.8.3.1

27
backport-gdbusauth-fix-error-leak.patch Normal file
View File

@ -0,0 +1,27 @@
From 2b29495bcb59ba00bec808c509112dae6e019fd7 Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@gnome.org>
Date: Wed, 31 Mar 2021 14:12:39 -0500
Subject: [PATCH] gdbusauth: fix error leak
local_error is leaked in the G_IO_ERROR_NOT_SUPPORTED case. Found by
Coverity.
Conflict:NA
Reference:https://github.com/GNOME/glib/commit/2b29495bcb59ba00bec808c509112dae6e019fd7
---
gio/gdbusauth.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/gio/gdbusauth.c b/gio/gdbusauth.c
index c430f0cf03..534dca2d19 100644
--- a/gio/gdbusauth.c
+++ b/gio/gdbusauth.c
@@ -1007,6 +1007,7 @@ _g_dbus_auth_run_server (GDBusAuth *auth,
g_propagate_error (error, local_error);
goto out;
}
+ g_clear_error (&local_error);
}
else
{

43
backport-gdbusobjectmanagerservice-fix-leak-in-error-path.patch Normal file
View File

@ -0,0 +1,43 @@
From 719484a5754cca036d123ae4c2ae3d150bacef32 Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@gnome.org>
Date: Wed, 31 Mar 2021 14:23:13 -0500
Subject: [PATCH] gdbusobjectmanagerservice: fix leak in error path
If the third g_return_val_if_fail() is hit, then we leak
orig_object_path. There is no reason we need to strdup it here.
Found by Coverity.
Conflict:NA
Reference:https://github.com/GNOME/glib/commit/719484a5754cca036d123ae4c2ae3d150bacef32
---
gio/gdbusobjectmanagerserver.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/gio/gdbusobjectmanagerserver.c b/gio/gdbusobjectmanagerserver.c
index 39f4ed5006..0a0cea84ab 100644
--- a/gio/gdbusobjectmanagerserver.c
+++ b/gio/gdbusobjectmanagerserver.c
@@ -565,12 +565,12 @@ void
g_dbus_object_manager_server_export_uniquely (GDBusObjectManagerServer *manager,
GDBusObjectSkeleton *object)
{
- gchar *orig_object_path;
+ const gchar *orig_object_path;
gchar *object_path;
guint count;
gboolean modified;
- orig_object_path = g_strdup (g_dbus_object_get_object_path (G_DBUS_OBJECT (object)));
+ orig_object_path = g_dbus_object_get_object_path (G_DBUS_OBJECT (object));
g_return_if_fail (G_IS_DBUS_OBJECT_MANAGER_SERVER (manager));
g_return_if_fail (G_IS_DBUS_OBJECT (object));
@@ -602,7 +602,6 @@ g_dbus_object_manager_server_export_uniquely (GDBusObjectManagerServer *manager,
g_dbus_object_skeleton_set_object_path (G_DBUS_OBJECT_SKELETON (object), object_path);
g_free (object_path);
- g_free (orig_object_path);
}

29
backport-gfileenumerator-fix-leak-in-error-path.patch Normal file
View File

@ -0,0 +1,29 @@
From 8bfc2998135ee9c4460520febb3af720c61438a5 Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@gnome.org>
Date: Thu, 1 Apr 2021 14:13:19 -0500
Subject: [PATCH] gfileenumerator: fix leak in error path
Found by Coverity.
Conflict:NA
Reference:https://github.com/GNOME/glib/commit/8bfc2998135ee9c4460520febb3af720c61438a5
---
gio/gfileenumerator.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/gio/gfileenumerator.c b/gio/gfileenumerator.c
index ac2e4eb980..1f9bc24ebe 100644
--- a/gio/gfileenumerator.c
+++ b/gio/gfileenumerator.c
@@ -787,7 +787,10 @@ next_files_thread (GTask *task,
}
if (error)
- g_task_return_error (task, error);
+ {
+ g_list_free_full (files, g_object_unref);
+ g_task_return_error (task, error);
+ }
else
g_task_return_pointer (task, files, (GDestroyNotify)next_async_op_free);
}

48
backport-gfileutils-Correct-operator-precedence-to-avoid-undefined-pointer-maths.patch
View File

@ -1,48 +0,0 @@
From e86dd776552224dfc06818b45257066d4ed5bb25 Mon Sep 17 00:00:00 2001
From: Philip Withnall <withnall@endlessm.com>
Date: Wed, 10 Jun 2020 13:26:14 +0100
Subject: [PATCH 0631/1095] gfileutils: Correct operator precedence to avoid
undefined pointer maths
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
`base` can be `-1` in some situations, which would lead to pointing
outside an allocation area if the sums were evaluated as `(file_name +
base) + 1` rather than `file_name + (base + 1)`.
I dont see how this can practically cause an issue, as the arithmetic
is all finished before anythings dereferenced, but lets keep to the
letter of the C standard to avoid this coming up in code audits in
future.
Fix suggested by fablhx.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #2077
reason: Correct operator precedence to avoid undefined pointer maths
Conflict:NA
Reference:https://github.com/GNOME/glib/commit/e86dd776552224dfc06818b45257066d4ed5bb25
---
glib/gfileutils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/glib/gfileutils.c b/glib/gfileutils.c
index f0799e2..ede22b8 100644
--- a/glib/gfileutils.c
+++ b/glib/gfileutils.c
@@ -2397,7 +2397,7 @@ g_path_get_basename (const gchar *file_name)
len = last_nonslash - base;
retval = g_malloc (len + 1);
- memcpy (retval, file_name + base + 1, len);
+ memcpy (retval, file_name + (base + 1), len);
retval [len] = '\0';
return retval;
--
1.8.3.1

90
backport-glib-ensure-consistent-abort-on-OOM-with-g-vasprintf-its-callers.patch
View File

@ -1,90 +0,0 @@
From 14035010dd760d2202d03eba3ca392a488ff04eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Fri, 4 Oct 2019 13:52:39 +0100
Subject: [PATCH] glib: ensure consistent abort-on-OOM with g_vasprintf & its
callers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The g_vasprintf method is called by g_strdup_vprintf, g_strdup_printf,
g_string_append_vprintf and more. It has three different implementations
depending on what the build target platform supports:
1. The gnulib impl appears to use the system malloc, but a
'#define malloc g_malloc' causes it to use GLib's wrapper
and thus abort on OOM. This mostly gets used on Windows
platforms or UNIX platforms with broken printf formatting.
2. The main impl mostly used on modern Linux/UNIX calls the
system vasprintf which uses the system malloc and does not
abort on OOM.
3. The final impl used on remaining platforms calls system
vsprintf on a buffer allocated by g_new, and thus always
aborts on OOM.
Of note is that impl 2 (using vasprintf) historically could abort on
OOM, if the application had installed a non-system malloc impl with
GLib. This was because the code would g_strndup the result from
vasprintf() in that scenario. This was removed in:
commit a3660532535f92cfac136435579ed4f23231f48c
Author: Dan Winship <danw@gnome.org>
Date: Fri Aug 7 09:46:49 2015 -0400
glib: remove deprecated g_mem_is_system_malloc() check in gprintf.c
Having inconsistent OOM behaviour for the three impls is undesirable and
aborting on OOM is normal pratice for GLib APIs. Thus we must thus ensure
this happens in all impls of g_vasprintf.
Fixes #1622
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
reason:ensure consistent abort-on-OOM with g_vasprintf & its callers
Conflict:NA
Reference:https://github.com/GNOME/glib/commit/14035010dd760d2202d03eba3ca392a488ff04eb
---
glib/gprintf.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/glib/gprintf.c b/glib/gprintf.c
index fc0a02a..d4d0b3e 100644
--- a/glib/gprintf.c
+++ b/glib/gprintf.c
@@ -20,6 +20,7 @@
#include <stdarg.h>
#include <stdlib.h>
#include <stdio.h>
+#include <errno.h>
#include "gprintf.h"
#include "gprintfint.h"
@@ -327,9 +328,18 @@ g_vasprintf (gchar **string,
#elif defined (HAVE_VASPRINTF)
- len = vasprintf (string, format, args);
- if (len < 0)
- *string = NULL;
+ {
+ int saved_errno;
+ len = vasprintf (string, format, args);
+ saved_errno = errno;
+ if (len < 0)
+ {
+ if (saved_errno == ENOMEM)
+ g_error ("%s: failed to allocate memory", G_STRLOC);
+ else
+ *string = NULL;
+ }
+ }
#else
--
1.8.3.1

34
backport-glib-supp-Suppress-calloc-variant-of-g-get-charset.patch
View File

@ -1,34 +0,0 @@
From 02f0d4fc6a863d57f0a669428ef44ee867918a23 Mon Sep 17 00:00:00 2001
From: Philip Withnall <withnall@endlessm.com>
Date: Thu, 25 Jun 2020 10:00:58 +0100
Subject: [PATCH] glib.supp: Suppress calloc() variant of g_get_charset()
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Fixes: #2136
reason:Suppress calloc() variant of g_get_charset()
Conflict:NA
Reference:https://github.com/GNOME/glib/commit/02f0d4fc6a863d57f0a669428ef44ee867918a23
---
glib.supp | 9 +++++++++
1 file changed, 9 insertions(+)
diff -Naur a/glib.supp b/glib.supp
--- a/glib.supp 2020-12-14 14:14:06.868000000 +0800
+++ b/glib.supp 2020-12-14 15:46:11.033000000 +0800
@@ -946,3 +946,13 @@
...
fun:g_file_*
}
+
+# Cached charset
+{
+ g_get_charset_calloc
+ Memcheck:Leak
+ match-leak-kinds:reachable
+ fun:calloc
+ ...
+ fun:g_get_charset
+}

40
backport-glocalfileinfo-Correct-an-off-by-one-error-when-unescaping-hex.patch
View File

@ -1,40 +0,0 @@
From 63b329fb818358eaf6688f4f78779ef3ee6cfb99 Mon Sep 17 00:00:00 2001
From: Sergio Gelato <sergio.gelato@astro.su.se>
Date: Wed, 8 Jul 2020 12:45:43 +0100
Subject: [PATCH 0715/1095] glocalfileinfo: Correct an off-by-one error when
unescaping hex
Correct an off-by-one error in hex_unescape_string()'s computation of
the output string length.
(Turned into a git-format patch by Philip Withnall. Original patch
submitted on the Debian bug tracker, bug#962912.)
reason:Correct an off-by-one error when unescaping hex
Conflict:NA
Reference:https://github.com/GNOME/glib/commit/63b329fb818358eaf6688f4f78779ef3ee6cfb99
---
gio/glocalfileinfo.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gio/glocalfileinfo.c b/gio/glocalfileinfo.c
index 6cac187..4ca1ce6 100644
--- a/gio/glocalfileinfo.c
+++ b/gio/glocalfileinfo.c
@@ -394,10 +394,10 @@ hex_unescape_string (const char *str,
else
*p++ = str[i];
}
- *p++ = 0;
-
if (out_len)
*out_len = p - unescaped_str;
+ *p++ = 0;
+
*free_return = TRUE;
return unescaped_str;
}
--
1.8.3.1

37
backport-glocalfileinfo-Fix-minor-leak-on-error-handling-path-for-xattrs.patch
View File

@ -1,37 +0,0 @@
From 15818926b360b99d7897e519d7414470870b2e58 Mon Sep 17 00:00:00 2001
From: Philip Withnall <withnall@endlessm.com>
Date: Wed, 30 Oct 2019 15:35:15 +0000
Subject: [PATCH 0099/1095] glocalfileinfo: Fix minor leak on error handling
path for xattrs
Spotted by `scan-build`.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
reason: Fix minor leak on error handling path for xattrs
Conflict:NA
Reference:https://github.com/GNOME/glib/commit/15818926b360b99d7897e519d7414470870b2e58
---
gio/glocalfileinfo.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/gio/glocalfileinfo.c b/gio/glocalfileinfo.c
index dcc9bce..5ba7691 100644
--- a/gio/glocalfileinfo.c
+++ b/gio/glocalfileinfo.c
@@ -504,7 +504,10 @@ get_xattrs (const char *path,
}
if (list_res_size == -1)
- return;
+ {
+ g_free (list);
+ return;
+ }
attr = list;
while (list_res_size > 0)
--
1.8.3.1

49
backport-gparamspecs-Fix-type-class-leaks-on-error-handling-paths.patch
View File

@ -1,49 +0,0 @@
From 1a3bba4670e79f9e78fae512ace9191226715e35 Mon Sep 17 00:00:00 2001
From: Philip Withnall <withnall@endlessm.com>
Date: Mon, 28 Oct 2019 14:57:33 +0000
Subject: [PATCH 0078/1095] gparamspecs: Fix type class leaks on error handling
paths
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Helps: #1911
reason: Fix type class leaks on error handling paths
Conflict:NA
Reference:https://github.com/GNOME/glib/commit/1a3bba4670e79f9e78fae512ace9191226715e35
---
gobject/gparamspecs.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/gobject/gparamspecs.c b/gobject/gparamspecs.c
index 5d15c26..490c7c2 100644
--- a/gobject/gparamspecs.c
+++ b/gobject/gparamspecs.c
@@ -2092,7 +2092,10 @@ g_param_spec_enum (const gchar *name,
blurb,
flags);
if (espec == NULL)
- return NULL;
+ {
+ g_type_class_unref (enum_class);
+ return NULL;
+ }
espec->enum_class = enum_class;
espec->default_value = default_value;
@@ -2140,7 +2143,10 @@ g_param_spec_flags (const gchar *name,
blurb,
flags);
if (fspec == NULL)
- return NULL;
+ {
+ g_type_class_unref (flags_class);
+ return NULL;
+ }
fspec->flags_class = flags_class;
fspec->default_value = default_value;
--
1.8.3.1

28
backport-gsettings-Fix-a-minor-memory-leak-when-getting-GSettingsAction-state.patch Normal file
View File

@ -0,0 +1,28 @@
From 1cde07b9789ff3b58be4af4596065d4f6fc365f0 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Tue, 15 Dec 2020 10:54:41 +0000
Subject: [PATCH] gsettings: Fix a minor memory leak when getting
GSettingsAction:state
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Conflict:NA
Reference:https://github.com/GNOME/glib/commit/1cde07b9789ff3b58be4af4596065d4f6fc365f0
---
gio/gsettings.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gio/gsettings.c b/gio/gsettings.c
index 4332ebe444..9a04a86309 100644
--- a/gio/gsettings.c
+++ b/gio/gsettings.c
@@ -3296,7 +3296,7 @@ g_settings_action_get_property (GObject *object, guint prop_id,
break;
case ACTION_PROP_STATE:
- g_value_set_variant (value, g_settings_action_get_state (action));
+ g_value_take_variant (value, g_settings_action_get_state (action));
break;
default:

39
backport-gsignal-Plug-g-signal-connect-object-leak.patch
View File

@ -1,39 +0,0 @@
From d691c2ebd269e394457d6367db14cf2cc22bc281 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Tue, 13 Oct 2020 09:24:02 -0400
Subject: [PATCH 0999/1095] gsignal: Plug g_signal_connect_object leak
commit 916297be799ee001b4a214cc52c3b960bb0b5deb added a hash table
to provide constant time lookups of signal handlers.
Unfortunately, that commit neglected to remove handlers from
g_signal_connect_object calls from the hash table that are
disconnected implicitly when the associated object goes away.
This commit addresses that bug by changing the closure invalidate
handler associated with the signal connection to properly remove the
handler from the hash table.
reason:Plug g_signal_connect_object leak
Conflict:NA
Reference:https://github.com/GNOME/glib/commit/d691c2ebd269e394457d6367db14cf2cc22bc281
---
gobject/gsignal.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/gobject/gsignal.c b/gobject/gsignal.c
index ebf5b3c..41599eb 100644
--- a/gobject/gsignal.c
+++ b/gobject/gsignal.c
@@ -3916,6 +3916,7 @@ invalid_closure_notify (gpointer instance,
g_assert (handler != NULL);
g_assert (handler->closure == closure);
+ g_hash_table_remove (g_handlers, handler);
handler->sequential_number = 0;
handler->block_count = 1;
handler_unref_R (signal_id, instance, handler);
--
1.8.3.1

35
backport-gtestutils-Fix-a-minor-memory-leak.patch
View File

@ -1,35 +0,0 @@
From b639687b60fb0bd1e2addfa960c3532bf3ebf2a3 Mon Sep 17 00:00:00 2001
From: Philip Withnall <withnall@endlessm.com>
Date: Tue, 18 Aug 2020 09:33:06 +0100
Subject: [PATCH 0861/1095] gtestutils: Fix a minor memory leak
Coverity CID: #1430603
Signed-off-by: Philip Withnall <withnall@endlessm.com>
reason:gtestutils: Fix a minor memory leak
Conflict:NA
Reference:https://github.com/GNOME/glib/commit/b639687b60fb0bd1e2addfa960c3532bf3ebf2a3
---
glib/gtestutils.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/glib/gtestutils.c b/glib/gtestutils.c
index 8ca995c..3b03e98 100644
--- a/glib/gtestutils.c
+++ b/glib/gtestutils.c
@@ -1530,7 +1530,10 @@ void
test_prgname = g_path_get_basename (g_get_prgname ());
if (*test_prgname == '\0')
- test_prgname = g_strdup ("unknown");
+ {
+ g_free (test_prgname);
+ test_prgname = g_strdup ("unknown");
+ }
tmpl = g_strdup_printf ("test_%s_XXXXXX", test_prgname);
g_free (test_prgname);
--
1.8.3.1

67
backport-gthread-Destroy-value-after-replacing-it.patch
View File

@ -1,67 +0,0 @@
From 8c76bec77985be7f4c81a052ec649232341369f6 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 30 Sep 2020 16:16:11 +0100
Subject: [PATCH] gthread: Destroy value after replacing it in
g_private_replace()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If the old value is destroyed before updating the TLS value in pthreads
(or the Windows equivalent) then theres a risk of infinite recursion if
`g_private_replace()` is called from within the `GDestroyNotify`.
Avoid that by destroying the old value after doing the TLS update.
Thanks to Matthias Clasen for diagnosing the issue.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Fixes: #2210
reason:gtestutils: Destroy value after replacing it in g_private_replace()
Conflict:NA
Reference:https://github.com/GNOME/glib/commit/8c76bec77985be7f4c81a052ec649232341369f6
---
glib/gthread-posix.c | 5 +++--
glib/gthread-win32.c | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/glib/gthread-posix.c b/glib/gthread-posix.c
index f360559..f09f58a 100644
--- a/glib/gthread-posix.c
+++ b/glib/gthread-posix.c
@@ -1116,11 +1116,12 @@ g_private_replace (GPrivate *key,
gint status;
old = pthread_getspecific (*impl);
- if (old && key->notify)
- key->notify (old);
if G_UNLIKELY ((status = pthread_setspecific (*impl, value)) != 0)
g_thread_abort (status, "pthread_setspecific");
+
+ if (old && key->notify)
+ key->notify (old);
}
/* {{{1 GThread */
diff --git a/glib/gthread-win32.c b/glib/gthread-win32.c
index 54f74f2..0c37dc6 100644
--- a/glib/gthread-win32.c
+++ b/glib/gthread-win32.c
@@ -373,9 +373,9 @@ g_private_replace (GPrivate *key,
gpointer old;
old = TlsGetValue (impl);
+ TlsSetValue (impl, value);
if (old && key->notify)
key->notify (old);
- TlsSetValue (impl, value);
}
/* {{{1 GThread */
--
1.8.3.1

175
backport-gtimezone-support-footers-in-TZif-files.patch
View File

@ -1,175 +0,0 @@
From 25d950b61f92f25cc9ab20d683aa4d6969f93098 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Thu, 16 Jul 2020 12:41:49 -0700
Subject: [PATCH 0734/1095] gtimezone: support footers in TZif files
Since tzcode95f (1995), TZif files have had a trailing
TZ string, used for timestamps after the last transition.
This string is specified in Internet RFC 8536 section 3.3.
init_zone_from_iana_info has ignored this string, causing it
to mishandle timestamps past the year 2038. With zic's new -b
slim flag, init_zone_from_iana_info would even mishandle current
timestamps. Fix this by parsing the trailing TZ string and adding
its transitions.
Closes #2129
reason:support footers in TZif files
Conflict:NA
Reference:https://github.com/GNOME/glib/commit/25d950b61f92f25cc9ab20d683aa4d6969f93098
---
glib/gtimezone.c | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 93 insertions(+), 3 deletions(-)
diff --git a/glib/gtimezone.c b/glib/gtimezone.c
index 80f3882..fcf1057 100644
--- a/glib/gtimezone.c
+++ b/glib/gtimezone.c
@@ -203,6 +203,10 @@ static GTimeZone *tz_local = NULL;
there's no point in getting carried
away. */
+#ifdef G_OS_UNIX
+static GTimeZone *parse_footertz (const gchar *, size_t);
+#endif
+
/**
* g_time_zone_unref:
* @tz: a #GTimeZone
@@ -555,7 +559,12 @@ init_zone_from_iana_info (GTimeZone *gtz,
guint8 *tz_transitions, *tz_type_index, *tz_ttinfo;
guint8 *tz_abbrs;
gsize timesize = sizeof (gint32);
- const struct tzhead *header = g_bytes_get_data (zoneinfo, &size);
+ gconstpointer header_data = g_bytes_get_data (zoneinfo, &size);
+ const gchar *data = header_data;
+ const struct tzhead *header = header_data;
+ GTimeZone *footertz = NULL;
+ guint extra_time_count = 0, extra_type_count = 0;
+ gint64 last_explicit_transition_time;
g_return_if_fail (size >= sizeof (struct tzhead) &&
memcmp (header, "TZif", 4) == 0);
@@ -576,6 +585,30 @@ init_zone_from_iana_info (GTimeZone *gtz,
time_count = guint32_from_be(header->tzh_timecnt);
type_count = guint32_from_be(header->tzh_typecnt);
+ if (header->tzh_version >= '2')
+ {
+ const gchar *footer = (((const gchar *) (header + 1))
+ + guint32_from_be(header->tzh_ttisgmtcnt)
+ + guint32_from_be(header->tzh_ttisstdcnt)
+ + 12 * guint32_from_be(header->tzh_leapcnt)
+ + 9 * time_count
+ + 6 * type_count
+ + guint32_from_be(header->tzh_charcnt));
+ const gchar *footerlast;
+ size_t footerlen;
+ g_return_if_fail (footer <= data + size - 2 && footer[0] == '\n');
+ footerlast = memchr (footer + 1, '\n', data + size - (footer + 1));
+ g_return_if_fail (footerlast);
+ footerlen = footerlast + 1 - footer;
+ if (footerlen != 2)
+ {
+ footertz = parse_footertz (footer, footerlen);
+ g_return_if_fail (footertz);
+ extra_type_count = footertz->t_info->len;
+ extra_time_count = footertz->transitions->len;
+ }
+ }
+
tz_transitions = ((guint8 *) (header) + sizeof (*header));
tz_type_index = tz_transitions + timesize * time_count;
tz_ttinfo = tz_type_index + time_count;
@@ -583,9 +616,9 @@ init_zone_from_iana_info (GTimeZone *gtz,
gtz->name = g_steal_pointer (&identifier);
gtz->t_info = g_array_sized_new (FALSE, TRUE, sizeof (TransitionInfo),
- type_count);
+ type_count + extra_type_count);
gtz->transitions = g_array_sized_new (FALSE, TRUE, sizeof (Transition),
- time_count);
+ time_count + extra_time_count);
for (index = 0; index < type_count; index++)
{
@@ -604,11 +637,46 @@ init_zone_from_iana_info (GTimeZone *gtz,
trans.time = gint64_from_be (((gint64_be*)tz_transitions)[index]);
else
trans.time = gint32_from_be (((gint32_be*)tz_transitions)[index]);
+ last_explicit_transition_time = trans.time;
trans.info_index = tz_type_index[index];
g_assert (trans.info_index >= 0);
g_assert ((guint) trans.info_index < gtz->t_info->len);
g_array_append_val (gtz->transitions, trans);
}
+
+ if (footertz)
+ {
+ /* Append footer time types. Don't bother to coalesce
+ duplicates with existing time types. */
+ for (index = 0; index < extra_type_count; index++)
+ {
+ TransitionInfo t_info;
+ TransitionInfo *footer_t_info
+ = &g_array_index (footertz->t_info, TransitionInfo, index);
+ t_info.gmt_offset = footer_t_info->gmt_offset;
+ t_info.is_dst = footer_t_info->is_dst;
+ t_info.abbrev = g_steal_pointer (&footer_t_info->abbrev);
+ g_array_append_val (gtz->t_info, t_info);
+ }
+
+ /* Append footer transitions that follow the last explicit
+ transition. */
+ for (index = 0; index < extra_time_count; index++)
+ {
+ Transition *footer_transition
+ = &g_array_index (footertz->transitions, Transition, index);
+ if (time_count <= 0
+ || last_explicit_transition_time < footer_transition->time)
+ {
+ Transition trans;
+ trans.time = footer_transition->time;
+ trans.info_index = type_count + footer_transition->info_index;
+ g_array_append_val (gtz->transitions, trans);
+ }
+ }
+
+ g_time_zone_unref (footertz);
+ }
}
#elif defined (G_OS_WIN32)
@@ -1504,6 +1572,28 @@ rules_from_identifier (const gchar *identifier,
return create_ruleset_from_rule (rules, &tzr);
}
+#ifdef G_OS_UNIX
+static GTimeZone *
+parse_footertz (const gchar *footer, size_t footerlen)
+{
+ gchar *tzstring = g_strndup (footer + 1, footerlen - 2);
+ GTimeZone *footertz = NULL;
+ gchar *ident;
+ TimeZoneRule *rules;
+ guint rules_num = rules_from_identifier (tzstring, &ident, &rules);
+ g_free (ident);
+ g_free (tzstring);
+ if (rules_num > 1)
+ {
+ footertz = g_slice_new0 (GTimeZone);
+ init_zone_from_rules (footertz, rules, rules_num, NULL);
+ footertz->ref_count++;
+ }
+ g_free (rules);
+ return footertz;
+}
+#endif
+
/* Construction {{{1 */
/**
* g_time_zone_new:
--
1.8.3.1

41
backport-gvdb-builder-Initialise-some-memory-to-zero-in-the-bloom-filter.patch
View File

@ -1,41 +0,0 @@
From ea64c739239faea463f3cb9154a12cc4532ba525 Mon Sep 17 00:00:00 2001
From: Philip Withnall <withnall@endlessm.com>
Date: Wed, 18 Mar 2020 09:15:59 +0000
Subject: [PATCH 0506/1095] gvdb-builder: Initialise some memory to zero in the
bloom filter
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Until a bloom filter is implemented, we need to ensure that all the
memory returned by `file_builder_allocate()` is initialised, since its
not initialised at allocation time.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Fixes: #2
reason:Initialise some memory to zero in the bloom filter
Conflict:NA
Reference:https://github.com/GNOME/glib/commit/ea64c739239faea463f3cb9154a12cc4532ba525
---
gio/gvdb/gvdb-builder.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/gio/gvdb/gvdb-builder.c b/gio/gvdb/gvdb-builder.c
index 2383e60..aa29d22 100644
--- a/gio/gvdb/gvdb-builder.c
+++ b/gio/gvdb/gvdb-builder.c
@@ -339,6 +339,8 @@ file_builder_allocate_for_hash (FileBuilder *fb,
#undef chunk
memset (*bloom_filter, 0, n_bloom_words * sizeof (guint32_le));
+ memset (*hash_buckets, 0, n_buckets * sizeof (guint32_le));
+ memset (*hash_items, 0, n_items * sizeof (struct gvdb_hash_item));
/* NOTE - the code to actually fill in the bloom filter here is missing.
* Patches welcome!
--
2.23.0

61
backport-portal-Read-flatpak-info-in-thread-safe-fashion.patch
View File

@ -1,61 +0,0 @@
From 4b3183435bc14daca21bced6d51ac81493649c11 Mon Sep 17 00:00:00 2001
From: Will Thompson <wjt@endlessm.com>
Date: Mon, 13 Jul 2020 16:26:44 +0100
Subject: [PATCH 0722/1095] portal: Read /.flatpak-info in thread-safe fashion
There is no guarantee that this function would not be called
concurrently. Particularly since flatpak_info_read was set to TRUE
before /.flatpak-info is actually read from disk, there is a potential
race where a second thread would return default values for the various
flags set from that file.
Fixes #2159
reason:Read /.flatpak-info in thread-safe fashion
Conflict:NA
Reference:https://github.com/GNOME/glib/commit/4b3183435bc14daca21bced6d51ac81493649c11
---
gio/gportalsupport.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/gio/gportalsupport.c b/gio/gportalsupport.c
index b0a94b3..233f6af 100644
--- a/gio/gportalsupport.c
+++ b/gio/gportalsupport.c
@@ -20,7 +20,6 @@
#include "gportalsupport.h"
-static gboolean flatpak_info_read;
static gboolean use_portal;
static gboolean network_available;
static gboolean dconf_access;
@@ -28,13 +27,12 @@ static gboolean dconf_access;
static void
read_flatpak_info (void)
{
+ static gsize flatpak_info_read = 0;
const gchar *path = "/.flatpak-info";
- if (flatpak_info_read)
+ if (!g_once_init_enter (&flatpak_info_read))
return;
- flatpak_info_read = TRUE;
-
if (g_file_test (path, G_FILE_TEST_EXISTS))
{
GKeyFile *keyfile;
@@ -77,6 +75,8 @@ read_flatpak_info (void)
network_available = TRUE;
dconf_access = TRUE;
}
+
+ g_once_init_leave (&flatpak_info_read, 1);
}
gboolean
--
1.8.3.1

BIN
glib-2.62.5.tar.xz
View File

Binary file not shown.

BIN
glib-2.66.8.tar.xz Normal file
View File

Binary file not shown.

55
glib2.spec
View File

@ -1,40 +1,24 @@
Name: glib2
Version: 2.62.5
Release: 7
Version: 2.66.8
Release: 1
Summary: The core library that forms the basis for projects such as GTK+ and GNOME
License: LGPLv2+
URL: http://www.gtk.org
Source0: http://download.gnome.org/sources/glib/2.62/glib-%{version}.tar.xz
Source0: http://download.gnome.org/sources/glib/2.66/glib-%{version}.tar.xz
Patch9001: fix-accidentally-delete-temp-file-within-dtrace.patch
Patch6000: backport-CVE-2020-35457.patch
Patch6001: backport-glib-ensure-consistent-abort-on-OOM-with-g-vasprintf-its-callers.patch
Patch6002: backport-gparamspecs-Fix-type-class-leaks-on-error-handling-paths.patch
Patch6003: backport-glocalfileinfo-Fix-minor-leak-on-error-handling-path-for-xattrs.patch
Patch6004: backport-gbookmarkfile-Fix-a-minor-leak-on-an-error-path.patch
Patch6005: backport-gvdb-builder-Initialise-some-memory-to-zero-in-the-bloom-filter.patch
Patch6006: backport-gfileutils-Correct-operator-precedence-to-avoid-undefined-pointer-maths.patch
Patch6007: backport-glib-supp-Suppress-calloc-variant-of-g-get-charset.patch
Patch6008: backport-Fix-giomodule-cache-being-wrongly-considered-stale.patch
Patch6009: backport-glocalfileinfo-Correct-an-off-by-one-error-when-unescaping-hex.patch
Patch6010: backport-portal-Read-flatpak-info-in-thread-safe-fashion.patch
Patch6011: backport-gtimezone-support-footers-in-TZif-files.patch
Patch6012: backport-gtestutils-Fix-a-minor-memory-leak.patch
Patch6013: backport-gthread-Destroy-value-after-replacing-it.patch
Patch6014: backport-gsocketclient-set-IP-BIND-ADDRESS-NO-PORT-if-binding.patch
Patch6015: backport-gsocketclient-emit-RESOLVING-RESOLVED-events-only-once.patch
Patch6016: backport-gsocketclient-Crash-on-error-if-error-is-missing.patch
Patch6017: backport-gsocketclient-return-best-errors-possible.patch
Patch6018: backport-gsignal-Plug-g-signal-connect-object-leak.patch
Patch6019: backport-Fix-the-6-days-until-the-end-of-the-month-bug.patch
Patch6020: backport-gsocketclient-fix-crash-when-async-connectio-step-fails.patch
Patch6021: backport-CVE-2021-27218.patch
Patch6022: backport-CVE-2021-27219.patch
Patch6023: backport-0001-CVE-2021-28153.patch
Patch6024: backport-0002-CVE-2021-28153.patch
Patch6025: backport-0003-CVE-2021-28153.patch
Patch6026: backport-0004-CVE-2021-28153.patch
Patch6027: backport-0005-CVE-2021-28153.patch
Patch6001: backport-gsocketclient-set-IP-BIND-ADDRESS-NO-PORT-if-binding.patch
Patch6002: backport-gsocketclient-emit-RESOLVING-RESOLVED-events-only-once.patch
Patch6003: backport-gsocketclient-Crash-on-error-if-error-is-missing.patch
Patch6004: backport-gsocketclient-return-best-errors-possible.patch
Patch6005: backport-gsocketclient-fix-crash-when-async-connectio-step-fails.patch
Patch6006: backport-Correct-memory-leaks-of-error-in-completion-case.patch
Patch6007: backport-gapplication-Fix-a-memory-leak.patch
Patch6008: backport-gdbusauth-fix-error-leak.patch
Patch6009: backport-gdbusobjectmanagerservice-fix-leak-in-error-path.patch
Patch6010: backport-gfileenumerator-fix-leak-in-error-path.patch
Patch6011: backport-gsettings-Fix-a-minor-memory-leak-when-getting-GSettingsAction-state.patch
BuildRequires: chrpath gcc gcc-c++ gettext perl-interpreter
%ifnarch i686
@ -153,7 +137,6 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
%{_datadir}/bash-completion/completions/gsettings
%{_bindir}/gio
%{_bindir}/gio-launch-desktop
%{_bindir}/gio-querymodules*
%{_bindir}/glib-compile-schemas
%{_bindir}/gsettings
@ -205,6 +188,12 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
%endif
%changelog
* Sat Jun 5 2021 wangkerong <wangkerong@huawei.com> - 2.66.8-1
- Type:NA
- Id:NA
- SUG:NA
- DESC:Upgrade to 2.66.8
* Fri May 21 2021 hanhui<hanhui15@huawei.com> - 2.62.5-7
- add i686 optionsround community patches
@ -281,4 +270,4 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
- DESC:fix CVE-2019-12450 CVE-2019-13012
* Thu Sep 19 2019 Lijin Yang <yanglijin@huawei.com> - 2.58.1-2
- Package init
- Package init

4
glib2.yaml Normal file
View File

@ -0,0 +1,4 @@
version_control: github
src_repo: GNOME/glib
tag_prefix: "^"
seperator: "."