packages/glib2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!108 backport some patches from community

Browse Source 
From: @han_hui_hui 
Reviewed-by: @yanan-rock 
Signed-off-by: @yanan-rock
This commit is contained in:
openeuler-ci-bot 2022-10-18 08:54:04 +00:00 committed by Gitee
commit 76ffe0c841
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
22 changed files with 1959 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
backport-Add-lock-in-_g_get_unix_mount_points-around-fsent-functions.patch Normal file
View File

@ -0,0 +1,68 @@
From f43cf341511dd684a58c09e104e28c11987cbff1 Mon Sep 17 00:00:00 2001
From: Rozhuk Ivan <rozhuk.im@gmail.com>
Date: Sat, 25 Jun 2022 18:46:08 +0300
Subject: [PATCH] [PATCH] Add lock in _g_get_unix_mount_points() around
*fsent() functions
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/f43cf341511dd684a58c09e104e28c11987cbff1
---
gio/gunixmounts.c | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
diff --git a/gio/gunixmounts.c b/gio/gunixmounts.c
index 563bdba3b2..3005aa7af3 100644
--- a/gio/gunixmounts.c
+++ b/gio/gunixmounts.c
@@ -1410,17 +1410,13 @@ _g_get_unix_mount_points (void)
{
struct fstab *fstab = NULL;
GUnixMountPoint *mount_point;
- GList *return_list;
+ GList *return_list = NULL;
+ G_LOCK_DEFINE_STATIC (fsent);
#ifdef HAVE_SYS_SYSCTL_H
int usermnt = 0;
struct stat sb;
#endif
-
- if (!setfsent ())
- return NULL;
- return_list = NULL;
-
#ifdef HAVE_SYS_SYSCTL_H
#if defined(HAVE_SYSCTLBYNAME)
{
@@ -1448,7 +1444,14 @@ _g_get_unix_mount_points (void)
}
#endif
#endif
-
+
+ G_LOCK (fsent);
+ if (!setfsent ())
+ {
+ G_UNLOCK (fsent);
+ return NULL;
+ }
+
while ((fstab = getfsent ()) != NULL)
{
gboolean is_read_only = FALSE;
@@ -1482,9 +1485,10 @@ _g_get_unix_mount_points (void)
return_list = g_list_prepend (return_list, mount_point);
}
-
+
endfsent ();
-
+ G_UNLOCK (fsent);
+
return g_list_reverse (return_list);
}
/* Interix {{{2 */
--
GitLab

27
backport-Fix-memory-leak-in-gdbusauthmechanismsha1.patch Normal file
View File

@ -0,0 +1,27 @@
From 6ec432386ef98e26e5079b060ad823277e10f41f Mon Sep 17 00:00:00 2001
From: Loic Le Page <llepage@fluendo.com>
Date: Wed, 26 Jan 2022 14:20:08 +0100
Subject: [PATCH] Fix memory leak in gio/gdbusauthmechanismsha1.c
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/6ec432386ef98e26e5079b060ad823277e10f41f
---
gio/gdbusauthmechanismsha1.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/gio/gdbusauthmechanismsha1.c b/gio/gdbusauthmechanismsha1.c
index a82dddf839..8137b6352d 100644
--- a/gio/gdbusauthmechanismsha1.c
+++ b/gio/gdbusauthmechanismsha1.c
@@ -909,6 +909,7 @@ keyring_generate_entry (const gchar *cookie_context,
_("(Additionally, releasing the lock for “%s” also failed: %s) "),
path,
local_error->message);
+ g_error_free (local_error);
}
}
else
--
GitLab

172
backport-dbusmessage-Disallow-empty-structures-tuples-in-D-Bus-messages.patch Normal file
View File

@ -0,0 +1,172 @@
From 6499ad53567a64cb70f2fdc690ad405350fe1ce3 Mon Sep 17 00:00:00 2001
From: Sebastian Wilhelmi <wilhelmi@google.com>
Date: Thu, 6 Jan 2022 21:04:56 +0000
Subject: [PATCH] gdbusmessage: Disallow empty structures/tuples in D-Bus
messages
They are disallowed in the specification:
https://dbus.freedesktop.org/doc/dbus-specification.html#container-types
Helps: #2557
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/6499ad53567a64cb70f2fdc690ad405350fe1ce3
---
gio/gdbusmessage.c | 19 +++++++
gio/tests/gdbus-serialization.c | 88 +++++++++++++++++++++++++++++++++
2 files changed, 107 insertions(+)
diff --git a/gio/gdbusmessage.c b/gio/gdbusmessage.c
index 6e3bd8b..0645b90 100644
--- a/gio/gdbusmessage.c
+++ b/gio/gdbusmessage.c
@@ -1833,6 +1833,16 @@ parse_value_from_blob (GMemoryBuffer *buf,
g_variant_builder_init (&builder, type);
element_type = g_variant_type_first (type);
+ if (!element_type)
+ {
+ g_variant_builder_clear (&builder);
+ g_set_error_literal (&local_error,
+ G_IO_ERROR,
+ G_IO_ERROR_INVALID_ARGUMENT,
+ _("Empty structures (tuples) are not allowed in D-Bus"));
+ goto fail;
+ }
+
while (element_type != NULL)
{
GVariant *item;
@@ -2538,6 +2548,15 @@ append_value_to_blob (GVariant *value,
default:
if (g_variant_type_is_dict_entry (type) || g_variant_type_is_tuple (type))
{
+ if (!g_variant_type_first (type))
+ {
+ g_set_error_literal (error,
+ G_IO_ERROR,
+ G_IO_ERROR_INVALID_ARGUMENT,
+ _("Empty structures (tuples) are not allowed in D-Bus"));
+ goto fail;
+ }
+
padding_added = ensure_output_padding (mbuf, 8);
if (value != NULL)
{
diff --git a/gio/tests/gdbus-serialization.c b/gio/tests/gdbus-serialization.c
index 2ca28d9..34df053 100644
--- a/gio/tests/gdbus-serialization.c
+++ b/gio/tests/gdbus-serialization.c
@@ -1411,6 +1411,90 @@ test_message_parse_deep_body_nesting (void)
g_clear_error (&local_error);
}
+static void
+test_message_parse_empty_structure (void)
+{
+ const guint8 data[] =
+ {
+ 'l', /* little-endian byte order */
+ 0x02, /* message type (method return) */
+ 0x00, /* message flags (none) */
+ 0x01, /* major protocol version */
+ 0x08, 0x00, 0x00, 0x00, /* body length (in bytes) */
+ 0x00, 0x00, 0x00, 0x00, /* message serial */
+ /* a{yv} of header fields */
+ 0x20, 0x00, 0x00, 0x00, /* array length (in bytes), must be a multiple of 8 */
+ 0x01, /* array key (PATH) */
+ 0x01, /* signature length */
+ 'o', /* type (OBJECT_PATH) */
+ 0x00, /* nul terminator */
+ 0x05, 0x00, 0x00, 0x00, /* length 5 */
+ '/', 'p', 'a', 't', 'h', 0x00, 0x00, 0x00, /* string '/path' and padding */
+ 0x03, /* array key (MEMBER) */
+ 0x01, /* signature length */
+ 's', /* type (STRING) */
+ 0x00, /* nul terminator */
+ 0x06, 0x00, 0x00, 0x00, /* length 6 */
+ 'M', 'e', 'm', 'b', 'e', 'r', 0x00, 0x00, /* string 'Member' and padding */
+ 0x08, /* array key (SIGNATURE) */
+ 0x01, /* signature length */
+ 'g', /* type (SIGNATURE) */
+ 0x00, /* nul terminator */
+ 0x03, /* length 3 */
+ 'a', '(', ')', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* type 'a()' and padding */
+ 0x08, 0x00, 0x00, 0x00, /* array length: 4 bytes */
+ 0x00, 0x00, 0x00, 0x00, /* padding to 8 bytes */
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* array data */
+ 0x00
+ };
+ gsize size = sizeof (data);
+ GDBusMessage *message = NULL;
+ GError *local_error = NULL;
+
+ g_test_summary ("Test that empty structures are rejected when parsing.");
+ g_test_bug ("https://gitlab.gnome.org/GNOME/glib/-/issues/2557");
+
+ message = g_dbus_message_new_from_blob ((guchar *) data, size,
+ G_DBUS_CAPABILITY_FLAGS_NONE,
+ &local_error);
+ g_assert_error (local_error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT);
+ g_assert_cmpstr (local_error->message, ==, "Empty structures (tuples) are not allowed in D-Bus");
+ g_assert_null (message);
+
+ g_clear_error (&local_error);
+}
+
+static void
+test_message_serialize_empty_structure (void)
+{
+ GDBusMessage *message;
+ GVariantBuilder builder;
+ gsize size = 0;
+ GError *local_error = NULL;
+
+ g_test_summary ("Test that empty structures are rejected when serializing.");
+ g_test_bug ("https://gitlab.gnome.org/GNOME/glib/-/issues/2557");
+
+ message = g_dbus_message_new ();
+ g_variant_builder_init (&builder, G_VARIANT_TYPE ("(a())"));
+ g_variant_builder_open (&builder, G_VARIANT_TYPE ("a()"));
+ g_variant_builder_add (&builder, "()");
+ g_variant_builder_close (&builder);
+ g_dbus_message_set_message_type (message, G_DBUS_MESSAGE_TYPE_METHOD_CALL);
+ g_dbus_message_set_header (message, G_DBUS_MESSAGE_HEADER_FIELD_PATH,
+ g_variant_new_object_path ("/path"));
+ g_dbus_message_set_header (message, G_DBUS_MESSAGE_HEADER_FIELD_MEMBER,
+ g_variant_new_string ("Member"));
+ g_dbus_message_set_body (message, g_variant_builder_end (&builder));
+
+ g_dbus_message_to_blob (message, &size, G_DBUS_CAPABILITY_FLAGS_NONE, &local_error);
+ g_assert_error (local_error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT);
+ g_assert_cmpstr (local_error->message, ==, "Empty structures (tuples) are not allowed in D-Bus");
+
+ g_clear_error (&local_error);
+ g_clear_object (&message);
+}
+
/* ---------------------------------------------------------------------------------------------------- */
int
@@ -1433,6 +1517,8 @@ main (int argc,
test_message_serialize_header_checks);
g_test_add_func ("/gdbus/message-serialize/double-array",
test_message_serialize_double_array);
+ g_test_add_func ("/gdbus/message-serialize/empty-structure",
+ test_message_serialize_empty_structure);
g_test_add_func ("/gdbus/message-parse/empty-arrays-of-arrays",
test_message_parse_empty_arrays_of_arrays);
@@ -1448,6 +1534,8 @@ main (int argc,
test_message_parse_deep_header_nesting);
g_test_add_func ("/gdbus/message-parse/deep-body-nesting",
test_message_parse_deep_body_nesting);
+ g_test_add_func ("/gdbus/message-parse/empty-structure",
+ test_message_parse_empty_structure);
return g_test_run();
}
--
GitLab

46
backport-g_get_unix_mount_points-reduce-syscalls-inside-loop.patch Normal file
View File

@ -0,0 +1,46 @@
From 02d0d6497b92d05d1145d1077654ad2453938b6c Mon Sep 17 00:00:00 2001
From: Rozhuk Ivan <rozhuk.im@gmail.com>
Date: Sat, 25 Jun 2022 19:01:30 +0300
Subject: [PATCH] [PATCH] _g_get_unix_mount_points(): reduce syscalls inside
loop
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/02d0d6497b92d05d1145d1077654ad2453938b6c
---
gio/gunixmounts.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/gio/gunixmounts.c b/gio/gunixmounts.c
index ba08245..92ab163 100644
--- a/gio/gunixmounts.c
+++ b/gio/gunixmounts.c
@@ -1414,6 +1414,7 @@ _g_get_unix_mount_points (void)
GList *return_list = NULL;
G_LOCK_DEFINE_STATIC (fsent);
#ifdef HAVE_SYS_SYSCTL_H
+ uid_t uid = getuid ();
int usermnt = 0;
struct stat sb;
#endif
@@ -1466,14 +1467,13 @@ _g_get_unix_mount_points (void)
#ifdef HAVE_SYS_SYSCTL_H
if (usermnt != 0)
- {
- uid_t uid = getuid ();
- if (stat (fstab->fs_file, &sb) == 0)
- {
- if (uid == 0 || sb.st_uid == uid)
- is_user_mountable = TRUE;
- }
- }
+ {
+ if (uid == 0 ||
+ (stat (fstab->fs_file, &sb) == 0 && sb.st_uid == uid))
+ {
+ is_user_mountable = TRUE;
+ }
+ }
#endif
mount_point = create_unix_mount_point (fstab->fs_spec,

56
backport-garray-Fix-integer-overflows-in-element-capacity-calculations.patch Normal file
View File

@ -0,0 +1,56 @@
From 374a1895b62b2504d0b6ae1c404237802e73ddb6 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Tue, 18 Jan 2022 13:45:13 +0000
Subject: [PATCH] garray: Fix integer overflows in element capacity
calculations
Integer overflows in size calculations of buffers (GArray and GPtrArray)
allow subsequent buffer overflows. This happens due to conversions
between gsize and guint.
Proof of concept demonstrations of the overflows can be found in issue
2578. They are not being added as unit tests as they require too much
memory to test.
This will affect `GArray`s which are 4GB in size, or `GPtrArray`s which
are 48GB in size.
Fixes: #2578
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/374a1895b62b2504d0b6ae1c404237802e73ddb6
---
glib/garray.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/glib/garray.c b/glib/garray.c
index 3803fee037..b441562154 100644
--- a/glib/garray.c
+++ b/glib/garray.c
@@ -1001,7 +1001,7 @@ g_array_maybe_expand (GRealArray *array,
memset (g_array_elt_pos (array, array->elt_capacity), 0,
g_array_elt_len (array, want_len - array->elt_capacity));
- array->elt_capacity = want_alloc / array->elt_size;
+ array->elt_capacity = MIN (want_alloc / array->elt_size, G_MAXUINT);
}
}
@@ -1518,9 +1518,10 @@ g_ptr_array_maybe_expand (GRealPtrArray *array,
if ((array->len + len) > array->alloc)
{
guint old_alloc = array->alloc;
- array->alloc = g_nearest_pow (array->len + len);
- array->alloc = MAX (array->alloc, MIN_ARRAY_SIZE);
- array->pdata = g_realloc (array->pdata, sizeof (gpointer) * array->alloc);
+ gsize want_alloc = g_nearest_pow (sizeof (gpointer) * (array->len + len));
+ want_alloc = MAX (want_alloc, MIN_ARRAY_SIZE);
+ array->alloc = MIN (want_alloc / sizeof (gpointer), G_MAXUINT);
+ array->pdata = g_realloc (array->pdata, want_alloc);
if (G_UNLIKELY (g_mem_gc_friendly))
for ( ; old_alloc < array->alloc; old_alloc++)
array->pdata [old_alloc] = NULL;
--
GitLab

280
backport-garray-buffer-overflow-fix.patch Normal file
View File

@ -0,0 +1,280 @@
From 3a877835389a5e094d2f5d8e7288cd715add4599 Mon Sep 17 00:00:00 2001
From: blushingpenguin <mark@blushingpenguin.com>
Date: Sat, 16 Oct 2021 16:45:00 +0100
Subject: [PATCH] #1331: buffer overflow fix
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/3a877835389a5e094d2f5d8e7288cd715add4599
---
glib/garray.c | 57 ++++++++++++++++++++-----------------
glib/tests/array-test.c | 62 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 94 insertions(+), 25 deletions(-)
diff --git a/glib/garray.c b/glib/garray.c
index 025747ee56..48b3c0c4b5 100644
--- a/glib/garray.c
+++ b/glib/garray.c
@@ -107,7 +107,7 @@ struct _GRealArray
{
guint8 *data;
guint len;
- guint alloc;
+ guint elt_capacity;
guint elt_size;
guint zero_terminated : 1;
guint clear : 1;
@@ -150,7 +150,7 @@ struct _GRealArray
* Returns: the element of the #GArray at the index given by @i
*/
-#define g_array_elt_len(array,i) ((array)->elt_size * (i))
+#define g_array_elt_len(array,i) ((gsize)(array)->elt_size * (i))
#define g_array_elt_pos(array,i) ((array)->data + g_array_elt_len((array),(i)))
#define g_array_elt_zero(array, pos, len) \
(memset (g_array_elt_pos ((array), pos), 0, g_array_elt_len ((array), len)))
@@ -159,7 +159,7 @@ struct _GRealArray
g_array_elt_zero ((array), (array)->len, 1); \
}G_STMT_END
-static guint g_nearest_pow (guint num) G_GNUC_CONST;
+static gsize g_nearest_pow (gsize num) G_GNUC_CONST;
static void g_array_maybe_expand (GRealArray *array,
guint len);
@@ -181,6 +181,7 @@ g_array_new (gboolean zero_terminated,
guint elt_size)
{
g_return_val_if_fail (elt_size > 0, NULL);
+ g_return_val_if_fail (elt_size <= G_MAXSIZE / 2 - 1, NULL);
return g_array_sized_new (zero_terminated, clear, elt_size, 0);
}
@@ -232,7 +233,7 @@ g_array_steal (GArray *array,
rarray->data = NULL;
rarray->len = 0;
- rarray->alloc = 0;
+ rarray->elt_capacity = 0;
return segment;
}
@@ -261,12 +262,13 @@ g_array_sized_new (gboolean zero_terminated,
GRealArray *array;
g_return_val_if_fail (elt_size > 0, NULL);
+ g_return_val_if_fail (elt_size <= G_MAXSIZE, NULL);
array = g_slice_new (GRealArray);
array->data = NULL;
array->len = 0;
- array->alloc = 0;
+ array->elt_capacity = 0;
array->zero_terminated = (zero_terminated ? 1 : 0);
array->clear = (clear ? 1 : 0);
array->elt_size = elt_size;
@@ -471,7 +473,7 @@ array_free (GRealArray *array,
{
array->data = NULL;
array->len = 0;
- array->alloc = 0;
+ array->elt_capacity = 0;
}
else
{
@@ -966,22 +968,22 @@ g_array_binary_search (GArray *array,
return result;
}
-/* Returns the smallest power of 2 greater than n, or n if
- * such power does not fit in a guint
+/* Returns the smallest power of 2 greater than or equal to n,
+ * or 0 if such power does not fit in a gsize
*/
-static guint
-g_nearest_pow (guint num)
+static gsize
+g_nearest_pow (gsize num)
{
- guint n = num - 1;
+ gsize n = num - 1;
- g_assert (num > 0);
+ g_assert (num > 0 && num <= G_MAXSIZE / 2);
n |= n >> 1;
n |= n >> 2;
n |= n >> 4;
n |= n >> 8;
n |= n >> 16;
-#if SIZEOF_INT == 8
+#if GLIB_SIZEOF_SIZE_T == 8
n |= n >> 32;
#endif
@@ -992,26 +994,32 @@ static void
g_array_maybe_expand (GRealArray *array,
guint len)
{
- guint want_alloc;
+ guint max_len, want_len;
+
+ /* The maximum array length is derived from following constraints:
+ * - The number of bytes must fit into a gsize / 2.
+ * - The number of elements must fit into guint.
+ * - zero terminated arrays must leave space for the terminating element
+ */
+ max_len = MIN (G_MAXSIZE / 2 / array->elt_size, G_MAXUINT) - array->zero_terminated;
/* Detect potential overflow */
- if G_UNLIKELY ((G_MAXUINT - array->len) < len)
+ if G_UNLIKELY ((max_len - array->len) < len)
g_error ("adding %u to array would overflow", len);
- want_alloc = g_array_elt_len (array, array->len + len +
- array->zero_terminated);
-
- if (want_alloc > array->alloc)
+ want_len = array->len + len + array->zero_terminated;
+ if (want_len > array->elt_capacity)
{
- want_alloc = g_nearest_pow (want_alloc);
+ gsize want_alloc = g_nearest_pow(g_array_elt_len (array, want_len));
want_alloc = MAX (want_alloc, MIN_ARRAY_SIZE);
array->data = g_realloc (array->data, want_alloc);
if (G_UNLIKELY (g_mem_gc_friendly))
- memset (array->data + array->alloc, 0, want_alloc - array->alloc);
+ memset (g_array_elt_pos (array, array->elt_capacity), 0,
+ g_array_elt_len (array, want_len - array->elt_capacity));
- array->alloc = want_alloc;
+ array->elt_capacity = want_alloc / array->elt_size;
}
}
@@ -1297,7 +1305,7 @@ g_array_copy (GArray *array)
new_rarray =
(GRealArray *) g_array_sized_new (rarray->zero_terminated, rarray->clear,
- rarray->elt_size, rarray->alloc / rarray->elt_size);
+ rarray->elt_size, rarray->elt_capacity);
new_rarray->len = rarray->len;
if (rarray->len > 0)
memcpy (new_rarray->data, rarray->data, rarray->len * rarray->elt_size);
@@ -2298,7 +2306,6 @@ g_byte_array_new_take (guint8 *data,
GRealArray *real;
g_return_val_if_fail (len <= G_MAXUINT, NULL);
-
array = g_byte_array_new ();
real = (GRealArray *)array;
g_assert (real->data == NULL);
@@ -2306,7 +2313,7 @@ g_byte_array_new_take (guint8 *data,
real->data = data;
real->len = len;
- real->alloc = len;
+ real->elt_capacity = len;
return array;
}
diff --git a/glib/tests/array-test.c b/glib/tests/array-test.c
index 471f6171dc..fc9f56b45c 100644
--- a/glib/tests/array-test.c
+++ b/glib/tests/array-test.c
@@ -845,6 +845,45 @@ test_array_copy_sized (void)
g_array_unref (array1);
}
+static void
+array_overflow_append_vals (void)
+{
+ if (!g_test_undefined ())
+ return;
+
+ if (g_test_subprocess ())
+ {
+ GArray *array = g_array_new (TRUE, FALSE, 1);
+ /* Check for overflow should happen before data is accessed. */
+ g_array_append_vals (array, NULL, G_MAXUINT);
+ }
+ else
+ {
+ g_test_trap_subprocess (NULL, 0, 0);
+ g_test_trap_assert_failed ();
+ g_test_trap_assert_stderr ("*adding 4294967295 to array would overflow*");
+ }
+}
+
+static void
+array_overflow_set_size (void)
+{
+ if (!g_test_undefined ())
+ return;
+
+ if (g_test_subprocess ())
+ {
+ GArray *array = g_array_new (TRUE, FALSE, 1);
+ g_array_set_size (array, G_MAXUINT);
+ }
+ else
+ {
+ g_test_trap_subprocess (NULL, 0, 0);
+ g_test_trap_assert_failed ();
+ g_test_trap_assert_stderr ("*adding 4294967295 to array would overflow*");
+ }
+}
+
/* Check g_ptr_array_steal() function */
static void
pointer_array_steal (void)
@@ -1643,6 +1682,26 @@ pointer_array_steal_index (void)
g_assert_cmpuint (i4, ==, 1);
}
+static void
+byte_array_new_take_overflow (void)
+{
+#if G_MAXSIZE <= G_MAXUINT
+ g_test_skip ("Overflow test requires G_MAXSIZE > G_MAXUINT.");
+#else
+ GByteArray* arr;
+
+ if (!g_test_undefined ())
+ return;
+
+ /* Check for overflow should happen before data is accessed. */
+ g_test_expect_message (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL,
+ "*assertion 'len <= G_MAXUINT' failed");
+ arr = g_byte_array_new_take (NULL, (gsize)G_MAXUINT + 1);
+ g_assert(!arr);
+ g_test_assert_expected_messages ();
+#endif
+}
+
static void
byte_array_steal (void)
{
@@ -1998,6 +2057,8 @@ main (int argc, char *argv[])
g_test_add_func ("/array/clear-func", array_clear_func);
g_test_add_func ("/array/binary-search", test_array_binary_search);
g_test_add_func ("/array/copy-sized", test_array_copy_sized);
+ g_test_add_func ("/array/overflow-append-vals", array_overflow_append_vals);
+ g_test_add_func ("/array/overflow-set-size", array_overflow_set_size);
for (i = 0; i < G_N_ELEMENTS (array_configurations); i++)
{
@@ -2043,6 +2104,7 @@ main (int argc, char *argv[])
g_test_add_func ("/bytearray/sort", byte_array_sort);
g_test_add_func ("/bytearray/sort-with-data", byte_array_sort_with_data);
g_test_add_func ("/bytearray/new-take", byte_array_new_take);
+ g_test_add_func ("/bytearray/new-take-overflow", byte_array_new_take_overflow);
g_test_add_func ("/bytearray/free-to-bytes", byte_array_free_to_bytes);
return g_test_run ();
--
GitLab

54
backport-gdbusmessage-Disallow-zero-length-elements-in-arrays.patch Normal file
View File

@ -0,0 +1,54 @@
From c74177337dae7b06383261b2bedabf1f12d816b5 Mon Sep 17 00:00:00 2001
From: Sebastian Wilhelmi <wilhelmi@google.com>
Date: Thu, 6 Jan 2022 20:57:49 +0000
Subject: [PATCH] gdbusmessage: Disallow zero-length elements in arrays
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
They are not allowed in the specification, and can lead to infinite
loops when parsing.
That鈥檚 a security issue if your application is accepting D-Bus messages
from untrusted peers (perhaps in a peer-to-peer connection). It鈥檚 not
exploitable when your application is connected to a bus (such as the
system or session buses), as the bus daemons (dbus-daemon or
dbus-broker) filter out such broken messages and don鈥檛 forward them.
Arrays of zero-length elements are disallowed in the D-Bus
specification: https://dbus.freedesktop.org/doc/dbus-specification.html#container-types
oss-fuzz#41428, #41435
Fixes: #2557
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/c74177337dae7b06383261b2bedabf1f12d816b5
---
gio/gdbusmessage.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/gio/gdbusmessage.c b/gio/gdbusmessage.c
index 4056bc2c4a..ecef6cd3c5 100644
--- a/gio/gdbusmessage.c
+++ b/gio/gdbusmessage.c
@@ -1839,6 +1839,16 @@ parse_value_from_blob (GMemoryBuffer *buf,
}
g_variant_builder_add_value (&builder, item);
g_variant_unref (item);
+
+ /* Array elements must not be zero-length. There are no
+ * valid zero-length serialisations of any types which
+ * can be array elements in the D-Bus wire format, so this
+ * assertion should always hold.
+ *
+ * See https://gitlab.gnome.org/GNOME/glib/-/issues/2557
+ */
+ g_assert (buf->pos > (gsize) offset);
+
offset = buf->pos;
}
}
--
GitLab

31
backport-gdbusmethodinvocation-Drop-redundant-quote-from-warning.patch Normal file
View File

@ -0,0 +1,31 @@
From 7143457076d6469f76185a2f1d7071aca40a591e Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 17 Mar 2022 19:03:15 +0000
Subject: [PATCH] gdbusmethodinvocation: Drop redundant quote from warning
message
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/7143457076d6469f76185a2f1d7071aca40a591e
---
gio/gdbusmethodinvocation.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gio/gdbusmethodinvocation.c b/gio/gdbusmethodinvocation.c
index 8e7abc83c4..705af079f4 100644
--- a/gio/gdbusmethodinvocation.c
+++ b/gio/gdbusmethodinvocation.c
@@ -413,7 +413,7 @@ g_dbus_method_invocation_return_value_internal (GDBusMethodInvocation *invocatio
{
gchar *type_string = g_variant_type_dup_string (type);
- g_warning ("Type of return value is incorrect: expected '%s', got '%s''",
+ g_warning ("Type of return value is incorrect: expected '%s', got '%s'",
type_string, g_variant_get_type_string (parameters));
g_variant_type_free (type);
g_free (type_string);
--
GitLab

67
backport-gdbusmethodinvocation-Fix-a-leak-on-an-early-return-path.patch Normal file
View File

@ -0,0 +1,67 @@
From a3b8846e54c7132056411605f815b67e831833d2 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 17 Mar 2022 19:04:42 +0000
Subject: [PATCH] gdbusmethodinvocation: Fix a leak on an early return path
When doing an early return from `g_dbus_method_invocation_return_*()`
due to passing in the wrong type (or no return value when one was
expected), the parameters were not correctly sunk and were leaked.
Fix that. A unit test will be added in a following commit.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Coverity CID: #1474536
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/a3b8846e54c7132056411605f815b67e831833d2
---
gio/gdbusmethodinvocation.c | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/gio/gdbusmethodinvocation.c b/gio/gdbusmethodinvocation.c
index c22e19ef0d..c15d83ec84 100644
--- a/gio/gdbusmethodinvocation.c
+++ b/gio/gdbusmethodinvocation.c
@@ -397,14 +397,7 @@ g_dbus_method_invocation_return_value_internal (GDBusMethodInvocation *invocatio
g_return_if_fail ((parameters == NULL) || g_variant_is_of_type (parameters, G_VARIANT_TYPE_TUPLE));
if (g_dbus_message_get_flags (invocation->message) & G_DBUS_MESSAGE_FLAGS_NO_REPLY_EXPECTED)
- {
- if (parameters != NULL)
- {
- g_variant_ref_sink (parameters);
- g_variant_unref (parameters);
- }
- goto out;
- }
+ goto out;
if (parameters == NULL)
parameters = g_variant_new_tuple (NULL, 0);
@@ -508,7 +501,7 @@ g_dbus_method_invocation_return_value_internal (GDBusMethodInvocation *invocatio
}
reply = g_dbus_message_new_method_reply (invocation->message);
- g_dbus_message_set_body (reply, parameters);
+ g_dbus_message_set_body (reply, g_steal_pointer (&parameters));
#ifdef G_OS_UNIX
if (fd_list != NULL)
@@ -525,6 +518,12 @@ g_dbus_method_invocation_return_value_internal (GDBusMethodInvocation *invocatio
g_object_unref (reply);
out:
+ if (parameters != NULL)
+ {
+ g_variant_ref_sink (parameters);
+ g_variant_unref (parameters);
+ }
+
g_object_unref (invocation);
}
--
GitLab

82
backport-gdbusmethodinvocation-Fix-dead-code-for-type-checking-GetAll.patch Normal file
View File

@ -0,0 +1,82 @@
From 76f5460107c86a44be6387c159b34ae50aa1e623 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 17 Mar 2022 18:32:46 +0000
Subject: [PATCH] gdbusmethodinvocation: Fix dead code for type checking GetAll
`property_info` is only ever set for `Get` and `Set` calls, not for
`GetAll`, as it only represents a single property. So this code was
never reachable.
Move it out so that it is reachable.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/76f5460107c86a44be6387c159b34ae50aa1e623
---
gio/gdbusmethodinvocation.c | 34 ++++++++++++++++++----------------
1 file changed, 18 insertions(+), 16 deletions(-)
diff --git a/gio/gdbusmethodinvocation.c b/gio/gdbusmethodinvocation.c
index c15d83ec84..8e7abc83c4 100644
--- a/gio/gdbusmethodinvocation.c
+++ b/gio/gdbusmethodinvocation.c
@@ -424,7 +424,9 @@ g_dbus_method_invocation_return_value_internal (GDBusMethodInvocation *invocatio
/* property_info is only non-NULL if set that way from
* GDBusConnection, so this must be the case of async property
- * handling on either 'Get', 'Set' or 'GetAll'.
+ * handling on either 'Get' or 'Set'.
+ *
+ * property_info is NULL for 'GetAll'.
*/
if (invocation->property_info != NULL)
{
@@ -454,21 +456,6 @@ g_dbus_method_invocation_return_value_internal (GDBusMethodInvocation *invocatio
g_variant_unref (nested);
}
- else if (g_str_equal (invocation->method_name, "GetAll"))
- {
- if (!g_variant_is_of_type (parameters, G_VARIANT_TYPE ("(a{sv})")))
- {
- g_warning ("Type of return value for property 'GetAll' call should be '(a{sv})' but got '%s'",
- g_variant_get_type_string (parameters));
- goto out;
- }
-
- /* Could iterate the list of properties and make sure that all
- * of them are actually on the interface and with the correct
- * types, but let's not do that for now...
- */
- }
-
else if (g_str_equal (invocation->method_name, "Set"))
{
if (!g_variant_is_of_type (parameters, G_VARIANT_TYPE_UNIT))
@@ -482,6 +469,21 @@ g_dbus_method_invocation_return_value_internal (GDBusMethodInvocation *invocatio
else
g_assert_not_reached ();
}
+ else if (g_str_equal (invocation->interface_name, "org.freedesktop.DBus.Properties") &&
+ g_str_equal (invocation->method_name, "GetAll"))
+ {
+ if (!g_variant_is_of_type (parameters, G_VARIANT_TYPE ("(a{sv})")))
+ {
+ g_warning ("Type of return value for property 'GetAll' call should be '(a{sv})' but got '%s'",
+ g_variant_get_type_string (parameters));
+ goto out;
+ }
+
+ /* Could iterate the list of properties and make sure that all
+ * of them are actually on the interface and with the correct
+ * types, but let's not do that for now...
+ */
+ }
if (G_UNLIKELY (_g_dbus_debug_return ()))
{
--
GitLab

73
backport-gio-tool-Fix-a-minor-memory-leak.patch Normal file
View File

@ -0,0 +1,73 @@
From 49cc9b96f4c19a98ddf6e9b7417c7019ebc28ca3 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 27 Apr 2022 15:01:08 +0100
Subject: [PATCH] gio-tool: Fix a minor memory leak when using gio-set with
bytestrings
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Tested using:
```sh
touch ~/foo
gio set ~/foo -t bytestring user::test "\x00\x00"
```
(it doesn鈥檛 matter that this fails; the bytestring is still decoded)
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Coverity CID: #1474407
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/49cc9b96f4c19a98ddf6e9b7417c7019ebc28ca3
---
gio/gio-tool-set.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/gio/gio-tool-set.c b/gio/gio-tool-set.c
index 4dbe1214ff..c2a9431f61 100644
--- a/gio/gio-tool-set.c
+++ b/gio/gio-tool-set.c
@@ -76,12 +76,14 @@ handle_set (int argc, char *argv[], gboolean do_help)
const char *attribute;
GFileAttributeType type;
gpointer value;
+ gpointer value_allocated = NULL;
gboolean b;
guint32 uint32;
gint32 int32;
guint64 uint64;
gint64 int64;
gchar *param;
+ int retval = 0;
g_set_prgname ("gio set");
@@ -147,7 +149,7 @@ handle_set (int argc, char *argv[], gboolean do_help)
value = argv[3];
break;
case G_FILE_ATTRIBUTE_TYPE_BYTE_STRING:
- value = hex_unescape (argv[3]);
+ value = value_allocated = hex_unescape (argv[3]);
break;
case G_FILE_ATTRIBUTE_TYPE_BOOLEAN:
b = g_ascii_strcasecmp (argv[3], "true") == 0;
@@ -194,11 +196,11 @@ handle_set (int argc, char *argv[], gboolean do_help)
{
print_error ("%s", error->message);
g_error_free (error);
- g_object_unref (file);
- return 1;
+ retval = 1;
}
+ g_clear_pointer (&value_allocated, g_free);
g_object_unref (file);
- return 0;
+ return retval;
}
--
GitLab

39
backport-gopenuriportal-Fix-a-use-after-free-on-an-error-path.patch Normal file
View File

@ -0,0 +1,39 @@
From 969eb835dc2f07c34ae8ca45ddbc41590a2e2f8e Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 28 Apr 2022 10:56:10 +0100
Subject: [PATCH] gopenuriportal: Fix a use-after-free on an error path
`path` was used in building the error message after it had been freed.
Spotted by scan-build.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #1767
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/969eb835dc2f07c34ae8ca45ddbc41590a2e2f8e
---
gio/gopenuriportal.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gio/gopenuriportal.c b/gio/gopenuriportal.c
index 6ef8f037c3..2f527d8289 100644
--- a/gio/gopenuriportal.c
+++ b/gio/gopenuriportal.c
@@ -108,10 +108,10 @@ g_openuri_portal_open_uri (const char *uri,
errsv = errno;
if (fd == -1)
{
- g_free (path);
- g_variant_builder_clear (&opt_builder);
g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errsv),
"Failed to open '%s'", path);
+ g_free (path);
+ g_variant_builder_clear (&opt_builder);
return FALSE;
}
--
GitLab

39
backport-gprintf-Fix-a-memory-leak-with-an-invalid-format.patch Normal file
View File

@ -0,0 +1,39 @@
From 7329c6e09bf59ccae2d8d3e788ce43bb6af6c3db Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 9 Mar 2022 14:07:34 +0000
Subject: [PATCH] gprintf: Fix a memory leak with an invalid format in
g_vasprintf()
If using the fallback implementation of `g_vasprintf()`.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Coverity CID: #1474726
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/7329c6e09bf59ccae2d8d3e788ce43bb6af6c3db
---
glib/gprintf.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/glib/gprintf.c b/glib/gprintf.c
index 555a630bc2..0e094f00fa 100644
--- a/glib/gprintf.c
+++ b/glib/gprintf.c
@@ -356,6 +356,12 @@ g_vasprintf (gchar **string,
len = _g_vsprintf (*string, format, args2);
va_end (args2);
+
+ if (len < 0)
+ {
+ g_free (*string);
+ *string = NULL;
+ }
}
#endif
--
GitLab

76
backport-gunixmounts-Add-cache-to-g_unix_mount_points_get.patch Normal file
View File

@ -0,0 +1,76 @@
From 36f7684d56c5d6182398b5db992c1e81ef6cb2f5 Mon Sep 17 00:00:00 2001
From: Rozhuk Ivan <rozhuk.im@gmail.com>
Date: Sun, 18 Oct 2020 03:06:46 +0300
Subject: [PATCH] gunixmounts: Add cache to g_unix_mount_points_get()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
`_g_get_unix_mount_points()` parses `/etc/fstab` every time its called,
so caching the result can improve performance when mounts are queried
frequently.
The cache will remain in memory until `/etc/fstab` is next modified.
This means that the final copy of the cache will be deliberately
leaked on process exit.
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/36f7684d56c5d6182398b5db992c1e81ef6cb2f5
---
gio/gunixmounts.c | 31 +++++++++++++++++++++++++++++--
1 file changed, 29 insertions(+), 2 deletions(-)
diff --git a/gio/gunixmounts.c b/gio/gunixmounts.c
index ecfa61de86..9c8ef5d666 100644
--- a/gio/gunixmounts.c
+++ b/gio/gunixmounts.c
@@ -1666,6 +1666,14 @@ g_unix_mount_for (const char *file_path,
return entry;
}
+static gpointer
+copy_mount_point_cb (gconstpointer src,
+ gpointer data)
+{
+ GUnixMountPoint *src_mount_point = (GUnixMountPoint *) src;
+ return g_unix_mount_point_copy (src_mount_point);
+}
+
/**
* g_unix_mount_points_get:
* @time_read: (out) (optional): guint64 to contain a timestamp.
@@ -1681,10 +1689,29 @@ g_unix_mount_for (const char *file_path,
GList *
g_unix_mount_points_get (guint64 *time_read)
{
+ static GList *mnt_pts_last = NULL;
+ static guint64 time_read_last = 0;
+ GList *mnt_pts = NULL;
+ guint64 time_read_now;
+ G_LOCK_DEFINE_STATIC (unix_mount_points);
+
+ G_LOCK (unix_mount_points);
+
+ time_read_now = get_mount_points_timestamp ();
+ if (time_read_now != time_read_last || mnt_pts_last == NULL)
+ {
+ time_read_last = time_read_now;
+ g_list_free_full (mnt_pts_last, (GDestroyNotify) g_unix_mount_point_free);
+ mnt_pts_last = _g_get_unix_mount_points ();
+ }
+ mnt_pts = g_list_copy_deep (mnt_pts_last, copy_mount_point_cb, NULL);
+
+ G_UNLOCK (unix_mount_points);
+
if (time_read)
- *time_read = get_mount_points_timestamp ();
+ *time_read = time_read_now;
- return _g_get_unix_mount_points ();
+ return mnt_pts;
}
/**
--
GitLab

97
backport-gutf8-add-string-length-check-when-ending-character-offset-is-1.patch Normal file
View File

@ -0,0 +1,97 @@
From 9adbdd45d7101405eb05487bdf6a2015af9f8afd Mon Sep 17 00:00:00 2001
From: Chen Guanqiao <chen.chenchacha@foxmail.com>
Date: Thu, 11 Nov 2021 01:04:38 +0800
Subject: [PATCH] gutf8: add string length check when ending character offset
is -1
Some function such as atk_text_get_text, use -1 to indicate the end of the
string. And an crash occurs when the -1 is passed to g_utf8_substring.
Call Trace:
0 __memmove_avx_unaligned_erms
1 memcpy
2 g_utf8_substring
3 impl_GetText
4 handle_other
5 handle_message
6 _dbus_object_tree_dispatch_and_unlock
7 dbus_connection_dispatch
8 dbus_connection_dispatch
9 ()
10 g_main_dispatch
11 g_main_context_dispatch
12 g_main_context_iterate
13 g_main_context_iteration
14 g_application_run
15 main
Signed-off-by: Chen Guanqiao <chen.chenchacha@foxmail.com>
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/9adbdd45d7101405eb05487bdf6a2015af9f8afd
---
glib/gutf8.c | 19 +++++++++++++++++--
glib/tests/utf8-misc.c | 4 ++++
2 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/glib/gutf8.c b/glib/gutf8.c
index 7d053540d6..9097f690b3 100644
--- a/glib/gutf8.c
+++ b/glib/gutf8.c
@@ -271,11 +271,15 @@ g_utf8_strlen (const gchar *p,
* g_utf8_substring:
* @str: a UTF-8 encoded string
* @start_pos: a character offset within @str
- * @end_pos: another character offset within @str
+ * @end_pos: another character offset within @str,
+ * or `-1` to indicate the end of the string
*
* Copies a substring out of a UTF-8 encoded string.
* The substring will contain @end_pos - @start_pos characters.
*
+ * Since GLib 2.72, `-1` can be passed to @end_pos to indicate the
+ * end of the string.
+ *
* Returns: (transfer full): a newly allocated copy of the requested
* substring. Free with g_free() when no longer needed.
*
@@ -288,8 +292,19 @@ g_utf8_substring (const gchar *str,
{
gchar *start, *end, *out;
+ g_return_val_if_fail (end_pos >= start_pos || end_pos == -1, NULL);
+
start = g_utf8_offset_to_pointer (str, start_pos);
- end = g_utf8_offset_to_pointer (start, end_pos - start_pos);
+
+ if (end_pos == -1)
+ {
+ glong length = g_utf8_strlen (start, -1);
+ end = g_utf8_offset_to_pointer (start, length);
+ }
+ else
+ {
+ end = g_utf8_offset_to_pointer (start, end_pos - start_pos);
+ }
out = g_malloc (end - start + 1);
memcpy (out, start, end - start);
diff --git a/glib/tests/utf8-misc.c b/glib/tests/utf8-misc.c
index 7a8c37448b..c137294229 100644
--- a/glib/tests/utf8-misc.c
+++ b/glib/tests/utf8-misc.c
@@ -128,6 +128,10 @@ test_utf8_substring (void)
r = g_utf8_substring ("abc\xe2\x82\xa0gh\xe2\x82\xa4", 2, 5);
g_assert_cmpstr (r, ==, "c\xe2\x82\xa0g");
g_free (r);
+
+ r = g_utf8_substring ("abcd", 1, -1);
+ g_assert_cmpstr (r, ==, "bcd");
+ g_free (r);
}
static void
--
GitLab

42
backport-gutils-Fix-g_find_program_in_path-to-return-an-absolute-path.patch Normal file
View File

@ -0,0 +1,42 @@
From 78dc1cc3cd669e9fb92ae7847bab2b308c0a8628 Mon Sep 17 00:00:00 2001
From: Christoph Niethammer <christoph.niethammer@gmail.com>
Date: Thu, 27 Jan 2022 03:54:01 +0100
Subject: [PATCH] gutils: Fix g_find_program_in_path() to return an absolute
path
Fix a possibility of returning a relative path, in case PATH contains
a relative path. According to the doc, the function should return an
absolute path.
Signed-off-by: Christoph Niethammer <christoph.niethammer@gmail.com>
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/78dc1cc3cd669e9fb92ae7847bab2b308c0a8628
---
glib/gutils.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/glib/gutils.c b/glib/gutils.c
index 6652d0ba05..6cc4506073 100644
--- a/glib/gutils.c
+++ b/glib/gutils.c
@@ -456,7 +456,14 @@ g_find_program_in_path (const gchar *program)
!g_file_test (startp, G_FILE_TEST_IS_DIR))
{
gchar *ret;
- ret = g_strdup (startp);
+ if (g_path_is_absolute (startp)) {
+ ret = g_strdup (startp);
+ } else {
+ gchar *cwd = NULL;
+ cwd = g_get_current_dir ();
+ ret = g_build_filename (cwd, startp, NULL);
+ g_free (cwd);
+ }
g_free (freeme);
#ifdef G_OS_WIN32
g_free ((gchar *) path_copy);
--
GitLab

55
backport-gvariant-serialiser-Prevent-unbounded-recursion.patch Normal file
View File

@ -0,0 +1,55 @@
From 77233f6f0779fe0c1cb48861d7deded4ae413567 Mon Sep 17 00:00:00 2001
From: Sebastian Wilhelmi <wilhelmi@google.com>
Date: Thu, 6 Jan 2022 20:50:34 +0000
Subject: [PATCH] gvariant-serialiser: Prevent unbounded recursion in
is_normal()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This fixes a bug in 7c4e6e9fbe473de0401c778c6b0c4aad27d5145a.
The original approach in that commit accidentally only checked the depth
at the leaf nodes in the variant tree, whereas actually the depth should
be checked before recursing to avoid stack overflow.
It neglected to consider that `g_variant_serialised_is_normal()` would
be recursed into by some of the `DISPATCH(_is_normal)` cases. When that
happened, the depth check was after the recursion so couldn鈥檛 prevent a
stack overflow.
Fixes: #2572
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/77233f6f0779fe0c1cb48861d7deded4ae413567
---
glib/gvariant-serialiser.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/glib/gvariant-serialiser.c b/glib/gvariant-serialiser.c
index 832a8fdc2a..7b13381b6f 100644
--- a/glib/gvariant-serialiser.c
+++ b/glib/gvariant-serialiser.c
@@ -1587,6 +1587,9 @@ g_variant_serialised_byteswap (GVariantSerialised serialised)
gboolean
g_variant_serialised_is_normal (GVariantSerialised serialised)
{
+ if (serialised.depth >= G_VARIANT_MAX_RECURSION_DEPTH)
+ return FALSE;
+
DISPATCH_CASES (serialised.type_info,
return gvs_/**/,/**/_is_normal (serialised);
@@ -1595,8 +1598,6 @@ g_variant_serialised_is_normal (GVariantSerialised serialised)
if (serialised.data == NULL)
return FALSE;
- if (serialised.depth >= G_VARIANT_MAX_RECURSION_DEPTH)
- return FALSE;
/* some hard-coded terminal cases */
switch (g_variant_type_info_get_type_char (serialised.type_info))
--
GitLab

77
backport-tests-Add-some-tests-for-g_string_append_vprintf.patch Normal file
View File

@ -0,0 +1,77 @@
From d6ad10404f1d61d83803336ba5b64ec0bfd07da8 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 9 Mar 2022 14:09:57 +0000
Subject: [PATCH] tests: Add some tests for g_string_append_vprintf()
This adds coverage of one previously uncovered branch in `gstring.c`.
Real progress!
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/d6ad10404f1d61d83803336ba5b64ec0bfd07da8
---
glib/tests/string.c | 39 +++++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
diff --git a/glib/tests/string.c b/glib/tests/string.c
index 24098d1be6..0229099e79 100644
--- a/glib/tests/string.c
+++ b/glib/tests/string.c
@@ -215,6 +215,44 @@ test_string_append (void)
g_string_free (string, TRUE);
}
+static void string_append_vprintf_va (GString *string,
+ const gchar *format,
+ ...) G_GNUC_PRINTF (2, 3);
+
+/* Wrapper around g_string_append_vprintf() which takes varargs */
+static void
+string_append_vprintf_va (GString *string,
+ const gchar *format,
+ ...)
+{
+ va_list args;
+
+ va_start (args, format);
+ g_string_append_vprintf (string, format, args);
+ va_end (args);
+}
+
+static void
+test_string_append_vprintf (void)
+{
+ GString *string;
+
+ /* append */
+ string = g_string_new ("firsthalf");
+
+ string_append_vprintf_va (string, "some %s placeholders", "format");
+
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wformat"
+#pragma GCC diagnostic ignored "-Wformat-extra-args"
+ string_append_vprintf_va (string, "%l", "invalid");
+#pragma GCC diagnostic pop
+
+ g_assert_cmpstr (string->str, ==, "firsthalfsome format placeholders");
+
+ g_string_free (string, TRUE);
+}
+
static void
test_string_prepend_c (void)
{
@@ -571,6 +609,7 @@ main (int argc,
g_test_add_func ("/string/test-string-assign", test_string_assign);
g_test_add_func ("/string/test-string-append-c", test_string_append_c);
g_test_add_func ("/string/test-string-append", test_string_append);
+ g_test_add_func ("/string/test-string-append-vprintf", test_string_append_vprintf);
g_test_add_func ("/string/test-string-prepend-c", test_string_prepend_c);
g_test_add_func ("/string/test-string-prepend", test_string_prepend);
g_test_add_func ("/string/test-string-insert", test_string_insert);
--
GitLab

75
backport-tests-Add-some-tests-for-g_vasprintf-invalid-format-strings.patch Normal file
View File

@ -0,0 +1,75 @@
From 27e1509cd68e58d9057091eadf97de96165c2bea Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 9 Mar 2022 14:08:49 +0000
Subject: [PATCH] tests: Add some tests for g_vasprintf() invalid format
strings
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/27e1509cd68e58d9057091eadf97de96165c2bea
---
glib/tests/test-printf.c | 40 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 40 insertions(+)
diff --git a/glib/tests/test-printf.c b/glib/tests/test-printf.c
index 59a461ddb0..77eb76a4ab 100644
--- a/glib/tests/test-printf.c
+++ b/glib/tests/test-printf.c
@@ -895,6 +895,44 @@ test_upper_bound (void)
g_assert_cmpint (res, ==, 20);
}
+static gint test_vasprintf_va (gchar **string,
+ const gchar *format,
+ ...) G_GNUC_PRINTF (2, 3);
+
+/* Wrapper around g_vasprintf() which takes varargs */
+static gint
+test_vasprintf_va (gchar **string,
+ const gchar *format,
+ ...)
+{
+ va_list args;
+ gint len;
+
+ va_start (args, format);
+ len = g_vasprintf (string, format, args);
+ va_end (args);
+
+ return len;
+}
+
+static void
+test_vasprintf_invalid_format_placeholder (void)
+{
+ gint len = 0;
+ gchar *buf = "some non-null string";
+
+ g_test_summary ("Test error handling for invalid format placeholder in g_vasprintf()");
+
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wformat"
+#pragma GCC diagnostic ignored "-Wformat-extra-args"
+ len = test_vasprintf_va (&buf, "%l", "nope");
+#pragma GCC diagnostic pop
+
+ g_assert_cmpint (len, ==, -1);
+ g_assert_null (buf);
+}
+
int
main (int argc,
char *argv[])
@@ -935,5 +973,7 @@ main (int argc,
g_test_add_func ("/sprintf/test-positional-params", test_positional_params3);
g_test_add_func ("/sprintf/upper-bound", test_upper_bound);
+ g_test_add_func ("/vasprintf/invalid-format-placeholder", test_vasprintf_invalid_format_placeholder);
+
return g_test_run();
}
--
GitLab

442
backport-tests-Add-unit-tests-for-GDBusMethodInvocation.patch Normal file
View File

@ -0,0 +1,442 @@
From a7750cd02004d5e5f2660426b4d6728a604ef1e2 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 17 Mar 2022 19:05:14 +0000
Subject: [PATCH] tests: Add unit tests for GDBusMethodInvocation
These should cover everything to do with returning a value or error from
a `GDBusMethodInvocation` object.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/a7750cd02004d5e5f2660426b4d6728a604ef1e2
---
gio/tests/gdbus-method-invocation.c | 402 ++++++++++++++++++++++++++++
gio/tests/meson.build | 1 +
2 files changed, 403 insertions(+)
create mode 100644 gio/tests/gdbus-method-invocation.c
diff --git a/gio/tests/gdbus-method-invocation.c b/gio/tests/gdbus-method-invocation.c
new file mode 100644
index 0000000000..985fd45ced
--- /dev/null
+++ b/gio/tests/gdbus-method-invocation.c
@@ -0,0 +1,402 @@
+/* GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright © 2022 Endless OS Foundation, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ */
+
+#include <gio/gio.h>
+#include <gio/gunixfdlist.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "gdbus-tests.h"
+
+static const GDBusArgInfo foo_get_fds_in_args =
+{
+ -1,
+ "type",
+ "s",
+ NULL
+};
+static const GDBusArgInfo * const foo_get_fds_in_arg_pointers[] = {&foo_get_fds_in_args, NULL};
+
+static const GDBusArgInfo foo_get_fds_out_args =
+{
+ -1,
+ "some_fd",
+ "h",
+ NULL
+};
+static const GDBusArgInfo * const foo_get_fds_out_arg_pointers[] = {&foo_get_fds_out_args, NULL};
+
+static const GDBusMethodInfo foo_method_info_wrong_return_type =
+{
+ -1,
+ "WrongReturnType",
+ NULL, /* in args */
+ NULL, /* out args */
+ NULL /* annotations */
+};
+static const GDBusMethodInfo foo_method_info_close_before_returning =
+{
+ -1,
+ "CloseBeforeReturning",
+ NULL, /* in args */
+ NULL, /* out args */
+ NULL /* annotations */
+};
+static const GDBusMethodInfo foo_method_info_get_fds =
+{
+ -1,
+ "GetFDs",
+ (GDBusArgInfo **) foo_get_fds_in_arg_pointers,
+ (GDBusArgInfo **) foo_get_fds_out_arg_pointers,
+ NULL /* annotations */
+};
+static const GDBusMethodInfo foo_method_info_return_error =
+{
+ -1,
+ "ReturnError",
+ NULL, /* in args */
+ NULL, /* out args */
+ NULL /* annotations */
+};
+static const GDBusMethodInfo * const foo_method_info_pointers[] = {
+ &foo_method_info_wrong_return_type,
+ &foo_method_info_close_before_returning,
+ &foo_method_info_get_fds,
+ &foo_method_info_return_error,
+ NULL
+};
+
+static const GDBusPropertyInfo foo_property_info[] =
+{
+ {
+ -1,
+ "InvalidType",
+ "s",
+ G_DBUS_PROPERTY_INFO_FLAGS_READABLE | G_DBUS_PROPERTY_INFO_FLAGS_WRITABLE,
+ NULL
+ },
+ {
+ -1,
+ "InvalidTypeNull",
+ "s",
+ G_DBUS_PROPERTY_INFO_FLAGS_READABLE | G_DBUS_PROPERTY_INFO_FLAGS_WRITABLE,
+ NULL
+ },
+ {
+ -1,
+ "InvalidValueType",
+ "s",
+ G_DBUS_PROPERTY_INFO_FLAGS_READABLE | G_DBUS_PROPERTY_INFO_FLAGS_WRITABLE,
+ NULL
+ },
+};
+static const GDBusPropertyInfo * const foo_property_info_pointers[] =
+{
+ &foo_property_info[0],
+ &foo_property_info[1],
+ &foo_property_info[2],
+ NULL
+};
+
+static const GDBusInterfaceInfo foo_interface_info =
+{
+ -1,
+ "org.example.Foo",
+ (GDBusMethodInfo **) &foo_method_info_pointers,
+ NULL, /* signals */
+ (GDBusPropertyInfo **) &foo_property_info_pointers,
+ NULL, /* annotations */
+};
+
+/* ---------------------------------------------------------------------------------------------------- */
+
+static void
+test_method_invocation_return_method_call (GDBusConnection *connection,
+ const gchar *sender,
+ const gchar *object_path,
+ const gchar *interface_name,
+ const gchar *method_name,
+ GVariant *parameters,
+ GDBusMethodInvocation *invocation,
+ gpointer user_data)
+{
+ gboolean no_reply = g_dbus_message_get_flags (g_dbus_method_invocation_get_message (invocation)) & G_DBUS_MESSAGE_FLAGS_NO_REPLY_EXPECTED;
+
+ if (g_str_equal (interface_name, "org.freedesktop.DBus.Properties") &&
+ g_str_equal (method_name, "Get"))
+ {
+ const gchar *iface_name, *prop_name;
+
+ g_variant_get (parameters, "(&s&s)", &iface_name, &prop_name);
+ g_assert_cmpstr (iface_name, ==, "org.example.Foo");
+
+ /* Do different things depending on the property name. */
+ if (g_str_equal (prop_name, "InvalidType"))
+ {
+ if (!no_reply)
+ g_test_expect_message ("GLib-GIO", G_LOG_LEVEL_WARNING,
+ "Type of return value for property 'Get' call should be '(v)' but got '(s)'");
+ g_dbus_method_invocation_return_value (invocation, g_variant_new ("(s)", "this type is invalid"));
+ }
+ else if (g_str_equal (prop_name, "InvalidTypeNull"))
+ {
+ if (!no_reply)
+ g_test_expect_message ("GLib-GIO", G_LOG_LEVEL_WARNING,
+ "Type of return value for property 'Get' call should be '(v)' but got '()'");
+ g_dbus_method_invocation_return_value (invocation, NULL);
+ }
+ else if (g_str_equal (prop_name, "InvalidValueType"))
+ {
+ if (!no_reply)
+ g_test_expect_message ("GLib-GIO", G_LOG_LEVEL_WARNING,
+ "Value returned from property 'Get' call for 'InvalidValueType' should be 's' but is 'u'");
+ g_dbus_method_invocation_return_value (invocation, g_variant_new ("(v)", g_variant_new_uint32 (123)));
+ }
+ else
+ {
+ g_assert_not_reached ();
+ }
+
+ g_test_assert_expected_messages ();
+ }
+ else if (g_str_equal (interface_name, "org.freedesktop.DBus.Properties") &&
+ g_str_equal (method_name, "Set"))
+ {
+ const gchar *iface_name, *prop_name;
+ GVariant *value;
+
+ g_variant_get (parameters, "(&s&sv)", &iface_name, &prop_name, &value);
+ g_assert_cmpstr (iface_name, ==, "org.example.Foo");
+
+ if (g_str_equal (prop_name, "InvalidType"))
+ {
+ if (!no_reply)
+ g_test_expect_message ("GLib-GIO", G_LOG_LEVEL_WARNING,
+ "Type of return value for property 'Set' call should be '()' but got '(s)'");
+ g_dbus_method_invocation_return_value (invocation, g_variant_new ("(s)", "should be unit"));
+ }
+ else
+ {
+ g_assert_not_reached ();
+ }
+
+ g_test_assert_expected_messages ();
+ g_variant_unref (value);
+ }
+ else if (g_str_equal (interface_name, "org.freedesktop.DBus.Properties") &&
+ g_str_equal (method_name, "GetAll"))
+ {
+ const gchar *iface_name;
+
+ g_variant_get (parameters, "(&s)", &iface_name);
+ g_assert_cmpstr (iface_name, ==, "org.example.Foo");
+
+ if (!no_reply)
+ g_test_expect_message ("GLib-GIO", G_LOG_LEVEL_WARNING,
+ "Type of return value for property 'GetAll' call should be '(a{sv})' but got '(s)'");
+ g_dbus_method_invocation_return_value (invocation, g_variant_new ("(s)", "should be a different type"));
+ }
+ else if (g_str_equal (interface_name, "org.example.Foo") &&
+ g_str_equal (method_name, "WrongReturnType"))
+ {
+ if (!no_reply)
+ g_test_expect_message ("GLib-GIO", G_LOG_LEVEL_WARNING,
+ "Type of return value is incorrect: expected '()', got '(s)'");
+ g_dbus_method_invocation_return_value (invocation, g_variant_new ("(s)", "should be a different type"));
+ }
+ else if (g_str_equal (interface_name, "org.example.Foo") &&
+ g_str_equal (method_name, "CloseBeforeReturning"))
+ {
+ g_dbus_connection_close (connection, NULL, NULL, NULL);
+
+ g_dbus_method_invocation_return_value (invocation, NULL);
+ }
+ else if (g_str_equal (interface_name, "org.example.Foo") &&
+ g_str_equal (method_name, "GetFDs"))
+ {
+ const gchar *action;
+ GUnixFDList *list = NULL;
+ GError *local_error = NULL;
+
+ g_variant_get (parameters, "(&s)", &action);
+
+ list = g_unix_fd_list_new ();
+ g_unix_fd_list_append (list, 1, &local_error);
+ g_assert_no_error (local_error);
+
+ if (g_str_equal (action, "WrongNumber"))
+ {
+ g_unix_fd_list_append (list, 1, &local_error);
+ g_assert_no_error (local_error);
+ }
+
+ if (g_str_equal (action, "Valid") ||
+ g_str_equal (action, "WrongNumber"))
+ g_dbus_method_invocation_return_value_with_unix_fd_list (invocation, g_variant_new ("(h)"), list);
+ else
+ g_assert_not_reached ();
+
+ g_object_unref (list);
+ }
+ else if (g_str_equal (interface_name, "org.example.Foo") &&
+ g_str_equal (method_name, "ReturnError"))
+ {
+ g_dbus_method_invocation_return_dbus_error (invocation, "org.example.Foo", "SomeError");
+ }
+ else
+ g_assert_not_reached ();
+}
+
+static void
+ensure_result_cb (GObject *source,
+ GAsyncResult *result,
+ gpointer user_data)
+{
+ GDBusConnection *connection = G_DBUS_CONNECTION (source);
+ GVariant *reply;
+ guint *n_outstanding_calls = user_data;
+
+ reply = g_dbus_connection_call_finish (connection, result, NULL);
+
+ /* We don鈥檛 care what the reply is. */
+ g_clear_pointer (&reply, g_variant_unref);
+
+ g_assert_cmpint (*n_outstanding_calls, >, 0);
+ *n_outstanding_calls = *n_outstanding_calls - 1;
+}
+
+static void
+test_method_invocation_return (void)
+{
+ GDBusConnection *connection = NULL;
+ GError *local_error = NULL;
+ guint registration_id;
+ const GDBusInterfaceVTable vtable = {
+ test_method_invocation_return_method_call, NULL, NULL, { 0 }
+ };
+ guint n_outstanding_calls = 0;
+
+ g_test_summary ("Test calling g_dbus_method_invocation_return_*() in various ways");
+
+ /* Connect to the bus. */
+ connection = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_assert_nonnull (connection);
+
+ /* Register an object which we can call methods on. */
+ registration_id = g_dbus_connection_register_object (connection,
+ "/foo",
+ (GDBusInterfaceInfo *) &foo_interface_info,
+ &vtable, NULL, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_assert_cmpint (registration_id, !=, 0);
+
+ /* Test a variety of error cases */
+ {
+ const struct
+ {
+ const gchar *interface_name;
+ const gchar *method_name;
+ const gchar *parameters_string;
+ gboolean tests_undefined_behaviour;
+ }
+ calls[] =
+ {
+ { "org.freedesktop.DBus.Properties", "Get", "('org.example.Foo', 'InvalidType')", TRUE },
+ { "org.freedesktop.DBus.Properties", "Get", "('org.example.Foo', 'InvalidTypeNull')", TRUE },
+ { "org.freedesktop.DBus.Properties", "Get", "('org.example.Foo', 'InvalidValueType')", TRUE },
+ { "org.freedesktop.DBus.Properties", "Set", "('org.example.Foo', 'InvalidType', <'irrelevant'>)", TRUE },
+ { "org.freedesktop.DBus.Properties", "GetAll", "('org.example.Foo',)", TRUE },
+ { "org.example.Foo", "WrongReturnType", "()", TRUE },
+ { "org.example.Foo", "GetFDs", "('Valid',)", FALSE },
+ { "org.example.Foo", "GetFDs", "('WrongNumber',)", TRUE },
+ { "org.example.Foo", "ReturnError", "()", FALSE },
+ { "org.example.Foo", "CloseBeforeReturning", "()", FALSE },
+ };
+ gsize i;
+
+ for (i = 0; i < G_N_ELEMENTS (calls); i++)
+ {
+ if (calls[i].tests_undefined_behaviour && !g_test_undefined ())
+ {
+ g_test_message ("Skipping %s.%s", calls[i].interface_name, calls[i].method_name);
+ continue;
+ }
+ else
+ {
+ g_test_message ("Calling %s.%s", calls[i].interface_name, calls[i].method_name);
+ }
+
+ /* Call twice, once expecting a result and once not. Do the call which
+ * doesn鈥檛 expect a result first; message ordering should ensure that
+ * it鈥檚 completed by the time the second call completes, so we don鈥檛
+ * have to account for it separately.
+ *
+ * That鈥檚 good, because the only way to get g_dbus_connection_call()
+ * to set %G_DBUS_MESSAGE_FLAGS_NO_REPLY_EXPECTED is to not provide
+ * a callback function. */
+ n_outstanding_calls++;
+
+ g_dbus_connection_call (connection,
+ g_dbus_connection_get_unique_name (connection),
+ "/foo",
+ calls[i].interface_name,
+ calls[i].method_name,
+ g_variant_new_parsed (calls[i].parameters_string),
+ NULL,
+ G_DBUS_CALL_FLAGS_NONE,
+ -1,
+ NULL,
+ NULL, /* no callback */
+ NULL);
+
+ g_dbus_connection_call (connection,
+ g_dbus_connection_get_unique_name (connection),
+ "/foo",
+ calls[i].interface_name,
+ calls[i].method_name,
+ g_variant_new_parsed (calls[i].parameters_string),
+ NULL,
+ G_DBUS_CALL_FLAGS_NONE,
+ -1,
+ NULL,
+ ensure_result_cb,
+ &n_outstanding_calls);
+ }
+ }
+
+ /* Wait until all the calls are complete. */
+ while (n_outstanding_calls > 0)
+ g_main_context_iteration (NULL, TRUE);
+
+ g_dbus_connection_unregister_object (connection, registration_id);
+ g_object_unref (connection);
+}
+
+int
+main (int argc,
+ char *argv[])
+{
+ g_test_init (&argc, &argv, G_TEST_OPTION_ISOLATE_DIRS, NULL);
+
+ g_test_add_func ("/gdbus/method-invocation/return", test_method_invocation_return);
+
+ return session_bus_run ();
+}
diff --git a/gio/tests/meson.build b/gio/tests/meson.build
index 81ff551dda..c825b0cd7a 100644
--- a/gio/tests/meson.build
+++ b/gio/tests/meson.build
@@ -333,6 +333,7 @@ if host_machine.system() != 'windows'
'suite' : ['slow'],
},
'gdbus-introspection' : {'extra_sources' : extra_sources},
+ 'gdbus-method-invocation' : {'extra_sources' : extra_sources},
'gdbus-names' : {'extra_sources' : extra_sources},
'gdbus-proxy' : {'extra_sources' : extra_sources},
'gdbus-proxy-threads' : {
--
GitLab

35
backport-xdgmime-fix-double-free.patch Normal file
View File

@ -0,0 +1,35 @@
From f95ca6cb713383548f16f9a8ba2f6c51a4d25e25 Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@redhat.com>
Date: Fri, 17 Jun 2022 08:48:10 -0500
Subject: [PATCH] xdgmime: fix double free
We free xdg_dirs[i] twice, but fail to free xdg_dirs itself.
Also, since free() is NULL-safe, there is no need for the second check
here.
Discovered in: https://gitlab.freedesktop.org/xdg/xdgmime/-/merge_requests/16#note_1432025
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/f95ca6cb713383548f16f9a8ba2f6c51a4d25e25
---
gio/xdgmime/xdgmime.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/gio/xdgmime/xdgmime.c b/gio/xdgmime/xdgmime.c
index 9ab6760486..c3c11625e8 100644
--- a/gio/xdgmime/xdgmime.c
+++ b/gio/xdgmime/xdgmime.c
@@ -350,8 +350,7 @@ xdg_mime_set_dirs (const char * const *dirs)
for (i = 0; xdg_dirs != NULL && xdg_dirs[i] != NULL; i++)
free (xdg_dirs[i]);
- if (xdg_dirs != NULL)
- free (xdg_dirs[i]);
+ free (xdg_dirs);
xdg_dirs = NULL;
if (dirs != NULL)
--
GitLab

28
glib2.spec
View File

@ -1,6 +1,6 @@
Name: glib2
Version: 2.66.8
Release: 6
Release: 7
Summary: The core library that forms the basis for projects such as GTK+ and GNOME
License: LGPLv2+
URL: http://www.gtk.org
@ -20,7 +20,7 @@ Patch6009: backport-gdbusobjectmanagerservice-fix-leak-in-error-path.patch
Patch6010: backport-gfileenumerator-fix-leak-in-error-path.patch
Patch6011: backport-gsettings-Fix-a-minor-memory-leak-when-getting-GSettingsAction-state.patch
Patch6012: backport-fix-a-memory-leak.patch
Patch6013: backport-fix-expectations-when-running-as-root.patch
Patch6013: backport-fix-expectations-when-running-as-root.patch
Patch6014: backport-gapplication-fix-arguments-leak-in-error-path.patch
Patch6015: backport-gsocks5proxy-Handle-EOF-when-reading-from-a-stream.patch
Patch6016: backport-application-Unset-the-registered-state-after-shutting-down.patch
@ -35,6 +35,27 @@ Patch6024: backport-gvariant-Fix-memory-leak-on-a-TYPE-CHECK-failure.patch
Patch6025: backport-gvariant-Fix-pointers-being-dereferenced-despite-NULL-checks.patch
Patch6026: backport-gtype-Fix-pointer-being-dereferenced-despite-NULL-check.patch
Patch6027: backport-add-OOM-handling-in-mimemagic.patch
Patch6028: backport-garray-buffer-overflow-fix.patch
Patch6029: backport-gutf8-add-string-length-check-when-ending-character-offset-is-1.patch
Patch6030: backport-gvariant-serialiser-Prevent-unbounded-recursion.patch
Patch6031: backport-dbusmessage-Disallow-empty-structures-tuples-in-D-Bus-messages.patch
Patch6032: backport-gdbusmessage-Disallow-zero-length-elements-in-arrays.patch
Patch6033: backport-garray-Fix-integer-overflows-in-element-capacity-calculations.patch
Patch6034: backport-gutils-Fix-g_find_program_in_path-to-return-an-absolute-path.patch
Patch6035: backport-Fix-memory-leak-in-gdbusauthmechanismsha1.patch
Patch6036: backport-gprintf-Fix-a-memory-leak-with-an-invalid-format.patch
Patch6037: backport-tests-Add-some-tests-for-g_vasprintf-invalid-format-strings.patch
Patch6038: backport-tests-Add-some-tests-for-g_string_append_vprintf.patch
Patch6039: backport-gdbusmethodinvocation-Fix-a-leak-on-an-early-return-path.patch
Patch6040: backport-gdbusmethodinvocation-Fix-dead-code-for-type-checking-GetAll.patch
Patch6041: backport-gdbusmethodinvocation-Drop-redundant-quote-from-warning.patch
Patch6042: backport-tests-Add-unit-tests-for-GDBusMethodInvocation.patch
Patch6043: backport-gio-tool-Fix-a-minor-memory-leak.patch
Patch6044: backport-gopenuriportal-Fix-a-use-after-free-on-an-error-path.patch
Patch6045: backport-xdgmime-fix-double-free.patch
Patch6046: backport-gunixmounts-Add-cache-to-g_unix_mount_points_get.patch
Patch6047: backport-Add-lock-in-_g_get_unix_mount_points-around-fsent-functions.patch
Patch6048: backport-g_get_unix_mount_points-reduce-syscalls-inside-loop.patch
BuildRequires: chrpath gcc gcc-c++ gettext perl-interpreter
@ -208,6 +229,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
%endif
%changelog
* Sat Oct 15 2022 hanhuihui <hanhuihui5@huawei.com> - 2.66.8-7
- backport some patches from community
* Mon May 09 2022 wangkerong <wangkerong@h-partners.com> - 2.66.8-6
- fix issues found by svace static code analyzer
fix segfault,memory leak,EOF,arguments leak