import glib2-2.56.4-13.el8
This commit is contained in:
parent
0516ceef46
commit
568d82b12e
@ -1,170 +0,0 @@
|
|||||||
From ee502dbbe89a5976c32eb8863c9a9d274ddb60e1 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Simon McVittie <smcv@collabora.com>
|
|
||||||
Date: Mon, 14 Oct 2019 08:47:39 +0100
|
|
||||||
Subject: [PATCH] GDBus: prefer getsockopt()-style credentials-passing APIs
|
|
||||||
|
|
||||||
Conceptually, a D-Bus server is really trying to determine the credentials
|
|
||||||
of (the process that initiated) a connection, not the credentials that
|
|
||||||
the process had when it sent a particular message. Ideally, it does
|
|
||||||
this with a getsockopt()-style API that queries the credentials of the
|
|
||||||
connection's initiator without requiring any particular cooperation from
|
|
||||||
that process, avoiding a class of possible failures.
|
|
||||||
|
|
||||||
The leading '\0' in the D-Bus protocol is primarily a workaround
|
|
||||||
for platforms where the message-based credentials-passing API is
|
|
||||||
strictly better than the getsockopt()-style API (for example, on
|
|
||||||
FreeBSD, SCM_CREDS includes a process ID but getpeereid() does not),
|
|
||||||
or where the getsockopt()-style API does not exist at all. As a result
|
|
||||||
libdbus, the reference implementation of D-Bus, does not implement
|
|
||||||
Linux SCM_CREDENTIALS at all - it has no reason to do so, because the
|
|
||||||
SO_PEERCRED socket option is equally informative.
|
|
||||||
|
|
||||||
This change makes GDBusServer on Linux more closely match the behaviour
|
|
||||||
of libdbus.
|
|
||||||
|
|
||||||
In particular, GNOME/glib#1831 indicates that when a libdbus client
|
|
||||||
connects to a GDBus server, recvmsg() sometimes yields a SCM_CREDENTIALS
|
|
||||||
message with cmsg_data={pid=0, uid=65534, gid=65534}. I think this is
|
|
||||||
most likely a race condition in the early steps to connect:
|
|
||||||
|
|
||||||
client server
|
|
||||||
connect
|
|
||||||
accept
|
|
||||||
send '\0' <- race -> set SO_PASSCRED = 1
|
|
||||||
receive '\0'
|
|
||||||
|
|
||||||
If the server wins the race:
|
|
||||||
|
|
||||||
client server
|
|
||||||
connect
|
|
||||||
accept
|
|
||||||
set SO_PASSCRED = 1
|
|
||||||
send '\0'
|
|
||||||
receive '\0'
|
|
||||||
|
|
||||||
then everything is fine. However, if the client wins the race:
|
|
||||||
|
|
||||||
client server
|
|
||||||
connect
|
|
||||||
accept
|
|
||||||
send '\0'
|
|
||||||
set SO_PASSCRED = 1
|
|
||||||
receive '\0'
|
|
||||||
|
|
||||||
then the kernel does not record credentials for the message containing
|
|
||||||
'\0' (because SO_PASSCRED was 0 at the time). However, by the time the
|
|
||||||
server receives the message, the kernel knows that credentials are
|
|
||||||
desired. I would have expected the kernel to omit the credentials header
|
|
||||||
in this case, but it seems that instead, it synthesizes a credentials
|
|
||||||
structure with a dummy process ID 0, a dummy uid derived from
|
|
||||||
/proc/sys/kernel/overflowuid and a dummy gid derived from
|
|
||||||
/proc/sys/kernel/overflowgid.
|
|
||||||
|
|
||||||
In an unconfigured GDBusServer, hitting this race condition results in
|
|
||||||
falling back to DBUS_COOKIE_SHA1 authentication, which in practice usually
|
|
||||||
succeeds in authenticating the peer's uid. However, we encourage AF_UNIX
|
|
||||||
servers on Unix platforms to allow only EXTERNAL authentication as a
|
|
||||||
security-hardening measure, because DBUS_COOKIE_SHA1 relies on a series
|
|
||||||
of assumptions including a cryptographically strong PRNG and a shared
|
|
||||||
home directory with no write access by others, which are not necessarily
|
|
||||||
true for all operating systems and users. EXTERNAL authentication will
|
|
||||||
fail if the server cannot determine the client's credentials.
|
|
||||||
|
|
||||||
In particular, this caused a regression when CVE-2019-14822 was fixed
|
|
||||||
in ibus, which appears to be resolved by this commit. Qt clients
|
|
||||||
(which use libdbus) intermittently fail to connect to an ibus server
|
|
||||||
(which uses GDBusServer), because ibus no longer allows DBUS_COOKIE_SHA1
|
|
||||||
authentication or non-matching uids.
|
|
||||||
|
|
||||||
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
||||||
Closes: https://gitlab.gnome.org/GNOME/glib/issues/1831
|
|
||||||
---
|
|
||||||
gio/gcredentialsprivate.h | 18 ++++++++++++++++++
|
|
||||||
gio/gdbusauth.c | 27 +++++++++++++++++++++++++--
|
|
||||||
2 files changed, 43 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/gio/gcredentialsprivate.h b/gio/gcredentialsprivate.h
|
|
||||||
index 06f0aed19..e9ec09b9f 100644
|
|
||||||
--- a/gio/gcredentialsprivate.h
|
|
||||||
+++ b/gio/gcredentialsprivate.h
|
|
||||||
@@ -81,6 +81,18 @@
|
|
||||||
*/
|
|
||||||
#undef G_CREDENTIALS_SPOOFING_SUPPORTED
|
|
||||||
|
|
||||||
+/*
|
|
||||||
+ * G_CREDENTIALS_PREFER_MESSAGE_PASSING:
|
|
||||||
+ *
|
|
||||||
+ * Defined to 1 if the data structure transferred by the message-passing
|
|
||||||
+ * API is strictly more informative than the one transferred by the
|
|
||||||
+ * `getsockopt()`-style API, and hence should be preferred, even for
|
|
||||||
+ * protocols like D-Bus that are defined in terms of the credentials of
|
|
||||||
+ * the (process that opened the) socket, as opposed to the credentials
|
|
||||||
+ * of an individual message.
|
|
||||||
+ */
|
|
||||||
+#undef G_CREDENTIALS_PREFER_MESSAGE_PASSING
|
|
||||||
+
|
|
||||||
#ifdef __linux__
|
|
||||||
#define G_CREDENTIALS_SUPPORTED 1
|
|
||||||
#define G_CREDENTIALS_USE_LINUX_UCRED 1
|
|
||||||
@@ -100,6 +112,12 @@
|
|
||||||
#define G_CREDENTIALS_NATIVE_SIZE (sizeof (struct cmsgcred))
|
|
||||||
#define G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED 1
|
|
||||||
#define G_CREDENTIALS_SPOOFING_SUPPORTED 1
|
|
||||||
+/* GLib doesn't implement it yet, but FreeBSD's getsockopt()-style API
|
|
||||||
+ * is getpeereid(), which is not as informative as struct cmsgcred -
|
|
||||||
+ * it does not tell us the PID. As a result, libdbus prefers to use
|
|
||||||
+ * SCM_CREDS, and if we implement getpeereid() in future, we should
|
|
||||||
+ * do the same. */
|
|
||||||
+#define G_CREDENTIALS_PREFER_MESSAGE_PASSING 1
|
|
||||||
|
|
||||||
#elif defined(__NetBSD__)
|
|
||||||
#define G_CREDENTIALS_SUPPORTED 1
|
|
||||||
diff --git a/gio/gdbusauth.c b/gio/gdbusauth.c
|
|
||||||
index 752ec23fc..14cc5d70e 100644
|
|
||||||
--- a/gio/gdbusauth.c
|
|
||||||
+++ b/gio/gdbusauth.c
|
|
||||||
@@ -31,6 +31,7 @@
|
|
||||||
#include "gdbusutils.h"
|
|
||||||
#include "gioenumtypes.h"
|
|
||||||
#include "gcredentials.h"
|
|
||||||
+#include "gcredentialsprivate.h"
|
|
||||||
#include "gdbusprivate.h"
|
|
||||||
#include "giostream.h"
|
|
||||||
#include "gdatainputstream.h"
|
|
||||||
@@ -969,9 +970,31 @@ _g_dbus_auth_run_server (GDBusAuth *auth,
|
|
||||||
|
|
||||||
g_data_input_stream_set_newline_type (dis, G_DATA_STREAM_NEWLINE_TYPE_CR_LF);
|
|
||||||
|
|
||||||
- /* first read the NUL-byte */
|
|
||||||
+ /* read the NUL-byte, possibly with credentials attached */
|
|
||||||
#ifdef G_OS_UNIX
|
|
||||||
- if (G_IS_UNIX_CONNECTION (auth->priv->stream))
|
|
||||||
+#ifndef G_CREDENTIALS_PREFER_MESSAGE_PASSING
|
|
||||||
+ if (G_IS_SOCKET_CONNECTION (auth->priv->stream))
|
|
||||||
+ {
|
|
||||||
+ GSocket *sock = g_socket_connection_get_socket (G_SOCKET_CONNECTION (auth->priv->stream));
|
|
||||||
+
|
|
||||||
+ local_error = NULL;
|
|
||||||
+ credentials = g_socket_get_credentials (sock, &local_error);
|
|
||||||
+
|
|
||||||
+ if (credentials == NULL && !g_error_matches (local_error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED))
|
|
||||||
+ {
|
|
||||||
+ g_propagate_error (error, local_error);
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+ else
|
|
||||||
+ {
|
|
||||||
+ /* Clear the error indicator, so we can retry with
|
|
||||||
+ * g_unix_connection_receive_credentials() if necessary */
|
|
||||||
+ g_clear_error (&local_error);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+ if (credentials == NULL && G_IS_UNIX_CONNECTION (auth->priv->stream))
|
|
||||||
{
|
|
||||||
local_error = NULL;
|
|
||||||
credentials = g_unix_connection_receive_credentials (G_UNIX_CONNECTION (auth->priv->stream),
|
|
||||||
--
|
|
||||||
2.23.0
|
|
||||||
|
|
@ -1,170 +0,0 @@
|
|||||||
From 2bad3cb3bf8f0cc3f45057061f9a538ecf7742b6 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
|
|
||||||
Date: Thu, 14 Feb 2019 17:46:33 +0200
|
|
||||||
Subject: [PATCH 1/5] Use atomic reference counting for GSource
|
|
||||||
|
|
||||||
If attached to a context already it would use a mutex instead but at
|
|
||||||
least before that the reference counting is not thread-safe currently.
|
|
||||||
---
|
|
||||||
glib/gmain.c | 50 +++++++++++++++-----------------------------------
|
|
||||||
1 file changed, 15 insertions(+), 35 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/glib/gmain.c b/glib/gmain.c
|
|
||||||
index 26e68823d..5b91c3117 100644
|
|
||||||
--- a/glib/gmain.c
|
|
||||||
+++ b/glib/gmain.c
|
|
||||||
@@ -374,15 +374,6 @@ typedef struct _GSourceIter
|
|
||||||
#define SOURCE_DESTROYED(source) (((source)->flags & G_HOOK_FLAG_ACTIVE) == 0)
|
|
||||||
#define SOURCE_BLOCKED(source) (((source)->flags & G_SOURCE_BLOCKED) != 0)
|
|
||||||
|
|
||||||
-#define SOURCE_UNREF(source, context) \
|
|
||||||
- G_STMT_START { \
|
|
||||||
- if ((source)->ref_count > 1) \
|
|
||||||
- (source)->ref_count--; \
|
|
||||||
- else \
|
|
||||||
- g_source_unref_internal ((source), (context), TRUE); \
|
|
||||||
- } G_STMT_END
|
|
||||||
-
|
|
||||||
-
|
|
||||||
/* Forward declarations */
|
|
||||||
|
|
||||||
static void g_source_unref_internal (GSource *source,
|
|
||||||
@@ -977,10 +968,10 @@ g_source_iter_next (GSourceIter *iter, GSource **source)
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (iter->source && iter->may_modify)
|
|
||||||
- SOURCE_UNREF (iter->source, iter->context);
|
|
||||||
+ g_source_unref_internal (iter->source, iter->context, TRUE);
|
|
||||||
iter->source = next_source;
|
|
||||||
if (iter->source && iter->may_modify)
|
|
||||||
- iter->source->ref_count++;
|
|
||||||
+ g_source_ref (iter->source);
|
|
||||||
|
|
||||||
*source = iter->source;
|
|
||||||
return *source != NULL;
|
|
||||||
@@ -994,7 +985,7 @@ g_source_iter_clear (GSourceIter *iter)
|
|
||||||
{
|
|
||||||
if (iter->source && iter->may_modify)
|
|
||||||
{
|
|
||||||
- SOURCE_UNREF (iter->source, iter->context);
|
|
||||||
+ g_source_unref_internal (iter->source, iter->context, TRUE);
|
|
||||||
iter->source = NULL;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -1135,7 +1126,7 @@ g_source_attach_unlocked (GSource *source,
|
|
||||||
|
|
||||||
source->context = context;
|
|
||||||
source->source_id = id;
|
|
||||||
- source->ref_count++;
|
|
||||||
+ g_source_ref (source);
|
|
||||||
|
|
||||||
g_hash_table_insert (context->sources, GUINT_TO_POINTER (id), source);
|
|
||||||
|
|
||||||
@@ -1675,7 +1666,7 @@ g_source_set_funcs (GSource *source,
|
|
||||||
{
|
|
||||||
g_return_if_fail (source != NULL);
|
|
||||||
g_return_if_fail (source->context == NULL);
|
|
||||||
- g_return_if_fail (source->ref_count > 0);
|
|
||||||
+ g_return_if_fail (g_atomic_int_get (&source->ref_count) > 0);
|
|
||||||
g_return_if_fail (funcs != NULL);
|
|
||||||
|
|
||||||
source->source_funcs = funcs;
|
|
||||||
@@ -2050,19 +2041,9 @@ g_source_set_name_by_id (guint tag,
|
|
||||||
GSource *
|
|
||||||
g_source_ref (GSource *source)
|
|
||||||
{
|
|
||||||
- GMainContext *context;
|
|
||||||
-
|
|
||||||
g_return_val_if_fail (source != NULL, NULL);
|
|
||||||
|
|
||||||
- context = source->context;
|
|
||||||
-
|
|
||||||
- if (context)
|
|
||||||
- LOCK_CONTEXT (context);
|
|
||||||
-
|
|
||||||
- source->ref_count++;
|
|
||||||
-
|
|
||||||
- if (context)
|
|
||||||
- UNLOCK_CONTEXT (context);
|
|
||||||
+ g_atomic_int_inc (&source->ref_count);
|
|
||||||
|
|
||||||
return source;
|
|
||||||
}
|
|
||||||
@@ -2078,12 +2059,11 @@ g_source_unref_internal (GSource *source,
|
|
||||||
GSourceCallbackFuncs *old_cb_funcs = NULL;
|
|
||||||
|
|
||||||
g_return_if_fail (source != NULL);
|
|
||||||
-
|
|
||||||
+
|
|
||||||
if (!have_lock && context)
|
|
||||||
LOCK_CONTEXT (context);
|
|
||||||
|
|
||||||
- source->ref_count--;
|
|
||||||
- if (source->ref_count == 0)
|
|
||||||
+ if (g_atomic_int_dec_and_test (&source->ref_count))
|
|
||||||
{
|
|
||||||
TRACE (GLIB_SOURCE_BEFORE_FREE (source, context,
|
|
||||||
source->source_funcs->finalize));
|
|
||||||
@@ -2107,20 +2087,20 @@ g_source_unref_internal (GSource *source,
|
|
||||||
{
|
|
||||||
/* Temporarily increase the ref count again so that GSource methods
|
|
||||||
* can be called from finalize(). */
|
|
||||||
- source->ref_count++;
|
|
||||||
+ g_atomic_int_inc (&source->ref_count);
|
|
||||||
if (context)
|
|
||||||
UNLOCK_CONTEXT (context);
|
|
||||||
source->source_funcs->finalize (source);
|
|
||||||
if (context)
|
|
||||||
LOCK_CONTEXT (context);
|
|
||||||
- source->ref_count--;
|
|
||||||
+ g_atomic_int_add (&source->ref_count, -1);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (old_cb_funcs)
|
|
||||||
{
|
|
||||||
/* Temporarily increase the ref count again so that GSource methods
|
|
||||||
* can be called from callback_funcs.unref(). */
|
|
||||||
- source->ref_count++;
|
|
||||||
+ g_atomic_int_inc (&source->ref_count);
|
|
||||||
if (context)
|
|
||||||
UNLOCK_CONTEXT (context);
|
|
||||||
|
|
||||||
@@ -2128,7 +2108,7 @@ g_source_unref_internal (GSource *source,
|
|
||||||
|
|
||||||
if (context)
|
|
||||||
LOCK_CONTEXT (context);
|
|
||||||
- source->ref_count--;
|
|
||||||
+ g_atomic_int_add (&source->ref_count, -1);
|
|
||||||
}
|
|
||||||
|
|
||||||
g_free (source->name);
|
|
||||||
@@ -3201,7 +3181,7 @@ g_main_dispatch (GMainContext *context)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
- SOURCE_UNREF (source, context);
|
|
||||||
+ g_source_unref_internal (source, context, TRUE);
|
|
||||||
}
|
|
||||||
|
|
||||||
g_ptr_array_set_size (context->pending_dispatches, 0);
|
|
||||||
@@ -3440,7 +3420,7 @@ g_main_context_prepare (GMainContext *context,
|
|
||||||
for (i = 0; i < context->pending_dispatches->len; i++)
|
|
||||||
{
|
|
||||||
if (context->pending_dispatches->pdata[i])
|
|
||||||
- SOURCE_UNREF ((GSource *)context->pending_dispatches->pdata[i], context);
|
|
||||||
+ g_source_unref_internal ((GSource *)context->pending_dispatches->pdata[i], context, TRUE);
|
|
||||||
}
|
|
||||||
g_ptr_array_set_size (context->pending_dispatches, 0);
|
|
||||||
|
|
||||||
@@ -3788,7 +3768,7 @@ g_main_context_check (GMainContext *context,
|
|
||||||
|
|
||||||
if (source->flags & G_SOURCE_READY)
|
|
||||||
{
|
|
||||||
- source->ref_count++;
|
|
||||||
+ g_source_ref (source);
|
|
||||||
g_ptr_array_add (context->pending_dispatches, source);
|
|
||||||
|
|
||||||
n_ready++;
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,118 +0,0 @@
|
|||||||
From 1485a97d8051b0aa047987f7b0c0bfe4ba4ce55b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Simon McVittie <smcv@collabora.com>
|
|
||||||
Date: Fri, 18 Oct 2019 10:55:09 +0100
|
|
||||||
Subject: [PATCH] credentials: Invalid Linux struct ucred means "no
|
|
||||||
information"
|
|
||||||
|
|
||||||
On Linux, if getsockopt SO_PEERCRED is used on a TCP socket, one
|
|
||||||
might expect it to fail with an appropriate error like ENOTSUP or
|
|
||||||
EPROTONOSUPPORT. However, it appears that in fact it succeeds, but
|
|
||||||
yields a credentials structure with pid 0, uid -1 and gid -1. These
|
|
||||||
are not real process, user and group IDs that can be allocated to a
|
|
||||||
real process (pid 0 needs to be reserved to give kill(0) its documented
|
|
||||||
special semantics, and similarly uid and gid -1 need to be reserved for
|
|
||||||
setresuid() and setresgid()) so it is not meaningful to signal them to
|
|
||||||
high-level API users.
|
|
||||||
|
|
||||||
An API user with Linux-specific knowledge can still inspect these fields
|
|
||||||
via g_credentials_get_native() if desired.
|
|
||||||
|
|
||||||
Similarly, if SO_PASSCRED is used to receive a SCM_CREDENTIALS message
|
|
||||||
on a receiving Unix socket, but the sending socket had not enabled
|
|
||||||
SO_PASSCRED at the time that the message was sent, it is possible
|
|
||||||
for it to succeed but yield a credentials structure with pid 0, uid
|
|
||||||
/proc/sys/kernel/overflowuid and gid /proc/sys/kernel/overflowgid. Even
|
|
||||||
if we were to read those pseudo-files, we cannot distinguish between
|
|
||||||
the overflow IDs and a real process that legitimately has the same IDs
|
|
||||||
(typically they are set to 'nobody' and 'nogroup', which can be used
|
|
||||||
by a real process), so we detect this situation by noticing that
|
|
||||||
pid == 0, and to save syscalls we do not read the overflow IDs from
|
|
||||||
/proc at all.
|
|
||||||
|
|
||||||
This results in a small API change: g_credentials_is_same_user() now
|
|
||||||
returns FALSE if we compare two credentials structures that are both
|
|
||||||
invalid. This seems like reasonable, conservative behaviour: if we cannot
|
|
||||||
prove that they are the same user, we should assume they are not.
|
|
||||||
|
|
||||||
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
||||||
---
|
|
||||||
gio/gcredentials.c | 42 +++++++++++++++++++++++++++++++++++++++---
|
|
||||||
1 file changed, 39 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/gio/gcredentials.c b/gio/gcredentials.c
|
|
||||||
index c350e3c88..c4794ded7 100644
|
|
||||||
--- a/gio/gcredentials.c
|
|
||||||
+++ b/gio/gcredentials.c
|
|
||||||
@@ -265,6 +265,35 @@ g_credentials_to_string (GCredentials *credentials)
|
|
||||||
|
|
||||||
/* ---------------------------------------------------------------------------------------------------- */
|
|
||||||
|
|
||||||
+#if G_CREDENTIALS_USE_LINUX_UCRED
|
|
||||||
+/*
|
|
||||||
+ * Check whether @native contains invalid data. If getsockopt SO_PEERCRED
|
|
||||||
+ * is used on a TCP socket, it succeeds but yields a credentials structure
|
|
||||||
+ * with pid 0, uid -1 and gid -1. Similarly, if SO_PASSCRED is used on a
|
|
||||||
+ * receiving Unix socket when the sending socket did not also enable
|
|
||||||
+ * SO_PASSCRED, it can succeed but yield a credentials structure with
|
|
||||||
+ * pid 0, uid /proc/sys/kernel/overflowuid and gid
|
|
||||||
+ * /proc/sys/kernel/overflowgid.
|
|
||||||
+ */
|
|
||||||
+static gboolean
|
|
||||||
+linux_ucred_check_valid (struct ucred *native,
|
|
||||||
+ GError **error)
|
|
||||||
+{
|
|
||||||
+ if (native->pid == 0
|
|
||||||
+ || native->uid == -1
|
|
||||||
+ || native->gid == -1)
|
|
||||||
+ {
|
|
||||||
+ g_set_error_literal (error,
|
|
||||||
+ G_IO_ERROR,
|
|
||||||
+ G_IO_ERROR_INVALID_DATA,
|
|
||||||
+ _("GCredentials contains invalid data"));
|
|
||||||
+ return FALSE;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return TRUE;
|
|
||||||
+}
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
/**
|
|
||||||
* g_credentials_is_same_user:
|
|
||||||
* @credentials: A #GCredentials.
|
|
||||||
@@ -294,7 +323,8 @@ g_credentials_is_same_user (GCredentials *credentials,
|
|
||||||
|
|
||||||
ret = FALSE;
|
|
||||||
#if G_CREDENTIALS_USE_LINUX_UCRED
|
|
||||||
- if (credentials->native.uid == other_credentials->native.uid)
|
|
||||||
+ if (linux_ucred_check_valid (&credentials->native, NULL)
|
|
||||||
+ && credentials->native.uid == other_credentials->native.uid)
|
|
||||||
ret = TRUE;
|
|
||||||
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
|
||||||
if (credentials->native.cmcred_euid == other_credentials->native.cmcred_euid)
|
|
||||||
@@ -453,7 +483,10 @@ g_credentials_get_unix_user (GCredentials *credentials,
|
|
||||||
g_return_val_if_fail (error == NULL || *error == NULL, -1);
|
|
||||||
|
|
||||||
#if G_CREDENTIALS_USE_LINUX_UCRED
|
|
||||||
- ret = credentials->native.uid;
|
|
||||||
+ if (linux_ucred_check_valid (&credentials->native, error))
|
|
||||||
+ ret = credentials->native.uid;
|
|
||||||
+ else
|
|
||||||
+ ret = -1;
|
|
||||||
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
|
||||||
ret = credentials->native.cmcred_euid;
|
|
||||||
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
|
|
||||||
@@ -499,7 +532,10 @@ g_credentials_get_unix_pid (GCredentials *credentials,
|
|
||||||
g_return_val_if_fail (error == NULL || *error == NULL, -1);
|
|
||||||
|
|
||||||
#if G_CREDENTIALS_USE_LINUX_UCRED
|
|
||||||
- ret = credentials->native.pid;
|
|
||||||
+ if (linux_ucred_check_valid (&credentials->native, error))
|
|
||||||
+ ret = credentials->native.pid;
|
|
||||||
+ else
|
|
||||||
+ ret = -1;
|
|
||||||
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
|
||||||
ret = credentials->native.cmcred_pid;
|
|
||||||
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
|
|
||||||
--
|
|
||||||
2.23.0
|
|
||||||
|
|
@ -1,83 +0,0 @@
|
|||||||
From ef1035d9d86464ea0b5dde60a7a0e190895fdf5b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Simon McVittie <smcv@collabora.com>
|
|
||||||
Date: Mon, 14 Oct 2019 08:22:24 +0100
|
|
||||||
Subject: [PATCH] gcredentialsprivate: Document the various private macros
|
|
||||||
|
|
||||||
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
||||||
---
|
|
||||||
gio/gcredentialsprivate.h | 59 +++++++++++++++++++++++++++++++++++++++
|
|
||||||
1 file changed, 59 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/gio/gcredentialsprivate.h b/gio/gcredentialsprivate.h
|
|
||||||
index 4d1c420a8..06f0aed19 100644
|
|
||||||
--- a/gio/gcredentialsprivate.h
|
|
||||||
+++ b/gio/gcredentialsprivate.h
|
|
||||||
@@ -22,6 +22,65 @@
|
|
||||||
#include "gio/gcredentials.h"
|
|
||||||
#include "gio/gnetworking.h"
|
|
||||||
|
|
||||||
+/*
|
|
||||||
+ * G_CREDENTIALS_SUPPORTED:
|
|
||||||
+ *
|
|
||||||
+ * Defined to 1 if GCredentials works.
|
|
||||||
+ */
|
|
||||||
+#undef G_CREDENTIALS_SUPPORTED
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * G_CREDENTIALS_USE_LINUX_UCRED, etc.:
|
|
||||||
+ *
|
|
||||||
+ * Defined to 1 if GCredentials uses Linux `struct ucred`, etc.
|
|
||||||
+ */
|
|
||||||
+#undef G_CREDENTIALS_USE_LINUX_UCRED
|
|
||||||
+#undef G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
|
||||||
+#undef G_CREDENTIALS_USE_NETBSD_UNPCBID
|
|
||||||
+#undef G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
|
|
||||||
+#undef G_CREDENTIALS_USE_SOLARIS_UCRED
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * G_CREDENTIALS_NATIVE_TYPE:
|
|
||||||
+ *
|
|
||||||
+ * Defined to one of G_CREDENTIALS_TYPE_LINUX_UCRED, etc.
|
|
||||||
+ */
|
|
||||||
+#undef G_CREDENTIALS_NATIVE_TYPE
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * G_CREDENTIALS_NATIVE_SIZE:
|
|
||||||
+ *
|
|
||||||
+ * Defined to the size of the %G_CREDENTIALS_NATIVE_TYPE
|
|
||||||
+ */
|
|
||||||
+#undef G_CREDENTIALS_NATIVE_SIZE
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED:
|
|
||||||
+ *
|
|
||||||
+ * Defined to 1 if we have a message-passing API in which credentials
|
|
||||||
+ * are attached to a particular message, such as `SCM_CREDENTIALS` on Linux
|
|
||||||
+ * or `SCM_CREDS` on FreeBSD.
|
|
||||||
+ */
|
|
||||||
+#undef G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * G_CREDENTIALS_SOCKET_GET_CREDENTIALS_SUPPORTED:
|
|
||||||
+ *
|
|
||||||
+ * Defined to 1 if we have a `getsockopt()`-style API in which one end of
|
|
||||||
+ * a socket connection can directly query the credentials of the process
|
|
||||||
+ * that initiated the other end, such as `getsockopt SO_PEERCRED` on Linux
|
|
||||||
+ * or `getpeereid()` on multiple operating systems.
|
|
||||||
+ */
|
|
||||||
+#undef G_CREDENTIALS_SOCKET_GET_CREDENTIALS_SUPPORTED
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * G_CREDENTIALS_SPOOFING_SUPPORTED:
|
|
||||||
+ *
|
|
||||||
+ * Defined to 1 if privileged processes can spoof their credentials when
|
|
||||||
+ * using the message-passing API.
|
|
||||||
+ */
|
|
||||||
+#undef G_CREDENTIALS_SPOOFING_SUPPORTED
|
|
||||||
+
|
|
||||||
#ifdef __linux__
|
|
||||||
#define G_CREDENTIALS_SUPPORTED 1
|
|
||||||
#define G_CREDENTIALS_USE_LINUX_UCRED 1
|
|
||||||
--
|
|
||||||
2.23.0
|
|
||||||
|
|
@ -1,56 +0,0 @@
|
|||||||
From 8fef6abe1131da0c8a7211c740a12ebe11cbcc51 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Date: Wed, 10 Mar 2021 16:05:55 +0000
|
|
||||||
Subject: [PATCH 1/3] glocalfileoutputstream: Factor out a flag check
|
|
||||||
|
|
||||||
This clarifies the code a little. It introduces no functional changes.
|
|
||||||
|
|
||||||
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
---
|
|
||||||
gio/glocalfileoutputstream.c | 9 +++++----
|
|
||||||
1 file changed, 5 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
|
|
||||||
index 57d2d5dfe..6a70b2a04 100644
|
|
||||||
--- a/gio/glocalfileoutputstream.c
|
|
||||||
+++ b/gio/glocalfileoutputstream.c
|
|
||||||
@@ -751,6 +751,7 @@ handle_overwrite_open (const char *filename,
|
|
||||||
int res;
|
|
||||||
int mode;
|
|
||||||
int errsv;
|
|
||||||
+ gboolean replace_destination_set = (flags & G_FILE_CREATE_REPLACE_DESTINATION);
|
|
||||||
|
|
||||||
mode = mode_from_flags_or_info (flags, reference_info);
|
|
||||||
|
|
||||||
@@ -857,8 +858,8 @@ handle_overwrite_open (const char *filename,
|
|
||||||
* The second strategy consist simply in copying the old file
|
|
||||||
* to a backup file and rewrite the contents of the file.
|
|
||||||
*/
|
|
||||||
-
|
|
||||||
- if ((flags & G_FILE_CREATE_REPLACE_DESTINATION) ||
|
|
||||||
+
|
|
||||||
+ if (replace_destination_set ||
|
|
||||||
(!(original_stat.st_nlink > 1) && !is_symlink))
|
|
||||||
{
|
|
||||||
char *dirname, *tmp_filename;
|
|
||||||
@@ -877,7 +878,7 @@ handle_overwrite_open (const char *filename,
|
|
||||||
|
|
||||||
/* try to keep permissions (unless replacing) */
|
|
||||||
|
|
||||||
- if ( ! (flags & G_FILE_CREATE_REPLACE_DESTINATION) &&
|
|
||||||
+ if (!replace_destination_set &&
|
|
||||||
(
|
|
||||||
#ifdef HAVE_FCHOWN
|
|
||||||
fchown (tmpfd, original_stat.st_uid, original_stat.st_gid) == -1 ||
|
|
||||||
@@ -1016,7 +1017,7 @@ handle_overwrite_open (const char *filename,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (flags & G_FILE_CREATE_REPLACE_DESTINATION)
|
|
||||||
+ if (replace_destination_set)
|
|
||||||
{
|
|
||||||
g_close (fd, NULL);
|
|
||||||
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,174 +0,0 @@
|
|||||||
From e23bf51c6a898f5c395ffb388a0287575a3017cb Mon Sep 17 00:00:00 2001
|
|
||||||
From: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Date: Thu, 4 Feb 2021 13:30:52 +0000
|
|
||||||
Subject: [PATCH 01/12] gstrfuncs: Add internal g_memdup2() function
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
This will replace the existing `g_memdup()` function for use within
|
|
||||||
GLib. It has an unavoidable security flaw of taking its `byte_size`
|
|
||||||
argument as a `guint` rather than as a `gsize`. Most callers will
|
|
||||||
expect it to be a `gsize`, and may pass in large values which could
|
|
||||||
silently be truncated, resulting in an undersize allocation compared
|
|
||||||
to what the caller expects.
|
|
||||||
|
|
||||||
This could lead to a classic buffer overflow vulnerability for many
|
|
||||||
callers of `g_memdup()`.
|
|
||||||
|
|
||||||
`g_memdup2()`, in comparison, takes its `byte_size` as a `gsize`.
|
|
||||||
|
|
||||||
Spotted by Kevin Backhouse of GHSL.
|
|
||||||
|
|
||||||
In GLib 2.68, `g_memdup2()` will be a new public API. In this version
|
|
||||||
for backport to older stable releases, it’s a new `static inline` API
|
|
||||||
in a private header, so that use of `g_memdup()` within GLib can be
|
|
||||||
fixed without adding a new API in a stable release series.
|
|
||||||
|
|
||||||
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Helps: GHSL-2021-045
|
|
||||||
Helps: #2319
|
|
||||||
---
|
|
||||||
docs/reference/glib/meson.build | 1 +
|
|
||||||
glib/gstrfuncsprivate.h | 55 +++++++++++++++++++++++++++++++++
|
|
||||||
glib/meson.build | 1 +
|
|
||||||
glib/tests/strfuncs.c | 23 ++++++++++++++
|
|
||||||
4 files changed, 80 insertions(+)
|
|
||||||
create mode 100644 glib/gstrfuncsprivate.h
|
|
||||||
|
|
||||||
diff --git a/docs/reference/glib/meson.build b/docs/reference/glib/meson.build
|
|
||||||
index f0f915e96..1a3680941 100644
|
|
||||||
--- a/docs/reference/glib/meson.build
|
|
||||||
+++ b/docs/reference/glib/meson.build
|
|
||||||
@@ -20,6 +20,7 @@ if get_option('gtk_doc')
|
|
||||||
'gprintfint.h',
|
|
||||||
'gmirroringtable.h',
|
|
||||||
'gscripttable.h',
|
|
||||||
+ 'gstrfuncsprivate.h',
|
|
||||||
'glib-mirroring-tab',
|
|
||||||
'gnulib',
|
|
||||||
'pcre',
|
|
||||||
diff --git a/glib/gstrfuncsprivate.h b/glib/gstrfuncsprivate.h
|
|
||||||
new file mode 100644
|
|
||||||
index 000000000..85c88328a
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/glib/gstrfuncsprivate.h
|
|
||||||
@@ -0,0 +1,55 @@
|
|
||||||
+/* GLIB - Library of useful routines for C programming
|
|
||||||
+ * Copyright (C) 1995-1997 Peter Mattis, Spencer Kimball and Josh MacDonald
|
|
||||||
+ *
|
|
||||||
+ * This library is free software; you can redistribute it and/or
|
|
||||||
+ * modify it under the terms of the GNU Lesser General Public
|
|
||||||
+ * License as published by the Free Software Foundation; either
|
|
||||||
+ * version 2.1 of the License, or (at your option) any later version.
|
|
||||||
+ *
|
|
||||||
+ * This library is distributed in the hope that it will be useful,
|
|
||||||
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
+ * Lesser General Public License for more details.
|
|
||||||
+ *
|
|
||||||
+ * You should have received a copy of the GNU Lesser General Public
|
|
||||||
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+#include <glib.h>
|
|
||||||
+#include <string.h>
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * g_memdup2:
|
|
||||||
+ * @mem: (nullable): the memory to copy.
|
|
||||||
+ * @byte_size: the number of bytes to copy.
|
|
||||||
+ *
|
|
||||||
+ * Allocates @byte_size bytes of memory, and copies @byte_size bytes into it
|
|
||||||
+ * from @mem. If @mem is %NULL it returns %NULL.
|
|
||||||
+ *
|
|
||||||
+ * This replaces g_memdup(), which was prone to integer overflows when
|
|
||||||
+ * converting the argument from a #gsize to a #guint.
|
|
||||||
+ *
|
|
||||||
+ * This static inline version is a backport of the new public API from
|
|
||||||
+ * GLib 2.68, kept internal to GLib for backport to older stable releases.
|
|
||||||
+ * See https://gitlab.gnome.org/GNOME/glib/-/issues/2319.
|
|
||||||
+ *
|
|
||||||
+ * Returns: (nullable): a pointer to the newly-allocated copy of the memory,
|
|
||||||
+ * or %NULL if @mem is %NULL.
|
|
||||||
+ * Since: 2.68
|
|
||||||
+ */
|
|
||||||
+static inline gpointer
|
|
||||||
+g_memdup2 (gconstpointer mem,
|
|
||||||
+ gsize byte_size)
|
|
||||||
+{
|
|
||||||
+ gpointer new_mem;
|
|
||||||
+
|
|
||||||
+ if (mem && byte_size != 0)
|
|
||||||
+ {
|
|
||||||
+ new_mem = g_malloc (byte_size);
|
|
||||||
+ memcpy (new_mem, mem, byte_size);
|
|
||||||
+ }
|
|
||||||
+ else
|
|
||||||
+ new_mem = NULL;
|
|
||||||
+
|
|
||||||
+ return new_mem;
|
|
||||||
+}
|
|
||||||
diff --git a/glib/meson.build b/glib/meson.build
|
|
||||||
index a2f9da81c..481fd06ff 100644
|
|
||||||
--- a/glib/meson.build
|
|
||||||
+++ b/glib/meson.build
|
|
||||||
@@ -167,6 +167,7 @@ glib_sources = files(
|
|
||||||
'gslist.c',
|
|
||||||
'gstdio.c',
|
|
||||||
'gstrfuncs.c',
|
|
||||||
+ 'gstrfuncsprivate.h',
|
|
||||||
'gstring.c',
|
|
||||||
'gstringchunk.c',
|
|
||||||
'gtestutils.c',
|
|
||||||
diff --git a/glib/tests/strfuncs.c b/glib/tests/strfuncs.c
|
|
||||||
index 7e031bdb1..2aa252946 100644
|
|
||||||
--- a/glib/tests/strfuncs.c
|
|
||||||
+++ b/glib/tests/strfuncs.c
|
|
||||||
@@ -32,6 +32,8 @@
|
|
||||||
#include <string.h>
|
|
||||||
#include "glib.h"
|
|
||||||
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
+
|
|
||||||
#if defined (_MSC_VER) && (_MSC_VER <= 1800)
|
|
||||||
#define isnan(x) _isnan(x)
|
|
||||||
|
|
||||||
@@ -199,6 +201,26 @@ test_is_to_digit (void)
|
|
||||||
#undef TEST_DIGIT
|
|
||||||
}
|
|
||||||
|
|
||||||
+/* Testing g_memdup2() function with various positive and negative cases */
|
|
||||||
+static void
|
|
||||||
+test_memdup2 (void)
|
|
||||||
+{
|
|
||||||
+ gchar *str_dup = NULL;
|
|
||||||
+ const gchar *str = "The quick brown fox jumps over the lazy dog";
|
|
||||||
+
|
|
||||||
+ /* Testing negative cases */
|
|
||||||
+ g_assert_null (g_memdup2 (NULL, 1024));
|
|
||||||
+ g_assert_null (g_memdup2 (str, 0));
|
|
||||||
+ g_assert_null (g_memdup2 (NULL, 0));
|
|
||||||
+
|
|
||||||
+ /* Testing normal usage cases */
|
|
||||||
+ str_dup = g_memdup2 (str, strlen (str) + 1);
|
|
||||||
+ g_assert_nonnull (str_dup);
|
|
||||||
+ g_assert_cmpstr (str, ==, str_dup);
|
|
||||||
+
|
|
||||||
+ g_free (str_dup);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static void
|
|
||||||
test_strdup (void)
|
|
||||||
{
|
|
||||||
@@ -1726,6 +1748,7 @@ main (int argc,
|
|
||||||
g_test_init (&argc, &argv, NULL);
|
|
||||||
|
|
||||||
g_test_add_func ("/strfuncs/test-is-to-digit", test_is_to_digit);
|
|
||||||
+ g_test_add_func ("/strfuncs/memdup2", test_memdup2);
|
|
||||||
g_test_add_func ("/strfuncs/strdup", test_strdup);
|
|
||||||
g_test_add_func ("/strfuncs/strndup", test_strndup);
|
|
||||||
g_test_add_func ("/strfuncs/strdup-printf", test_strdup_printf);
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,43 +0,0 @@
|
|||||||
From 323d0c7658a9a44efc327840c0667044a4b98f89 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
|
|
||||||
Date: Mon, 3 Feb 2020 15:38:28 +0200
|
|
||||||
Subject: [PATCH 2/5] GMainContext - Fix GSource iterator if iteration can
|
|
||||||
modify the list
|
|
||||||
|
|
||||||
We first have to ref the next source and then unref the previous one.
|
|
||||||
This might be the last reference to the previous source, and freeing the
|
|
||||||
previous source might unref and free the next one which would then leave
|
|
||||||
use with a dangling pointer here.
|
|
||||||
|
|
||||||
Fixes https://gitlab.gnome.org/GNOME/glib/issues/2031
|
|
||||||
---
|
|
||||||
glib/gmain.c | 8 ++++++--
|
|
||||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/glib/gmain.c b/glib/gmain.c
|
|
||||||
index 5b91c3117..a3ea1d36c 100644
|
|
||||||
--- a/glib/gmain.c
|
|
||||||
+++ b/glib/gmain.c
|
|
||||||
@@ -965,13 +965,17 @@ g_source_iter_next (GSourceIter *iter, GSource **source)
|
|
||||||
* GSourceList to be removed from source_lists (if iter->source is
|
|
||||||
* the only source in its list, and it is destroyed), so we have to
|
|
||||||
* keep it reffed until after we advance iter->current_list, above.
|
|
||||||
+ *
|
|
||||||
+ * Also we first have to ref the next source before unreffing the
|
|
||||||
+ * previous one as unreffing the previous source can potentially
|
|
||||||
+ * free the next one.
|
|
||||||
*/
|
|
||||||
+ if (next_source && iter->may_modify)
|
|
||||||
+ g_source_ref (next_source);
|
|
||||||
|
|
||||||
if (iter->source && iter->may_modify)
|
|
||||||
g_source_unref_internal (iter->source, iter->context, TRUE);
|
|
||||||
iter->source = next_source;
|
|
||||||
- if (iter->source && iter->may_modify)
|
|
||||||
- g_source_ref (iter->source);
|
|
||||||
|
|
||||||
*source = iter->source;
|
|
||||||
return *source != NULL;
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,262 +0,0 @@
|
|||||||
From d27057acbb26f5b3400677e22a7801bb60a9a134 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Date: Thu, 4 Feb 2021 13:37:56 +0000
|
|
||||||
Subject: [PATCH 02/12] gio: Use g_memdup2() instead of g_memdup() in obvious
|
|
||||||
places
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Convert all the call sites which use `g_memdup()`’s length argument
|
|
||||||
trivially (for example, by passing a `sizeof()`), so that they use
|
|
||||||
`g_memdup2()` instead.
|
|
||||||
|
|
||||||
In almost all of these cases the use of `g_memdup()` would not have
|
|
||||||
caused problems, but it will soon be deprecated, so best port away from
|
|
||||||
it.
|
|
||||||
|
|
||||||
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Helps: #2319
|
|
||||||
---
|
|
||||||
gio/gdbusconnection.c | 5 +++--
|
|
||||||
gio/gdbusinterfaceskeleton.c | 3 ++-
|
|
||||||
gio/gfile.c | 7 ++++---
|
|
||||||
gio/gsettingsschema.c | 5 +++--
|
|
||||||
gio/gwin32registrykey.c | 8 +++++---
|
|
||||||
gio/tests/async-close-output-stream.c | 6 ++++--
|
|
||||||
gio/tests/gdbus-export.c | 5 +++--
|
|
||||||
gio/win32/gwinhttpfile.c | 9 +++++----
|
|
||||||
8 files changed, 29 insertions(+), 19 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/gio/gdbusconnection.c b/gio/gdbusconnection.c
|
|
||||||
index 6f7e5fefc..117c8df35 100644
|
|
||||||
--- a/gio/gdbusconnection.c
|
|
||||||
+++ b/gio/gdbusconnection.c
|
|
||||||
@@ -119,6 +119,7 @@
|
|
||||||
#include "gasyncinitable.h"
|
|
||||||
#include "giostream.h"
|
|
||||||
#include "gasyncresult.h"
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
#include "gtask.h"
|
|
||||||
|
|
||||||
#ifdef G_OS_UNIX
|
|
||||||
@@ -3970,7 +3971,7 @@ _g_dbus_interface_vtable_copy (const GDBusInterfaceVTable *vtable)
|
|
||||||
/* Don't waste memory by copying padding - remember to update this
|
|
||||||
* when changing struct _GDBusInterfaceVTable in gdbusconnection.h
|
|
||||||
*/
|
|
||||||
- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer));
|
|
||||||
+ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer));
|
|
||||||
}
|
|
||||||
|
|
||||||
static void
|
|
||||||
@@ -3987,7 +3988,7 @@ _g_dbus_subtree_vtable_copy (const GDBusSubtreeVTable *vtable)
|
|
||||||
/* Don't waste memory by copying padding - remember to update this
|
|
||||||
* when changing struct _GDBusSubtreeVTable in gdbusconnection.h
|
|
||||||
*/
|
|
||||||
- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer));
|
|
||||||
+ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer));
|
|
||||||
}
|
|
||||||
|
|
||||||
static void
|
|
||||||
diff --git a/gio/gdbusinterfaceskeleton.c b/gio/gdbusinterfaceskeleton.c
|
|
||||||
index 96bd520aa..672604c49 100644
|
|
||||||
--- a/gio/gdbusinterfaceskeleton.c
|
|
||||||
+++ b/gio/gdbusinterfaceskeleton.c
|
|
||||||
@@ -27,6 +27,7 @@
|
|
||||||
#include "gdbusprivate.h"
|
|
||||||
#include "gdbusmethodinvocation.h"
|
|
||||||
#include "gdbusconnection.h"
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
#include "gtask.h"
|
|
||||||
#include "gioerror.h"
|
|
||||||
|
|
||||||
@@ -697,7 +698,7 @@ add_connection_locked (GDBusInterfaceSkeleton *interface_,
|
|
||||||
* properly before building the hooked_vtable, so we create it
|
|
||||||
* once at the last minute.
|
|
||||||
*/
|
|
||||||
- interface_->priv->hooked_vtable = g_memdup (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable));
|
|
||||||
+ interface_->priv->hooked_vtable = g_memdup2 (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable));
|
|
||||||
interface_->priv->hooked_vtable->method_call = skeleton_intercept_handle_method_call;
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/gio/gfile.c b/gio/gfile.c
|
|
||||||
index ff313ebf8..29ebaaa62 100644
|
|
||||||
--- a/gio/gfile.c
|
|
||||||
+++ b/gio/gfile.c
|
|
||||||
@@ -60,6 +60,7 @@
|
|
||||||
#include "gasyncresult.h"
|
|
||||||
#include "gioerror.h"
|
|
||||||
#include "glibintl.h"
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
@@ -7734,7 +7735,7 @@ measure_disk_usage_progress (gboolean reporting,
|
|
||||||
g_main_context_invoke_full (g_task_get_context (task),
|
|
||||||
g_task_get_priority (task),
|
|
||||||
measure_disk_usage_invoke_progress,
|
|
||||||
- g_memdup (&progress, sizeof progress),
|
|
||||||
+ g_memdup2 (&progress, sizeof progress),
|
|
||||||
g_free);
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -7752,7 +7753,7 @@ measure_disk_usage_thread (GTask *task,
|
|
||||||
data->progress_callback ? measure_disk_usage_progress : NULL, task,
|
|
||||||
&result.disk_usage, &result.num_dirs, &result.num_files,
|
|
||||||
&error))
|
|
||||||
- g_task_return_pointer (task, g_memdup (&result, sizeof result), g_free);
|
|
||||||
+ g_task_return_pointer (task, g_memdup2 (&result, sizeof result), g_free);
|
|
||||||
else
|
|
||||||
g_task_return_error (task, error);
|
|
||||||
}
|
|
||||||
@@ -7776,7 +7777,7 @@ g_file_real_measure_disk_usage_async (GFile *file,
|
|
||||||
|
|
||||||
task = g_task_new (file, cancellable, callback, user_data);
|
|
||||||
g_task_set_source_tag (task, g_file_real_measure_disk_usage_async);
|
|
||||||
- g_task_set_task_data (task, g_memdup (&data, sizeof data), g_free);
|
|
||||||
+ g_task_set_task_data (task, g_memdup2 (&data, sizeof data), g_free);
|
|
||||||
g_task_set_priority (task, io_priority);
|
|
||||||
|
|
||||||
g_task_run_in_thread (task, measure_disk_usage_thread);
|
|
||||||
diff --git a/gio/gsettingsschema.c b/gio/gsettingsschema.c
|
|
||||||
index 17b7e3b01..499944395 100644
|
|
||||||
--- a/gio/gsettingsschema.c
|
|
||||||
+++ b/gio/gsettingsschema.c
|
|
||||||
@@ -20,6 +20,7 @@
|
|
||||||
|
|
||||||
#include "gsettingsschema-internal.h"
|
|
||||||
#include "gsettings.h"
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
|
|
||||||
#include "gvdb/gvdb-reader.h"
|
|
||||||
#include "strinfo.c"
|
|
||||||
@@ -1054,9 +1055,9 @@ g_settings_schema_list_children (GSettingsSchema *schema)
|
|
||||||
|
|
||||||
if (g_str_has_suffix (key, "/"))
|
|
||||||
{
|
|
||||||
- gint length = strlen (key);
|
|
||||||
+ gsize length = strlen (key);
|
|
||||||
|
|
||||||
- strv[j] = g_memdup (key, length);
|
|
||||||
+ strv[j] = g_memdup2 (key, length);
|
|
||||||
strv[j][length - 1] = '\0';
|
|
||||||
j++;
|
|
||||||
}
|
|
||||||
diff --git a/gio/gwin32registrykey.c b/gio/gwin32registrykey.c
|
|
||||||
index c19fede4e..619fd48af 100644
|
|
||||||
--- a/gio/gwin32registrykey.c
|
|
||||||
+++ b/gio/gwin32registrykey.c
|
|
||||||
@@ -28,6 +28,8 @@
|
|
||||||
#include <ntstatus.h>
|
|
||||||
#include <winternl.h>
|
|
||||||
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
+
|
|
||||||
#ifndef _WDMDDK_
|
|
||||||
typedef enum _KEY_INFORMATION_CLASS {
|
|
||||||
KeyBasicInformation,
|
|
||||||
@@ -247,7 +249,7 @@ g_win32_registry_value_iter_copy (const GWin32RegistryValueIter *iter)
|
|
||||||
new_iter->value_name_size = iter->value_name_size;
|
|
||||||
|
|
||||||
if (iter->value_data != NULL)
|
|
||||||
- new_iter->value_data = g_memdup (iter->value_data, iter->value_data_size);
|
|
||||||
+ new_iter->value_data = g_memdup2 (iter->value_data, iter->value_data_size);
|
|
||||||
|
|
||||||
new_iter->value_data_size = iter->value_data_size;
|
|
||||||
|
|
||||||
@@ -268,8 +270,8 @@ g_win32_registry_value_iter_copy (const GWin32RegistryValueIter *iter)
|
|
||||||
new_iter->value_data_expanded_charsize = iter->value_data_expanded_charsize;
|
|
||||||
|
|
||||||
if (iter->value_data_expanded_u8 != NULL)
|
|
||||||
- new_iter->value_data_expanded_u8 = g_memdup (iter->value_data_expanded_u8,
|
|
||||||
- iter->value_data_expanded_charsize);
|
|
||||||
+ new_iter->value_data_expanded_u8 = g_memdup2 (iter->value_data_expanded_u8,
|
|
||||||
+ iter->value_data_expanded_charsize);
|
|
||||||
|
|
||||||
new_iter->value_data_expanded_u8_size = iter->value_data_expanded_charsize;
|
|
||||||
|
|
||||||
diff --git a/gio/tests/async-close-output-stream.c b/gio/tests/async-close-output-stream.c
|
|
||||||
index 5f6620275..d3f97a119 100644
|
|
||||||
--- a/gio/tests/async-close-output-stream.c
|
|
||||||
+++ b/gio/tests/async-close-output-stream.c
|
|
||||||
@@ -24,6 +24,8 @@
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
+
|
|
||||||
#define DATA_TO_WRITE "Hello world\n"
|
|
||||||
|
|
||||||
typedef struct
|
|
||||||
@@ -147,9 +149,9 @@ prepare_data (SetupData *data,
|
|
||||||
|
|
||||||
data->expected_size = g_memory_output_stream_get_data_size (G_MEMORY_OUTPUT_STREAM (data->data_stream));
|
|
||||||
|
|
||||||
- g_assert_cmpint (data->expected_size, >, 0);
|
|
||||||
+ g_assert_cmpuint (data->expected_size, >, 0);
|
|
||||||
|
|
||||||
- data->expected_output = g_memdup (written, (guint)data->expected_size);
|
|
||||||
+ data->expected_output = g_memdup2 (written, data->expected_size);
|
|
||||||
|
|
||||||
/* then recreate the streams and prepare them for the asynchronous close */
|
|
||||||
destroy_streams (data);
|
|
||||||
diff --git a/gio/tests/gdbus-export.c b/gio/tests/gdbus-export.c
|
|
||||||
index ef0dddeee..a3c842360 100644
|
|
||||||
--- a/gio/tests/gdbus-export.c
|
|
||||||
+++ b/gio/tests/gdbus-export.c
|
|
||||||
@@ -23,6 +23,7 @@
|
|
||||||
#include <string.h>
|
|
||||||
|
|
||||||
#include "gdbus-tests.h"
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
|
|
||||||
/* all tests rely on a shared mainloop */
|
|
||||||
static GMainLoop *loop = NULL;
|
|
||||||
@@ -652,7 +653,7 @@ subtree_introspect (GDBusConnection *connection,
|
|
||||||
g_assert_not_reached ();
|
|
||||||
}
|
|
||||||
|
|
||||||
- return g_memdup (interfaces, 2 * sizeof (void *));
|
|
||||||
+ return g_memdup2 (interfaces, 2 * sizeof (void *));
|
|
||||||
}
|
|
||||||
|
|
||||||
static const GDBusInterfaceVTable *
|
|
||||||
@@ -708,7 +709,7 @@ dynamic_subtree_introspect (GDBusConnection *connection,
|
|
||||||
{
|
|
||||||
const GDBusInterfaceInfo *interfaces[2] = { &dyna_interface_info, NULL };
|
|
||||||
|
|
||||||
- return g_memdup (interfaces, 2 * sizeof (void *));
|
|
||||||
+ return g_memdup2 (interfaces, 2 * sizeof (void *));
|
|
||||||
}
|
|
||||||
|
|
||||||
static const GDBusInterfaceVTable *
|
|
||||||
diff --git a/gio/win32/gwinhttpfile.c b/gio/win32/gwinhttpfile.c
|
|
||||||
index d5df16d91..f424d21cc 100644
|
|
||||||
--- a/gio/win32/gwinhttpfile.c
|
|
||||||
+++ b/gio/win32/gwinhttpfile.c
|
|
||||||
@@ -29,6 +29,7 @@
|
|
||||||
#include "gio/gfile.h"
|
|
||||||
#include "gio/gfileattribute.h"
|
|
||||||
#include "gio/gfileinfo.h"
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
#include "gwinhttpfile.h"
|
|
||||||
#include "gwinhttpfileinputstream.h"
|
|
||||||
#include "gwinhttpfileoutputstream.h"
|
|
||||||
@@ -393,10 +394,10 @@ g_winhttp_file_resolve_relative_path (GFile *file,
|
|
||||||
child = g_object_new (G_TYPE_WINHTTP_FILE, NULL);
|
|
||||||
child->vfs = winhttp_file->vfs;
|
|
||||||
child->url = winhttp_file->url;
|
|
||||||
- child->url.lpszScheme = g_memdup (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2);
|
|
||||||
- child->url.lpszHostName = g_memdup (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2);
|
|
||||||
- child->url.lpszUserName = g_memdup (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2);
|
|
||||||
- child->url.lpszPassword = g_memdup (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2);
|
|
||||||
+ child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2);
|
|
||||||
+ child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2);
|
|
||||||
+ child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2);
|
|
||||||
+ child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2);
|
|
||||||
child->url.lpszUrlPath = wnew_path;
|
|
||||||
child->url.dwUrlPathLength = wcslen (wnew_path);
|
|
||||||
child->url.lpszExtraInfo = NULL;
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,47 +0,0 @@
|
|||||||
From 4ef58e5661849317a1110c9b93957f2c608677dd Mon Sep 17 00:00:00 2001
|
|
||||||
From: Simon McVittie <smcv@collabora.com>
|
|
||||||
Date: Thu, 3 Jan 2019 08:21:40 +0000
|
|
||||||
Subject: [PATCH 2/2] gvariant test: Also force alignment for tuple test data
|
|
||||||
|
|
||||||
glib!552 (commit 9eed22b3) fixed this for the tests that failed on i686,
|
|
||||||
but this additional test failed on Debian's s390x port
|
|
||||||
(IBM z/Architecture, 64-bit big-endian).
|
|
||||||
|
|
||||||
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
||||||
---
|
|
||||||
glib/tests/gvariant.c | 7 +++++--
|
|
||||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/glib/tests/gvariant.c b/glib/tests/gvariant.c
|
|
||||||
index a7b19826d..c4a996c1f 100644
|
|
||||||
--- a/glib/tests/gvariant.c
|
|
||||||
+++ b/glib/tests/gvariant.c
|
|
||||||
@@ -4820,6 +4820,7 @@ test_normal_checking_array_offsets (void)
|
|
||||||
static void
|
|
||||||
test_normal_checking_tuple_offsets (void)
|
|
||||||
{
|
|
||||||
+ gpointer aligned_data;
|
|
||||||
const guint8 data[] = {
|
|
||||||
0x07, 0xe5, 0x00, 0x07, 0x00, 0x07,
|
|
||||||
'(', 'a', 's', 'a', 's', 'a', 's', 'a', 's', 'a', 's', 'a', 's', ')',
|
|
||||||
@@ -4828,13 +4829,15 @@ test_normal_checking_tuple_offsets (void)
|
|
||||||
GVariant *variant = NULL;
|
|
||||||
GVariant *normal_variant = NULL;
|
|
||||||
|
|
||||||
- variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, data, size,
|
|
||||||
- FALSE, NULL, NULL);
|
|
||||||
+ aligned_data = g_memdup (data, size); /* guarantee alignment */
|
|
||||||
+ variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, aligned_data,
|
|
||||||
+ size, FALSE, NULL, NULL);
|
|
||||||
g_assert_nonnull (variant);
|
|
||||||
|
|
||||||
normal_variant = g_variant_get_normal_form (variant);
|
|
||||||
g_assert_nonnull (normal_variant);
|
|
||||||
|
|
||||||
+ g_free (aligned_data);
|
|
||||||
g_variant_unref (normal_variant);
|
|
||||||
g_variant_unref (variant);
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.19.1
|
|
||||||
|
|
@ -1,109 +0,0 @@
|
|||||||
From fc051ec83d8894dd754bf364562ba9be9ff999fc Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
|
|
||||||
Date: Mon, 3 Feb 2020 15:35:51 +0200
|
|
||||||
Subject: [PATCH 3/5] GMainContext - Fix memory leaks and memory corruption
|
|
||||||
when freeing sources while freeing a context
|
|
||||||
|
|
||||||
Instead of destroying sources directly while freeing the context, and
|
|
||||||
potentially freeing them if this was the last reference to them, collect
|
|
||||||
new references of all sources in a separate list before and at the same
|
|
||||||
time invalidate their context so that they can't access it anymore. Only
|
|
||||||
once all sources have their context invalidated, destroy them while
|
|
||||||
still keeping a reference to them. Once all sources are destroyed we get
|
|
||||||
rid of the additional references and free them if nothing else keeps a
|
|
||||||
reference to them anymore.
|
|
||||||
|
|
||||||
This fixes a regression introduced by 26056558be in 2012.
|
|
||||||
|
|
||||||
The previous code that invalidated the context of each source and then
|
|
||||||
destroyed it before going to the next source without keeping an
|
|
||||||
additional reference caused memory leaks or memory corruption depending
|
|
||||||
on the order of the sources in the sources lists.
|
|
||||||
|
|
||||||
If a source was destroyed it might happen that this was the last
|
|
||||||
reference to this source, and it would then be freed. This would cause
|
|
||||||
the finalize function to be called, which might destroy and unref
|
|
||||||
another source and potentially free it. This other source would then
|
|
||||||
either
|
|
||||||
- go through the normal free logic and change the intern linked list
|
|
||||||
between the sources, while other sources that are unreffed as part of
|
|
||||||
the main context freeing would not. As such the list would be in an
|
|
||||||
inconsistent state and we might dereference freed memory.
|
|
||||||
- go through the normal destroy and free logic but because the context
|
|
||||||
pointer was already invalidated it would simply mark the source as
|
|
||||||
destroyed without actually removing it from the context. This would
|
|
||||||
then cause a memory leak because the reference owned by the context is
|
|
||||||
not freed.
|
|
||||||
|
|
||||||
Fixes https://github.com/gtk-rs/glib/issues/583 while still keeping
|
|
||||||
https://bugzilla.gnome.org/show_bug.cgi?id=661767 fixes.
|
|
||||||
---
|
|
||||||
glib/gmain.c | 35 ++++++++++++++++++++++++++++++++++-
|
|
||||||
1 file changed, 34 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/glib/gmain.c b/glib/gmain.c
|
|
||||||
index a3ea1d36c..1c249ad02 100644
|
|
||||||
--- a/glib/gmain.c
|
|
||||||
+++ b/glib/gmain.c
|
|
||||||
@@ -534,6 +534,7 @@ g_main_context_unref (GMainContext *context)
|
|
||||||
GSourceIter iter;
|
|
||||||
GSource *source;
|
|
||||||
GList *sl_iter;
|
|
||||||
+ GSList *s_iter, *remaining_sources = NULL;
|
|
||||||
GSourceList *list;
|
|
||||||
guint i;
|
|
||||||
|
|
||||||
@@ -553,10 +554,30 @@ g_main_context_unref (GMainContext *context)
|
|
||||||
|
|
||||||
/* g_source_iter_next() assumes the context is locked. */
|
|
||||||
LOCK_CONTEXT (context);
|
|
||||||
- g_source_iter_init (&iter, context, TRUE);
|
|
||||||
+
|
|
||||||
+ /* First collect all remaining sources from the sources lists and store a
|
|
||||||
+ * new reference in a separate list. Also set the context of the sources
|
|
||||||
+ * to NULL so that they can't access a partially destroyed context anymore.
|
|
||||||
+ *
|
|
||||||
+ * We have to do this first so that we have a strong reference to all
|
|
||||||
+ * sources and destroying them below does not also free them, and so that
|
|
||||||
+ * none of the sources can access the context from their finalize/dispose
|
|
||||||
+ * functions. */
|
|
||||||
+ g_source_iter_init (&iter, context, FALSE);
|
|
||||||
while (g_source_iter_next (&iter, &source))
|
|
||||||
{
|
|
||||||
source->context = NULL;
|
|
||||||
+ remaining_sources = g_slist_prepend (remaining_sources, g_source_ref (source));
|
|
||||||
+ }
|
|
||||||
+ g_source_iter_clear (&iter);
|
|
||||||
+
|
|
||||||
+ /* Next destroy all sources. As we still hold a reference to all of them,
|
|
||||||
+ * this won't cause any of them to be freed yet and especially prevents any
|
|
||||||
+ * source that unrefs another source from its finalize function to be freed.
|
|
||||||
+ */
|
|
||||||
+ for (s_iter = remaining_sources; s_iter; s_iter = s_iter->next)
|
|
||||||
+ {
|
|
||||||
+ source = s_iter->data;
|
|
||||||
g_source_destroy_internal (source, context, TRUE);
|
|
||||||
}
|
|
||||||
UNLOCK_CONTEXT (context);
|
|
||||||
@@ -581,6 +602,18 @@ g_main_context_unref (GMainContext *context)
|
|
||||||
g_cond_clear (&context->cond);
|
|
||||||
|
|
||||||
g_free (context);
|
|
||||||
+
|
|
||||||
+ /* And now finally get rid of our references to the sources. This will cause
|
|
||||||
+ * them to be freed unless something else still has a reference to them. Due
|
|
||||||
+ * to setting the context pointers in the sources to NULL above, this won't
|
|
||||||
+ * ever access the context or the internal linked list inside the GSource.
|
|
||||||
+ * We already removed the sources completely from the context above. */
|
|
||||||
+ for (s_iter = remaining_sources; s_iter; s_iter = s_iter->next)
|
|
||||||
+ {
|
|
||||||
+ source = s_iter->data;
|
|
||||||
+ g_source_unref_internal (source, NULL, FALSE);
|
|
||||||
+ }
|
|
||||||
+ g_slist_free (remaining_sources);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Helper function used by mainloop/overflow test.
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,54 +0,0 @@
|
|||||||
From 7f0b0d7fd744ad2f51236444005db49c80a0293d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Date: Wed, 24 Feb 2021 17:42:24 +0000
|
|
||||||
Subject: [PATCH 3/3] glocalfileoutputstream: Add a missing O_CLOEXEC flag to
|
|
||||||
replace()
|
|
||||||
|
|
||||||
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
---
|
|
||||||
gio/glocalfileoutputstream.c | 15 ++++++++++++---
|
|
||||||
1 file changed, 12 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
|
|
||||||
index 4a7766f68..275770fa4 100644
|
|
||||||
--- a/gio/glocalfileoutputstream.c
|
|
||||||
+++ b/gio/glocalfileoutputstream.c
|
|
||||||
@@ -56,6 +56,12 @@
|
|
||||||
#define O_BINARY 0
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+#ifndef O_CLOEXEC
|
|
||||||
+#define O_CLOEXEC 0
|
|
||||||
+#else
|
|
||||||
+#define HAVE_O_CLOEXEC 1
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
struct _GLocalFileOutputStreamPrivate {
|
|
||||||
char *tmp_filename;
|
|
||||||
char *original_filename;
|
|
||||||
@@ -1127,7 +1133,7 @@ _g_local_file_output_stream_replace (const char *filename,
|
|
||||||
sync_on_close = FALSE;
|
|
||||||
|
|
||||||
/* If the file doesn't exist, create it */
|
|
||||||
- open_flags = O_CREAT | O_EXCL | O_BINARY;
|
|
||||||
+ open_flags = O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC;
|
|
||||||
if (readable)
|
|
||||||
open_flags |= O_RDWR;
|
|
||||||
else
|
|
||||||
@@ -1157,8 +1163,11 @@ _g_local_file_output_stream_replace (const char *filename,
|
|
||||||
set_error_from_open_errno (filename, error);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
-
|
|
||||||
-
|
|
||||||
+#if !defined(HAVE_O_CLOEXEC) && defined(F_SETFD)
|
|
||||||
+ else
|
|
||||||
+ fcntl (fd, F_SETFD, FD_CLOEXEC);
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
stream = g_object_new (G_TYPE_LOCAL_FILE_OUTPUT_STREAM, NULL);
|
|
||||||
stream->priv->fd = fd;
|
|
||||||
stream->priv->sync_on_close = sync_on_close;
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,136 +0,0 @@
|
|||||||
From 9d84623c724b9599071fb7f12a189746f7b0ff3f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Date: Thu, 4 Feb 2021 13:39:25 +0000
|
|
||||||
Subject: [PATCH 03/12] gobject: Use g_memdup2() instead of g_memdup() in
|
|
||||||
obvious places
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Convert all the call sites which use `g_memdup()`’s length argument
|
|
||||||
trivially (for example, by passing a `sizeof()`), so that they use
|
|
||||||
`g_memdup2()` instead.
|
|
||||||
|
|
||||||
In almost all of these cases the use of `g_memdup()` would not have
|
|
||||||
caused problems, but it will soon be deprecated, so best port away from
|
|
||||||
it.
|
|
||||||
|
|
||||||
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Helps: #2319
|
|
||||||
---
|
|
||||||
gobject/gsignal.c | 3 ++-
|
|
||||||
gobject/gtype.c | 9 +++++----
|
|
||||||
gobject/gtypemodule.c | 3 ++-
|
|
||||||
gobject/tests/param.c | 4 +++-
|
|
||||||
4 files changed, 12 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/gobject/gsignal.c b/gobject/gsignal.c
|
|
||||||
index b22dfcca8..92555eb60 100644
|
|
||||||
--- a/gobject/gsignal.c
|
|
||||||
+++ b/gobject/gsignal.c
|
|
||||||
@@ -28,6 +28,7 @@
|
|
||||||
#include <signal.h>
|
|
||||||
|
|
||||||
#include "gsignal.h"
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
#include "gtype-private.h"
|
|
||||||
#include "gbsearcharray.h"
|
|
||||||
#include "gvaluecollector.h"
|
|
||||||
@@ -1724,7 +1725,7 @@ g_signal_newv (const gchar *signal_name,
|
|
||||||
node->single_va_closure_is_valid = FALSE;
|
|
||||||
node->flags = signal_flags & G_SIGNAL_FLAGS_MASK;
|
|
||||||
node->n_params = n_params;
|
|
||||||
- node->param_types = g_memdup (param_types, sizeof (GType) * n_params);
|
|
||||||
+ node->param_types = g_memdup2 (param_types, sizeof (GType) * n_params);
|
|
||||||
node->return_type = return_type;
|
|
||||||
node->class_closure_bsa = NULL;
|
|
||||||
if (accumulator)
|
|
||||||
diff --git a/gobject/gtype.c b/gobject/gtype.c
|
|
||||||
index 275a8b60b..9e663ce52 100644
|
|
||||||
--- a/gobject/gtype.c
|
|
||||||
+++ b/gobject/gtype.c
|
|
||||||
@@ -33,6 +33,7 @@
|
|
||||||
|
|
||||||
#include "glib-private.h"
|
|
||||||
#include "gconstructor.h"
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
|
|
||||||
#ifdef G_OS_WIN32
|
|
||||||
#include <windows.h>
|
|
||||||
@@ -1471,7 +1472,7 @@ type_add_interface_Wm (TypeNode *node,
|
|
||||||
iholder->next = iface_node_get_holders_L (iface);
|
|
||||||
iface_node_set_holders_W (iface, iholder);
|
|
||||||
iholder->instance_type = NODE_TYPE (node);
|
|
||||||
- iholder->info = info ? g_memdup (info, sizeof (*info)) : NULL;
|
|
||||||
+ iholder->info = info ? g_memdup2 (info, sizeof (*info)) : NULL;
|
|
||||||
iholder->plugin = plugin;
|
|
||||||
|
|
||||||
/* create an iface entry for this type */
|
|
||||||
@@ -1732,7 +1733,7 @@ type_iface_retrieve_holder_info_Wm (TypeNode *iface,
|
|
||||||
INVALID_RECURSION ("g_type_plugin_*", iholder->plugin, NODE_NAME (iface));
|
|
||||||
|
|
||||||
check_interface_info_I (iface, instance_type, &tmp_info);
|
|
||||||
- iholder->info = g_memdup (&tmp_info, sizeof (tmp_info));
|
|
||||||
+ iholder->info = g_memdup2 (&tmp_info, sizeof (tmp_info));
|
|
||||||
}
|
|
||||||
|
|
||||||
return iholder; /* we don't modify write lock upon returning NULL */
|
|
||||||
@@ -2013,10 +2014,10 @@ type_iface_vtable_base_init_Wm (TypeNode *iface,
|
|
||||||
IFaceEntry *pentry = type_lookup_iface_entry_L (pnode, iface);
|
|
||||||
|
|
||||||
if (pentry)
|
|
||||||
- vtable = g_memdup (pentry->vtable, iface->data->iface.vtable_size);
|
|
||||||
+ vtable = g_memdup2 (pentry->vtable, iface->data->iface.vtable_size);
|
|
||||||
}
|
|
||||||
if (!vtable)
|
|
||||||
- vtable = g_memdup (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size);
|
|
||||||
+ vtable = g_memdup2 (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size);
|
|
||||||
entry->vtable = vtable;
|
|
||||||
vtable->g_type = NODE_TYPE (iface);
|
|
||||||
vtable->g_instance_type = NODE_TYPE (node);
|
|
||||||
diff --git a/gobject/gtypemodule.c b/gobject/gtypemodule.c
|
|
||||||
index c67f789b1..cf877bc0b 100644
|
|
||||||
--- a/gobject/gtypemodule.c
|
|
||||||
+++ b/gobject/gtypemodule.c
|
|
||||||
@@ -19,6 +19,7 @@
|
|
||||||
|
|
||||||
#include <stdlib.h>
|
|
||||||
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
#include "gtypeplugin.h"
|
|
||||||
#include "gtypemodule.h"
|
|
||||||
|
|
||||||
@@ -436,7 +437,7 @@ g_type_module_register_type (GTypeModule *module,
|
|
||||||
module_type_info->loaded = TRUE;
|
|
||||||
module_type_info->info = *type_info;
|
|
||||||
if (type_info->value_table)
|
|
||||||
- module_type_info->info.value_table = g_memdup (type_info->value_table,
|
|
||||||
+ module_type_info->info.value_table = g_memdup2 (type_info->value_table,
|
|
||||||
sizeof (GTypeValueTable));
|
|
||||||
|
|
||||||
return module_type_info->type;
|
|
||||||
diff --git a/gobject/tests/param.c b/gobject/tests/param.c
|
|
||||||
index 758289bf8..971cff162 100644
|
|
||||||
--- a/gobject/tests/param.c
|
|
||||||
+++ b/gobject/tests/param.c
|
|
||||||
@@ -2,6 +2,8 @@
|
|
||||||
#include <glib-object.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
+
|
|
||||||
static void
|
|
||||||
test_param_value (void)
|
|
||||||
{
|
|
||||||
@@ -851,7 +853,7 @@ main (int argc, char *argv[])
|
|
||||||
test_path = g_strdup_printf ("/param/implement/subprocess/%d-%d-%d-%d",
|
|
||||||
data.change_this_flag, data.change_this_type,
|
|
||||||
data.use_this_flag, data.use_this_type);
|
|
||||||
- test_data = g_memdup (&data, sizeof (TestParamImplementData));
|
|
||||||
+ test_data = g_memdup2 (&data, sizeof (TestParamImplementData));
|
|
||||||
g_test_add_data_func_full (test_path, test_data, test_param_implement_child, g_free);
|
|
||||||
g_free (test_path);
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,36 +0,0 @@
|
|||||||
From 1d16e92028f235ed9cd786070832d5bd71017661 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
|
|
||||||
Date: Tue, 11 Feb 2020 09:34:38 +0200
|
|
||||||
Subject: [PATCH 4/5] GMainContext - Move mutex unlocking in destructor right
|
|
||||||
before freeing the mutex
|
|
||||||
|
|
||||||
This does not have any behaviour changes but is cleaner. The mutex is
|
|
||||||
only unlocked now after all operations on the context are done and right
|
|
||||||
before freeing the mutex and the context itself.
|
|
||||||
---
|
|
||||||
glib/gmain.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/glib/gmain.c b/glib/gmain.c
|
|
||||||
index 1c249ad02..44e6ed0c3 100644
|
|
||||||
--- a/glib/gmain.c
|
|
||||||
+++ b/glib/gmain.c
|
|
||||||
@@ -580,7 +580,6 @@ g_main_context_unref (GMainContext *context)
|
|
||||||
source = s_iter->data;
|
|
||||||
g_source_destroy_internal (source, context, TRUE);
|
|
||||||
}
|
|
||||||
- UNLOCK_CONTEXT (context);
|
|
||||||
|
|
||||||
for (sl_iter = context->source_lists; sl_iter; sl_iter = sl_iter->next)
|
|
||||||
{
|
|
||||||
@@ -591,6 +590,7 @@ g_main_context_unref (GMainContext *context)
|
|
||||||
|
|
||||||
g_hash_table_destroy (context->sources);
|
|
||||||
|
|
||||||
+ UNLOCK_CONTEXT (context);
|
|
||||||
g_mutex_clear (&context->mutex);
|
|
||||||
|
|
||||||
g_ptr_array_free (context->pending_dispatches, TRUE);
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,284 +0,0 @@
|
|||||||
From 3bfea0105adc5d946a82995ad439d8119b55dae2 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Date: Thu, 4 Feb 2021 13:41:21 +0000
|
|
||||||
Subject: [PATCH 04/12] glib: Use g_memdup2() instead of g_memdup() in obvious
|
|
||||||
places
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Convert all the call sites which use `g_memdup()`’s length argument
|
|
||||||
trivially (for example, by passing a `sizeof()` or an existing `gsize`
|
|
||||||
variable), so that they use `g_memdup2()` instead.
|
|
||||||
|
|
||||||
In almost all of these cases the use of `g_memdup()` would not have
|
|
||||||
caused problems, but it will soon be deprecated, so best port away from
|
|
||||||
it
|
|
||||||
|
|
||||||
In particular, this fixes an overflow within `g_bytes_new()`, identified
|
|
||||||
as GHSL-2021-045 by GHSL team member Kevin Backhouse.
|
|
||||||
|
|
||||||
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Fixes: GHSL-2021-045
|
|
||||||
Helps: #2319
|
|
||||||
---
|
|
||||||
glib/gbytes.c | 6 ++++--
|
|
||||||
glib/gdir.c | 3 ++-
|
|
||||||
glib/ghash.c | 1 +
|
|
||||||
glib/giochannel.c | 1 +
|
|
||||||
glib/gslice.c | 3 ++-
|
|
||||||
glib/gtestutils.c | 3 ++-
|
|
||||||
glib/gvariant.c | 7 ++++---
|
|
||||||
glib/gvarianttype.c | 3 ++-
|
|
||||||
glib/tests/array-test.c | 4 +++-
|
|
||||||
glib/tests/option-context.c | 6 ++++--
|
|
||||||
glib/tests/uri.c | 2 ++
|
|
||||||
11 files changed, 27 insertions(+), 12 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/glib/gbytes.c b/glib/gbytes.c
|
|
||||||
index 3b14a51cd..5141170d7 100644
|
|
||||||
--- a/glib/gbytes.c
|
|
||||||
+++ b/glib/gbytes.c
|
|
||||||
@@ -33,6 +33,8 @@
|
|
||||||
|
|
||||||
#include <string.h>
|
|
||||||
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
+
|
|
||||||
/**
|
|
||||||
* GBytes:
|
|
||||||
*
|
|
||||||
@@ -94,7 +96,7 @@ g_bytes_new (gconstpointer data,
|
|
||||||
{
|
|
||||||
g_return_val_if_fail (data != NULL || size == 0, NULL);
|
|
||||||
|
|
||||||
- return g_bytes_new_take (g_memdup (data, size), size);
|
|
||||||
+ return g_bytes_new_take (g_memdup2 (data, size), size);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
@@ -490,7 +492,7 @@ g_bytes_unref_to_data (GBytes *bytes,
|
|
||||||
* Copy: Non g_malloc (or compatible) allocator, or static memory,
|
|
||||||
* so we have to copy, and then unref.
|
|
||||||
*/
|
|
||||||
- result = g_memdup (bytes->data, bytes->size);
|
|
||||||
+ result = g_memdup2 (bytes->data, bytes->size);
|
|
||||||
*size = bytes->size;
|
|
||||||
g_bytes_unref (bytes);
|
|
||||||
}
|
|
||||||
diff --git a/glib/gdir.c b/glib/gdir.c
|
|
||||||
index cb4ad0b2f..9d955d57f 100644
|
|
||||||
--- a/glib/gdir.c
|
|
||||||
+++ b/glib/gdir.c
|
|
||||||
@@ -37,6 +37,7 @@
|
|
||||||
#include "gconvert.h"
|
|
||||||
#include "gfileutils.h"
|
|
||||||
#include "gstrfuncs.h"
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
#include "gtestutils.h"
|
|
||||||
#include "glibintl.h"
|
|
||||||
|
|
||||||
@@ -113,7 +114,7 @@ g_dir_open_with_errno (const gchar *path,
|
|
||||||
return NULL;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
- return g_memdup (&dir, sizeof dir);
|
|
||||||
+ return g_memdup2 (&dir, sizeof dir);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
diff --git a/glib/ghash.c b/glib/ghash.c
|
|
||||||
index 6bb04a50d..d475e6d64 100644
|
|
||||||
--- a/glib/ghash.c
|
|
||||||
+++ b/glib/ghash.c
|
|
||||||
@@ -34,6 +34,7 @@
|
|
||||||
|
|
||||||
#include "glib-private.h"
|
|
||||||
#include "gstrfuncs.h"
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
#include "gatomic.h"
|
|
||||||
#include "gtestutils.h"
|
|
||||||
#include "gslice.h"
|
|
||||||
diff --git a/glib/giochannel.c b/glib/giochannel.c
|
|
||||||
index f01817a83..ec2cada6f 100644
|
|
||||||
--- a/glib/giochannel.c
|
|
||||||
+++ b/glib/giochannel.c
|
|
||||||
@@ -37,6 +37,7 @@
|
|
||||||
#include "giochannel.h"
|
|
||||||
|
|
||||||
#include "gstrfuncs.h"
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
#include "gtestutils.h"
|
|
||||||
#include "glibintl.h"
|
|
||||||
#include "gunicodeprivate.h"
|
|
||||||
diff --git a/glib/gslice.c b/glib/gslice.c
|
|
||||||
index 454c8a602..8e2359515 100644
|
|
||||||
--- a/glib/gslice.c
|
|
||||||
+++ b/glib/gslice.c
|
|
||||||
@@ -45,6 +45,7 @@
|
|
||||||
#include "gmain.h"
|
|
||||||
#include "gmem.h" /* gslice.h */
|
|
||||||
#include "gstrfuncs.h"
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
#include "gutils.h"
|
|
||||||
#include "gtrashstack.h"
|
|
||||||
#include "gtestutils.h"
|
|
||||||
@@ -352,7 +353,7 @@ g_slice_get_config_state (GSliceConfig ckey,
|
|
||||||
array[i++] = allocator->contention_counters[address];
|
|
||||||
array[i++] = allocator_get_magazine_threshold (allocator, address);
|
|
||||||
*n_values = i;
|
|
||||||
- return g_memdup (array, sizeof (array[0]) * *n_values);
|
|
||||||
+ return g_memdup2 (array, sizeof (array[0]) * *n_values);
|
|
||||||
default:
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
diff --git a/glib/gtestutils.c b/glib/gtestutils.c
|
|
||||||
index 0447dcda5..14e071fce 100644
|
|
||||||
--- a/glib/gtestutils.c
|
|
||||||
+++ b/glib/gtestutils.c
|
|
||||||
@@ -49,6 +49,7 @@
|
|
||||||
#include "gpattern.h"
|
|
||||||
#include "grand.h"
|
|
||||||
#include "gstrfuncs.h"
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
#include "gtimer.h"
|
|
||||||
#include "gslice.h"
|
|
||||||
#include "gspawn.h"
|
|
||||||
@@ -3397,7 +3398,7 @@ g_test_log_extract (GTestLogBuffer *tbuffer)
|
|
||||||
if (p <= tbuffer->data->str + mlength)
|
|
||||||
{
|
|
||||||
g_string_erase (tbuffer->data, 0, mlength);
|
|
||||||
- tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup (&msg, sizeof (msg)));
|
|
||||||
+ tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup2 (&msg, sizeof (msg)));
|
|
||||||
return TRUE;
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/glib/gvariant.c b/glib/gvariant.c
|
|
||||||
index 8be9ce798..45a1a73dc 100644
|
|
||||||
--- a/glib/gvariant.c
|
|
||||||
+++ b/glib/gvariant.c
|
|
||||||
@@ -33,6 +33,7 @@
|
|
||||||
|
|
||||||
#include <string.h>
|
|
||||||
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
|
|
||||||
/**
|
|
||||||
* SECTION:gvariant
|
|
||||||
@@ -720,7 +721,7 @@ g_variant_new_variant (GVariant *value)
|
|
||||||
g_variant_ref_sink (value);
|
|
||||||
|
|
||||||
return g_variant_new_from_children (G_VARIANT_TYPE_VARIANT,
|
|
||||||
- g_memdup (&value, sizeof value),
|
|
||||||
+ g_memdup2 (&value, sizeof value),
|
|
||||||
1, g_variant_is_trusted (value));
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -1224,7 +1225,7 @@ g_variant_new_fixed_array (const GVariantType *element_type,
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
- data = g_memdup (elements, n_elements * element_size);
|
|
||||||
+ data = g_memdup2 (elements, n_elements * element_size);
|
|
||||||
value = g_variant_new_from_data (array_type, data,
|
|
||||||
n_elements * element_size,
|
|
||||||
FALSE, g_free, data);
|
|
||||||
@@ -1901,7 +1902,7 @@ g_variant_dup_bytestring (GVariant *value,
|
|
||||||
if (length)
|
|
||||||
*length = size;
|
|
||||||
|
|
||||||
- return g_memdup (original, size + 1);
|
|
||||||
+ return g_memdup2 (original, size + 1);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
diff --git a/glib/gvarianttype.c b/glib/gvarianttype.c
|
|
||||||
index c8433e65a..dbbf7d2d1 100644
|
|
||||||
--- a/glib/gvarianttype.c
|
|
||||||
+++ b/glib/gvarianttype.c
|
|
||||||
@@ -28,6 +28,7 @@
|
|
||||||
|
|
||||||
#include <string.h>
|
|
||||||
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
|
|
||||||
/**
|
|
||||||
* SECTION:gvarianttype
|
|
||||||
@@ -1174,7 +1175,7 @@ g_variant_type_new_tuple (const GVariantType * const *items,
|
|
||||||
g_assert (offset < sizeof buffer);
|
|
||||||
buffer[offset++] = ')';
|
|
||||||
|
|
||||||
- return (GVariantType *) g_memdup (buffer, offset);
|
|
||||||
+ return (GVariantType *) g_memdup2 (buffer, offset);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
diff --git a/glib/tests/array-test.c b/glib/tests/array-test.c
|
|
||||||
index 64b996fb8..f784c06f8 100644
|
|
||||||
--- a/glib/tests/array-test.c
|
|
||||||
+++ b/glib/tests/array-test.c
|
|
||||||
@@ -30,6 +30,8 @@
|
|
||||||
#include <string.h>
|
|
||||||
#include "glib.h"
|
|
||||||
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
+
|
|
||||||
static void
|
|
||||||
sum_up (gpointer data,
|
|
||||||
gpointer user_data)
|
|
||||||
@@ -913,7 +915,7 @@ byte_array_new_take (void)
|
|
||||||
GByteArray *gbarray;
|
|
||||||
guint8 *data;
|
|
||||||
|
|
||||||
- data = g_memdup ("woooweeewow", 11);
|
|
||||||
+ data = g_memdup2 ("woooweeewow", 11);
|
|
||||||
gbarray = g_byte_array_new_take (data, 11);
|
|
||||||
g_assert (gbarray->data == data);
|
|
||||||
g_assert_cmpuint (gbarray->len, ==, 11);
|
|
||||||
diff --git a/glib/tests/option-context.c b/glib/tests/option-context.c
|
|
||||||
index a1e7b051c..be214b312 100644
|
|
||||||
--- a/glib/tests/option-context.c
|
|
||||||
+++ b/glib/tests/option-context.c
|
|
||||||
@@ -27,6 +27,8 @@
|
|
||||||
#include <string.h>
|
|
||||||
#include <locale.h>
|
|
||||||
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
+
|
|
||||||
static GOptionEntry main_entries[] = {
|
|
||||||
{ "main-switch", 0, 0,
|
|
||||||
G_OPTION_ARG_NONE, NULL,
|
|
||||||
@@ -256,7 +258,7 @@ join_stringv (int argc, char **argv)
|
|
||||||
static char **
|
|
||||||
copy_stringv (char **argv, int argc)
|
|
||||||
{
|
|
||||||
- return g_memdup (argv, sizeof (char *) * (argc + 1));
|
|
||||||
+ return g_memdup2 (argv, sizeof (char *) * (argc + 1));
|
|
||||||
}
|
|
||||||
|
|
||||||
static void
|
|
||||||
@@ -2275,7 +2277,7 @@ test_group_parse (void)
|
|
||||||
g_option_context_add_group (context, group);
|
|
||||||
|
|
||||||
argv = split_string ("program --test arg1 -f arg2 --group-test arg3 --frob arg4 -z arg5", &argc);
|
|
||||||
- orig_argv = g_memdup (argv, (argc + 1) * sizeof (char *));
|
|
||||||
+ orig_argv = g_memdup2 (argv, (argc + 1) * sizeof (char *));
|
|
||||||
|
|
||||||
retval = g_option_context_parse (context, &argc, &argv, &error);
|
|
||||||
|
|
||||||
diff --git a/glib/tests/uri.c b/glib/tests/uri.c
|
|
||||||
index d292f33bf..77847ae6c 100644
|
|
||||||
--- a/glib/tests/uri.c
|
|
||||||
+++ b/glib/tests/uri.c
|
|
||||||
@@ -27,6 +27,8 @@
|
|
||||||
#include <string.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
+
|
|
||||||
typedef struct
|
|
||||||
{
|
|
||||||
char *filename;
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,29 +0,0 @@
|
|||||||
From 02ad7294ad5895178df73a6cd8546c6e67097493 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Benjamin Berg <bberg@redhat.com>
|
|
||||||
Date: Tue, 13 Oct 2020 15:09:43 +0200
|
|
||||||
Subject: [PATCH 5/5] gmain: Fix possible locking issue in source unref
|
|
||||||
|
|
||||||
When unref'ing child sources, the lock is already held. But instead of
|
|
||||||
passing TRUE to g_source_unref_internal it currently passes whether the
|
|
||||||
lock was already held outside of the current invocation. Just pass TRUE
|
|
||||||
to fix this possible issue.
|
|
||||||
---
|
|
||||||
glib/gmain.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/glib/gmain.c b/glib/gmain.c
|
|
||||||
index 44e6ed0c3..95992253d 100644
|
|
||||||
--- a/glib/gmain.c
|
|
||||||
+++ b/glib/gmain.c
|
|
||||||
@@ -2164,7 +2164,7 @@ g_source_unref_internal (GSource *source,
|
|
||||||
g_slist_remove (source->priv->child_sources, child_source);
|
|
||||||
child_source->priv->parent_source = NULL;
|
|
||||||
|
|
||||||
- g_source_unref_internal (child_source, context, have_lock);
|
|
||||||
+ g_source_unref_internal (child_source, context, TRUE);
|
|
||||||
}
|
|
||||||
|
|
||||||
g_slice_free (GSourcePrivate, source->priv);
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,47 +0,0 @@
|
|||||||
From 14e8a9e9f26d33170ea092cd9eaf63d3d33ec6da Mon Sep 17 00:00:00 2001
|
|
||||||
From: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Date: Thu, 4 Feb 2021 16:12:24 +0000
|
|
||||||
Subject: [PATCH 05/12] gwinhttpfile: Avoid arithmetic overflow when
|
|
||||||
calculating a size
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
The members of `URL_COMPONENTS` (`winhttp_file->url`) are `DWORD`s, i.e.
|
|
||||||
32-bit unsigned integers. Adding to and multiplying them may cause them
|
|
||||||
to overflow the unsigned integer bounds, even if the result is passed to
|
|
||||||
`g_memdup2()` which accepts a `gsize`.
|
|
||||||
|
|
||||||
Cast the `URL_COMPONENTS` members to `gsize` first to ensure that the
|
|
||||||
arithmetic is done in terms of `gsize`s rather than unsigned integers.
|
|
||||||
|
|
||||||
Spotted by Sebastian Dröge.
|
|
||||||
|
|
||||||
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Helps: #2319
|
|
||||||
---
|
|
||||||
gio/win32/gwinhttpfile.c | 8 ++++----
|
|
||||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/gio/win32/gwinhttpfile.c b/gio/win32/gwinhttpfile.c
|
|
||||||
index f424d21cc..e98031a98 100644
|
|
||||||
--- a/gio/win32/gwinhttpfile.c
|
|
||||||
+++ b/gio/win32/gwinhttpfile.c
|
|
||||||
@@ -394,10 +394,10 @@ g_winhttp_file_resolve_relative_path (GFile *file,
|
|
||||||
child = g_object_new (G_TYPE_WINHTTP_FILE, NULL);
|
|
||||||
child->vfs = winhttp_file->vfs;
|
|
||||||
child->url = winhttp_file->url;
|
|
||||||
- child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2);
|
|
||||||
- child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2);
|
|
||||||
- child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2);
|
|
||||||
- child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2);
|
|
||||||
+ child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, ((gsize) winhttp_file->url.dwSchemeLength + 1) * 2);
|
|
||||||
+ child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, ((gsize) winhttp_file->url.dwHostNameLength + 1) * 2);
|
|
||||||
+ child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, ((gsize) winhttp_file->url.dwUserNameLength + 1) * 2);
|
|
||||||
+ child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, ((gsize) winhttp_file->url.dwPasswordLength + 1) * 2);
|
|
||||||
child->url.lpszUrlPath = wnew_path;
|
|
||||||
child->url.dwUrlPathLength = wcslen (wnew_path);
|
|
||||||
child->url.lpszExtraInfo = NULL;
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,94 +0,0 @@
|
|||||||
From 587a525b7eb44e770857cfd4526ebb49ded4e4c8 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Date: Thu, 4 Feb 2021 13:49:00 +0000
|
|
||||||
Subject: [PATCH 06/12] gdatainputstream: Handle stop_chars_len internally as
|
|
||||||
gsize
|
|
||||||
|
|
||||||
Previously it was handled as a `gssize`, which meant that if the
|
|
||||||
`stop_chars` string was longer than `G_MAXSSIZE` there would be an
|
|
||||||
overflow.
|
|
||||||
|
|
||||||
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Helps: #2319
|
|
||||||
---
|
|
||||||
gio/gdatainputstream.c | 25 +++++++++++++++++--------
|
|
||||||
1 file changed, 17 insertions(+), 8 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/gio/gdatainputstream.c b/gio/gdatainputstream.c
|
|
||||||
index 9f207b158..f9891bb09 100644
|
|
||||||
--- a/gio/gdatainputstream.c
|
|
||||||
+++ b/gio/gdatainputstream.c
|
|
||||||
@@ -27,6 +27,7 @@
|
|
||||||
#include "gioenumtypes.h"
|
|
||||||
#include "gioerror.h"
|
|
||||||
#include "glibintl.h"
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
|
|
||||||
#include <string.h>
|
|
||||||
|
|
||||||
@@ -856,7 +857,7 @@ static gssize
|
|
||||||
scan_for_chars (GDataInputStream *stream,
|
|
||||||
gsize *checked_out,
|
|
||||||
const char *stop_chars,
|
|
||||||
- gssize stop_chars_len)
|
|
||||||
+ gsize stop_chars_len)
|
|
||||||
{
|
|
||||||
GBufferedInputStream *bstream;
|
|
||||||
const char *buffer;
|
|
||||||
@@ -952,7 +953,7 @@ typedef struct
|
|
||||||
gsize checked;
|
|
||||||
|
|
||||||
gchar *stop_chars;
|
|
||||||
- gssize stop_chars_len;
|
|
||||||
+ gsize stop_chars_len;
|
|
||||||
gsize length;
|
|
||||||
} GDataInputStreamReadData;
|
|
||||||
|
|
||||||
@@ -1078,12 +1079,17 @@ g_data_input_stream_read_async (GDataInputStream *stream,
|
|
||||||
{
|
|
||||||
GDataInputStreamReadData *data;
|
|
||||||
GTask *task;
|
|
||||||
+ gsize stop_chars_len_unsigned;
|
|
||||||
|
|
||||||
data = g_slice_new0 (GDataInputStreamReadData);
|
|
||||||
- if (stop_chars_len == -1)
|
|
||||||
- stop_chars_len = strlen (stop_chars);
|
|
||||||
- data->stop_chars = g_memdup (stop_chars, stop_chars_len);
|
|
||||||
- data->stop_chars_len = stop_chars_len;
|
|
||||||
+
|
|
||||||
+ if (stop_chars_len < 0)
|
|
||||||
+ stop_chars_len_unsigned = strlen (stop_chars);
|
|
||||||
+ else
|
|
||||||
+ stop_chars_len_unsigned = (gsize) stop_chars_len;
|
|
||||||
+
|
|
||||||
+ data->stop_chars = g_memdup2 (stop_chars, stop_chars_len_unsigned);
|
|
||||||
+ data->stop_chars_len = stop_chars_len_unsigned;
|
|
||||||
data->last_saw_cr = FALSE;
|
|
||||||
|
|
||||||
task = g_task_new (stream, cancellable, callback, user_data);
|
|
||||||
@@ -1338,17 +1344,20 @@ g_data_input_stream_read_upto (GDataInputStream *stream,
|
|
||||||
gssize found_pos;
|
|
||||||
gssize res;
|
|
||||||
char *data_until;
|
|
||||||
+ gsize stop_chars_len_unsigned;
|
|
||||||
|
|
||||||
g_return_val_if_fail (G_IS_DATA_INPUT_STREAM (stream), NULL);
|
|
||||||
|
|
||||||
if (stop_chars_len < 0)
|
|
||||||
- stop_chars_len = strlen (stop_chars);
|
|
||||||
+ stop_chars_len_unsigned = strlen (stop_chars);
|
|
||||||
+ else
|
|
||||||
+ stop_chars_len_unsigned = (gsize) stop_chars_len;
|
|
||||||
|
|
||||||
bstream = G_BUFFERED_INPUT_STREAM (stream);
|
|
||||||
|
|
||||||
checked = 0;
|
|
||||||
|
|
||||||
- while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len)) == -1)
|
|
||||||
+ while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len_unsigned)) == -1)
|
|
||||||
{
|
|
||||||
if (g_buffered_input_stream_get_available (bstream) ==
|
|
||||||
g_buffered_input_stream_get_buffer_size (bstream))
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,69 +0,0 @@
|
|||||||
From 9878d5eaeb18bc05131dee9a316f74e717626018 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Date: Thu, 4 Feb 2021 13:50:37 +0000
|
|
||||||
Subject: [PATCH 07/12] gwin32: Use gsize internally in g_wcsdup()
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
This allows it to handle strings up to length `G_MAXSIZE` — previously
|
|
||||||
it would overflow with such strings.
|
|
||||||
|
|
||||||
Update the several copies of it identically.
|
|
||||||
|
|
||||||
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Helps: #2319
|
|
||||||
---
|
|
||||||
gio/gwin32registrykey.c | 34 ++++++++++++++++++++++++++--------
|
|
||||||
1 file changed, 26 insertions(+), 8 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/gio/gwin32registrykey.c b/gio/gwin32registrykey.c
|
|
||||||
index 619fd48af..fbd65311a 100644
|
|
||||||
--- a/gio/gwin32registrykey.c
|
|
||||||
+++ b/gio/gwin32registrykey.c
|
|
||||||
@@ -127,16 +127,34 @@ typedef enum
|
|
||||||
G_WIN32_REGISTRY_UPDATED_PATH = 1,
|
|
||||||
} GWin32RegistryKeyUpdateFlag;
|
|
||||||
|
|
||||||
+static gsize
|
|
||||||
+g_utf16_len (const gunichar2 *str)
|
|
||||||
+{
|
|
||||||
+ gsize result;
|
|
||||||
+
|
|
||||||
+ for (result = 0; str[0] != 0; str++, result++)
|
|
||||||
+ ;
|
|
||||||
+
|
|
||||||
+ return result;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static gunichar2 *
|
|
||||||
-g_wcsdup (const gunichar2 *str,
|
|
||||||
- gssize str_size)
|
|
||||||
+g_wcsdup (const gunichar2 *str, gssize str_len)
|
|
||||||
{
|
|
||||||
- if (str_size == -1)
|
|
||||||
- {
|
|
||||||
- str_size = wcslen (str) + 1;
|
|
||||||
- str_size *= sizeof (gunichar2);
|
|
||||||
- }
|
|
||||||
- return g_memdup (str, str_size);
|
|
||||||
+ gsize str_len_unsigned;
|
|
||||||
+ gsize str_size;
|
|
||||||
+
|
|
||||||
+ g_return_val_if_fail (str != NULL, NULL);
|
|
||||||
+
|
|
||||||
+ if (str_len < 0)
|
|
||||||
+ str_len_unsigned = g_utf16_len (str);
|
|
||||||
+ else
|
|
||||||
+ str_len_unsigned = (gsize) str_len;
|
|
||||||
+
|
|
||||||
+ g_assert (str_len_unsigned <= G_MAXSIZE / sizeof (gunichar2) - 1);
|
|
||||||
+ str_size = (str_len_unsigned + 1) * sizeof (gunichar2);
|
|
||||||
+
|
|
||||||
+ return g_memdup2 (str, str_size);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,94 +0,0 @@
|
|||||||
From 34f26a016a55a742615538dfe5392e53b61fc46d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Date: Thu, 4 Feb 2021 13:58:32 +0000
|
|
||||||
Subject: [PATCH 08/12] gkeyfilesettingsbackend: Handle long keys when
|
|
||||||
converting paths
|
|
||||||
|
|
||||||
Previously, the code in `convert_path()` could not handle keys longer
|
|
||||||
than `G_MAXINT`, and would overflow if that was exceeded.
|
|
||||||
|
|
||||||
Convert the code to use `gsize` and `g_memdup2()` throughout, and
|
|
||||||
change from identifying the position of the final slash in the string
|
|
||||||
using a signed offset `i`, to using a pointer to the character (and
|
|
||||||
`strrchr()`). This allows the slash to be at any position in a
|
|
||||||
`G_MAXSIZE`-long string, without sacrificing a bit of the offset for
|
|
||||||
indicating whether a slash was found.
|
|
||||||
|
|
||||||
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Helps: #2319
|
|
||||||
---
|
|
||||||
gio/gkeyfilesettingsbackend.c | 21 ++++++++++-----------
|
|
||||||
1 file changed, 10 insertions(+), 11 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
|
|
||||||
index f74e3682c..063df1ee7 100644
|
|
||||||
--- a/gio/gkeyfilesettingsbackend.c
|
|
||||||
+++ b/gio/gkeyfilesettingsbackend.c
|
|
||||||
@@ -33,6 +33,7 @@
|
|
||||||
#include "gfilemonitor.h"
|
|
||||||
#include "gsimplepermission.h"
|
|
||||||
#include "gsettingsbackendinternal.h"
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
#include "giomodule-priv.h"
|
|
||||||
#include "gportalsupport.h"
|
|
||||||
|
|
||||||
@@ -145,8 +146,8 @@ convert_path (GKeyfileSettingsBackend *kfsb,
|
|
||||||
gchar **group,
|
|
||||||
gchar **basename)
|
|
||||||
{
|
|
||||||
- gint key_len = strlen (key);
|
|
||||||
- gint i;
|
|
||||||
+ gsize key_len = strlen (key);
|
|
||||||
+ const gchar *last_slash;
|
|
||||||
|
|
||||||
if (key_len < kfsb->prefix_len ||
|
|
||||||
memcmp (key, kfsb->prefix, kfsb->prefix_len) != 0)
|
|
||||||
@@ -155,38 +156,36 @@ convert_path (GKeyfileSettingsBackend *kfsb,
|
|
||||||
key_len -= kfsb->prefix_len;
|
|
||||||
key += kfsb->prefix_len;
|
|
||||||
|
|
||||||
- for (i = key_len; i >= 0; i--)
|
|
||||||
- if (key[i] == '/')
|
|
||||||
- break;
|
|
||||||
+ last_slash = strrchr (key, '/');
|
|
||||||
|
|
||||||
if (kfsb->root_group)
|
|
||||||
{
|
|
||||||
/* if a root_group was specified, make sure the user hasn't given
|
|
||||||
* a path that ghosts that group name
|
|
||||||
*/
|
|
||||||
- if (i == kfsb->root_group_len && memcmp (key, kfsb->root_group, i) == 0)
|
|
||||||
+ if (last_slash != NULL && (last_slash - key) == kfsb->root_group_len && memcmp (key, kfsb->root_group, last_slash - key) == 0)
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
/* if no root_group was given, ensure that the user gave a path */
|
|
||||||
- if (i == -1)
|
|
||||||
+ if (last_slash == NULL)
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (group)
|
|
||||||
{
|
|
||||||
- if (i >= 0)
|
|
||||||
+ if (last_slash != NULL)
|
|
||||||
{
|
|
||||||
- *group = g_memdup (key, i + 1);
|
|
||||||
- (*group)[i] = '\0';
|
|
||||||
+ *group = g_memdup2 (key, (last_slash - key) + 1);
|
|
||||||
+ (*group)[(last_slash - key)] = '\0';
|
|
||||||
}
|
|
||||||
else
|
|
||||||
*group = g_strdup (kfsb->root_group);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (basename)
|
|
||||||
- *basename = g_memdup (key + i + 1, key_len - i);
|
|
||||||
+ *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key));
|
|
||||||
|
|
||||||
return TRUE;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,100 +0,0 @@
|
|||||||
From 4d5c5d6af772f5fe6121eec403305a1b4340327d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Date: Thu, 4 Feb 2021 14:00:53 +0000
|
|
||||||
Subject: [PATCH 09/12] =?UTF-8?q?gsocket:=20Use=20gsize=20to=20track=20nat?=
|
|
||||||
=?UTF-8?q?ive=20sockaddr=E2=80=99s=20size?=
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Don’t use an `int`, that’s potentially too small. In practical terms,
|
|
||||||
this is not a problem, since no socket address is going to be that big.
|
|
||||||
|
|
||||||
By making these changes we can use `g_memdup2()` without warnings,
|
|
||||||
though. Fewer warnings is good.
|
|
||||||
|
|
||||||
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Helps: #2319
|
|
||||||
---
|
|
||||||
gio/gsocket.c | 17 +++++++++++------
|
|
||||||
1 file changed, 11 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/gio/gsocket.c b/gio/gsocket.c
|
|
||||||
index b4a941eb1..7f41ffd3c 100644
|
|
||||||
--- a/gio/gsocket.c
|
|
||||||
+++ b/gio/gsocket.c
|
|
||||||
@@ -80,6 +80,8 @@
|
|
||||||
#include "gwin32networking.h"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
+
|
|
||||||
/**
|
|
||||||
* SECTION:gsocket
|
|
||||||
* @short_description: Low-level socket object
|
|
||||||
@@ -173,7 +175,7 @@ static gboolean g_socket_datagram_based_condition_wait (GDatagramBased
|
|
||||||
GError **error);
|
|
||||||
|
|
||||||
static GSocketAddress *
|
|
||||||
-cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len);
|
|
||||||
+cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len);
|
|
||||||
|
|
||||||
static gssize
|
|
||||||
g_socket_receive_message_with_timeout (GSocket *socket,
|
|
||||||
@@ -270,7 +272,7 @@ struct _GSocketPrivate
|
|
||||||
struct {
|
|
||||||
GSocketAddress *addr;
|
|
||||||
struct sockaddr *native;
|
|
||||||
- gint native_len;
|
|
||||||
+ gsize native_len;
|
|
||||||
guint64 last_used;
|
|
||||||
} recv_addr_cache[RECV_ADDR_CACHE_SIZE];
|
|
||||||
};
|
|
||||||
@@ -5018,14 +5020,14 @@ g_socket_send_messages_with_timeout (GSocket *socket,
|
|
||||||
}
|
|
||||||
|
|
||||||
static GSocketAddress *
|
|
||||||
-cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len)
|
|
||||||
+cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len)
|
|
||||||
{
|
|
||||||
GSocketAddress *saddr;
|
|
||||||
gint i;
|
|
||||||
guint64 oldest_time = G_MAXUINT64;
|
|
||||||
gint oldest_index = 0;
|
|
||||||
|
|
||||||
- if (native_len <= 0)
|
|
||||||
+ if (native_len == 0)
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
saddr = NULL;
|
|
||||||
@@ -5033,7 +5035,7 @@ cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len)
|
|
||||||
{
|
|
||||||
GSocketAddress *tmp = socket->priv->recv_addr_cache[i].addr;
|
|
||||||
gpointer tmp_native = socket->priv->recv_addr_cache[i].native;
|
|
||||||
- gint tmp_native_len = socket->priv->recv_addr_cache[i].native_len;
|
|
||||||
+ gsize tmp_native_len = socket->priv->recv_addr_cache[i].native_len;
|
|
||||||
|
|
||||||
if (!tmp)
|
|
||||||
continue;
|
|
||||||
@@ -5063,7 +5065,7 @@ cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len)
|
|
||||||
g_free (socket->priv->recv_addr_cache[oldest_index].native);
|
|
||||||
}
|
|
||||||
|
|
||||||
- socket->priv->recv_addr_cache[oldest_index].native = g_memdup (native, native_len);
|
|
||||||
+ socket->priv->recv_addr_cache[oldest_index].native = g_memdup2 (native, native_len);
|
|
||||||
socket->priv->recv_addr_cache[oldest_index].native_len = native_len;
|
|
||||||
socket->priv->recv_addr_cache[oldest_index].addr = g_object_ref (saddr);
|
|
||||||
socket->priv->recv_addr_cache[oldest_index].last_used = g_get_monotonic_time ();
|
|
||||||
@@ -5213,6 +5215,9 @@ g_socket_receive_message_with_timeout (GSocket *socket,
|
|
||||||
{
|
|
||||||
win32_unset_event_mask (socket, FD_READ);
|
|
||||||
|
|
||||||
+ /* addrlen has to be of type int because that’s how WSARecvFrom() is defined */
|
|
||||||
+ G_STATIC_ASSERT (sizeof addr <= G_MAXINT);
|
|
||||||
+
|
|
||||||
addrlen = sizeof addr;
|
|
||||||
if (address)
|
|
||||||
result = WSARecvFrom (socket->priv->fd,
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,52 +0,0 @@
|
|||||||
From 4fd0162b758d97855beed09d81c77cb1a1626bd8 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Date: Thu, 4 Feb 2021 14:07:39 +0000
|
|
||||||
Subject: [PATCH 10/12] gtlspassword: Forbid very long TLS passwords
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
The public API `g_tls_password_set_value_full()` (and the vfunc it
|
|
||||||
invokes) can only accept a `gssize` length. Ensure that nul-terminated
|
|
||||||
strings passed to `g_tls_password_set_value()` can’t exceed that length.
|
|
||||||
Use `g_memdup2()` to avoid an overflow if they’re longer than
|
|
||||||
`G_MAXUINT` similarly.
|
|
||||||
|
|
||||||
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Helps: #2319
|
|
||||||
---
|
|
||||||
gio/gtlspassword.c | 10 ++++++++--
|
|
||||||
1 file changed, 8 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/gio/gtlspassword.c b/gio/gtlspassword.c
|
|
||||||
index 1e437a7b6..dbcec41a8 100644
|
|
||||||
--- a/gio/gtlspassword.c
|
|
||||||
+++ b/gio/gtlspassword.c
|
|
||||||
@@ -23,6 +23,7 @@
|
|
||||||
#include "glibintl.h"
|
|
||||||
|
|
||||||
#include "gioenumtypes.h"
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
#include "gtlspassword.h"
|
|
||||||
|
|
||||||
#include <string.h>
|
|
||||||
@@ -287,9 +288,14 @@ g_tls_password_set_value (GTlsPassword *password,
|
|
||||||
g_return_if_fail (G_IS_TLS_PASSWORD (password));
|
|
||||||
|
|
||||||
if (length < 0)
|
|
||||||
- length = strlen ((gchar *)value);
|
|
||||||
+ {
|
|
||||||
+ /* FIXME: g_tls_password_set_value_full() doesn’t support unsigned gsize */
|
|
||||||
+ gsize length_unsigned = strlen ((gchar *) value);
|
|
||||||
+ g_return_if_fail (length_unsigned > G_MAXSSIZE);
|
|
||||||
+ length = (gssize) length_unsigned;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- g_tls_password_set_value_full (password, g_memdup (value, length), length, g_free);
|
|
||||||
+ g_tls_password_set_value_full (password, g_memdup2 (value, (gsize) length), length, g_free);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,57 +0,0 @@
|
|||||||
From 0ae8a90a40335257b4f7e1f44498a8b5d4f48aab Mon Sep 17 00:00:00 2001
|
|
||||||
From: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Date: Thu, 4 Feb 2021 14:09:40 +0000
|
|
||||||
Subject: [PATCH 11/12] giochannel: Forbid very long line terminator strings
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
The public API `GIOChannel.line_term_len` is only a `guint`. Ensure that
|
|
||||||
nul-terminated strings passed to `g_io_channel_set_line_term()` can’t
|
|
||||||
exceed that length. Use `g_memdup2()` to avoid a warning (`g_memdup()`
|
|
||||||
is due to be deprecated), but not to avoid a bug, since it’s also
|
|
||||||
limited to `G_MAXUINT`.
|
|
||||||
|
|
||||||
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
|
||||||
Helps: #2319
|
|
||||||
---
|
|
||||||
glib/giochannel.c | 17 +++++++++++++----
|
|
||||||
1 file changed, 13 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/glib/giochannel.c b/glib/giochannel.c
|
|
||||||
index ec2cada6f..908730fab 100644
|
|
||||||
--- a/glib/giochannel.c
|
|
||||||
+++ b/glib/giochannel.c
|
|
||||||
@@ -885,16 +885,25 @@ g_io_channel_set_line_term (GIOChannel *channel,
|
|
||||||
const gchar *line_term,
|
|
||||||
gint length)
|
|
||||||
{
|
|
||||||
+ guint length_unsigned;
|
|
||||||
+
|
|
||||||
g_return_if_fail (channel != NULL);
|
|
||||||
g_return_if_fail (line_term == NULL || length != 0); /* Disallow "" */
|
|
||||||
|
|
||||||
if (line_term == NULL)
|
|
||||||
- length = 0;
|
|
||||||
- else if (length < 0)
|
|
||||||
- length = strlen (line_term);
|
|
||||||
+ length_unsigned = 0;
|
|
||||||
+ else if (length >= 0)
|
|
||||||
+ length_unsigned = (guint) length;
|
|
||||||
+ else
|
|
||||||
+ {
|
|
||||||
+ /* FIXME: We’re constrained by line_term_len being a guint here */
|
|
||||||
+ gsize length_size = strlen (line_term);
|
|
||||||
+ g_return_if_fail (length_size > G_MAXUINT);
|
|
||||||
+ length_unsigned = (guint) length_size;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
g_free (channel->line_term);
|
|
||||||
- channel->line_term = line_term ? g_memdup (line_term, length) : NULL;
|
|
||||||
+ channel->line_term = line_term ? g_memdup2 (line_term, length_unsigned) : NULL;
|
|
||||||
channel->line_term_len = length;
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,97 +0,0 @@
|
|||||||
From 672c3963974bef02740dc3d4ac657876583b170d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Michael Catanzaro <mcatanzaro@gnome.org>
|
|
||||||
Date: Wed, 31 Mar 2021 10:00:46 -0500
|
|
||||||
Subject: [PATCH 12/12] Use more g_memdup2
|
|
||||||
|
|
||||||
This completes the removal of g_memdup() usage for GLib 2.56.
|
|
||||||
---
|
|
||||||
gio/gwin32appinfo.c | 3 ++-
|
|
||||||
glib/ghash.c | 2 +-
|
|
||||||
glib/tests/gvariant.c | 9 +++++----
|
|
||||||
3 files changed, 8 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/gio/gwin32appinfo.c b/gio/gwin32appinfo.c
|
|
||||||
index 499bbb351..749b282dc 100644
|
|
||||||
--- a/gio/gwin32appinfo.c
|
|
||||||
+++ b/gio/gwin32appinfo.c
|
|
||||||
@@ -32,6 +32,7 @@
|
|
||||||
#include <glib/gstdio.h>
|
|
||||||
#include "glibintl.h"
|
|
||||||
#include <gio/gwin32registrykey.h>
|
|
||||||
+#include "gstrfuncsprivate.h"
|
|
||||||
|
|
||||||
#include <windows.h>
|
|
||||||
|
|
||||||
@@ -472,7 +473,7 @@ g_wcsdup (const gunichar2 *str, gssize str_size)
|
|
||||||
str_size = wcslen (str) + 1;
|
|
||||||
str_size *= sizeof (gunichar2);
|
|
||||||
}
|
|
||||||
- return g_memdup (str, str_size);
|
|
||||||
+ return g_memdup2 (str, str_size);
|
|
||||||
}
|
|
||||||
|
|
||||||
#define URL_ASSOCIATIONS L"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\"
|
|
||||||
diff --git a/glib/ghash.c b/glib/ghash.c
|
|
||||||
index d475e6d64..608d136f4 100644
|
|
||||||
--- a/glib/ghash.c
|
|
||||||
+++ b/glib/ghash.c
|
|
||||||
@@ -968,7 +968,7 @@ g_hash_table_insert_node (GHashTable *hash_table,
|
|
||||||
* split the table.
|
|
||||||
*/
|
|
||||||
if (G_UNLIKELY (hash_table->keys == hash_table->values && hash_table->keys[node_index] != new_value))
|
|
||||||
- hash_table->values = g_memdup (hash_table->keys, sizeof (gpointer) * hash_table->size);
|
|
||||||
+ hash_table->values = g_memdup2 (hash_table->keys, sizeof (gpointer) * hash_table->size);
|
|
||||||
|
|
||||||
/* Step 3: Actually do the write */
|
|
||||||
hash_table->values[node_index] = new_value;
|
|
||||||
diff --git a/glib/tests/gvariant.c b/glib/tests/gvariant.c
|
|
||||||
index c4a996c1f..5903b69bc 100644
|
|
||||||
--- a/glib/tests/gvariant.c
|
|
||||||
+++ b/glib/tests/gvariant.c
|
|
||||||
@@ -14,6 +14,7 @@
|
|
||||||
#include "config.h"
|
|
||||||
|
|
||||||
#include <glib/gvariant-internal.h>
|
|
||||||
+#include <glib/gstrfuncsprivate.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <glib.h>
|
|
||||||
@@ -4673,7 +4674,7 @@ test_normal_checking_tuples (void)
|
|
||||||
GVariant *variant = NULL;
|
|
||||||
GVariant *normal_variant = NULL;
|
|
||||||
|
|
||||||
- aligned_data = g_memdup (data, size); /* guarantee alignment */
|
|
||||||
+ aligned_data = g_memdup2 (data, size); /* guarantee alignment */
|
|
||||||
variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, aligned_data, size,
|
|
||||||
FALSE, NULL, NULL);
|
|
||||||
g_assert_nonnull (variant);
|
|
||||||
@@ -4802,7 +4803,7 @@ test_normal_checking_array_offsets (void)
|
|
||||||
GVariant *variant = NULL;
|
|
||||||
GVariant *normal_variant = NULL;
|
|
||||||
|
|
||||||
- aligned_data = g_memdup (data, size); /* guarantee alignment */
|
|
||||||
+ aligned_data = g_memdup2 (data, size); /* guarantee alignment */
|
|
||||||
variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, aligned_data, size,
|
|
||||||
FALSE, NULL, NULL);
|
|
||||||
g_assert_nonnull (variant);
|
|
||||||
@@ -4829,7 +4830,7 @@ test_normal_checking_tuple_offsets (void)
|
|
||||||
GVariant *variant = NULL;
|
|
||||||
GVariant *normal_variant = NULL;
|
|
||||||
|
|
||||||
- aligned_data = g_memdup (data, size); /* guarantee alignment */
|
|
||||||
+ aligned_data = g_memdup2 (data, size); /* guarantee alignment */
|
|
||||||
variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, aligned_data,
|
|
||||||
size, FALSE, NULL, NULL);
|
|
||||||
g_assert_nonnull (variant);
|
|
||||||
@@ -4856,7 +4857,7 @@ test_normal_checking_empty_object_path (void)
|
|
||||||
GVariant *variant = NULL;
|
|
||||||
GVariant *normal_variant = NULL;
|
|
||||||
|
|
||||||
- aligned_data = g_memdup (data, size); /* guarantee alignment */
|
|
||||||
+ aligned_data = g_memdup2 (data, size); /* guarantee alignment */
|
|
||||||
variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, aligned_data, size,
|
|
||||||
FALSE, NULL, NULL);
|
|
||||||
g_assert_nonnull (variant);
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
371
SOURCES/1176.patch
Normal file
371
SOURCES/1176.patch
Normal file
@ -0,0 +1,371 @@
|
|||||||
|
From ef1035d9d86464ea0b5dde60a7a0e190895fdf5b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simon McVittie <smcv@collabora.com>
|
||||||
|
Date: Mon, 14 Oct 2019 08:22:24 +0100
|
||||||
|
Subject: [PATCH] gcredentialsprivate: Document the various private macros
|
||||||
|
|
||||||
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
||||||
|
---
|
||||||
|
gio/gcredentialsprivate.h | 59 +++++++++++++++++++++++++++++++++++++++
|
||||||
|
1 file changed, 59 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/gio/gcredentialsprivate.h b/gio/gcredentialsprivate.h
|
||||||
|
index 4d1c420a8..06f0aed19 100644
|
||||||
|
--- a/gio/gcredentialsprivate.h
|
||||||
|
+++ b/gio/gcredentialsprivate.h
|
||||||
|
@@ -22,6 +22,65 @@
|
||||||
|
#include "gio/gcredentials.h"
|
||||||
|
#include "gio/gnetworking.h"
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * G_CREDENTIALS_SUPPORTED:
|
||||||
|
+ *
|
||||||
|
+ * Defined to 1 if GCredentials works.
|
||||||
|
+ */
|
||||||
|
+#undef G_CREDENTIALS_SUPPORTED
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * G_CREDENTIALS_USE_LINUX_UCRED, etc.:
|
||||||
|
+ *
|
||||||
|
+ * Defined to 1 if GCredentials uses Linux `struct ucred`, etc.
|
||||||
|
+ */
|
||||||
|
+#undef G_CREDENTIALS_USE_LINUX_UCRED
|
||||||
|
+#undef G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
||||||
|
+#undef G_CREDENTIALS_USE_NETBSD_UNPCBID
|
||||||
|
+#undef G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
|
||||||
|
+#undef G_CREDENTIALS_USE_SOLARIS_UCRED
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * G_CREDENTIALS_NATIVE_TYPE:
|
||||||
|
+ *
|
||||||
|
+ * Defined to one of G_CREDENTIALS_TYPE_LINUX_UCRED, etc.
|
||||||
|
+ */
|
||||||
|
+#undef G_CREDENTIALS_NATIVE_TYPE
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * G_CREDENTIALS_NATIVE_SIZE:
|
||||||
|
+ *
|
||||||
|
+ * Defined to the size of the %G_CREDENTIALS_NATIVE_TYPE
|
||||||
|
+ */
|
||||||
|
+#undef G_CREDENTIALS_NATIVE_SIZE
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED:
|
||||||
|
+ *
|
||||||
|
+ * Defined to 1 if we have a message-passing API in which credentials
|
||||||
|
+ * are attached to a particular message, such as `SCM_CREDENTIALS` on Linux
|
||||||
|
+ * or `SCM_CREDS` on FreeBSD.
|
||||||
|
+ */
|
||||||
|
+#undef G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * G_CREDENTIALS_SOCKET_GET_CREDENTIALS_SUPPORTED:
|
||||||
|
+ *
|
||||||
|
+ * Defined to 1 if we have a `getsockopt()`-style API in which one end of
|
||||||
|
+ * a socket connection can directly query the credentials of the process
|
||||||
|
+ * that initiated the other end, such as `getsockopt SO_PEERCRED` on Linux
|
||||||
|
+ * or `getpeereid()` on multiple operating systems.
|
||||||
|
+ */
|
||||||
|
+#undef G_CREDENTIALS_SOCKET_GET_CREDENTIALS_SUPPORTED
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * G_CREDENTIALS_SPOOFING_SUPPORTED:
|
||||||
|
+ *
|
||||||
|
+ * Defined to 1 if privileged processes can spoof their credentials when
|
||||||
|
+ * using the message-passing API.
|
||||||
|
+ */
|
||||||
|
+#undef G_CREDENTIALS_SPOOFING_SUPPORTED
|
||||||
|
+
|
||||||
|
#ifdef __linux__
|
||||||
|
#define G_CREDENTIALS_SUPPORTED 1
|
||||||
|
#define G_CREDENTIALS_USE_LINUX_UCRED 1
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
||||||
|
From ee502dbbe89a5976c32eb8863c9a9d274ddb60e1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simon McVittie <smcv@collabora.com>
|
||||||
|
Date: Mon, 14 Oct 2019 08:47:39 +0100
|
||||||
|
Subject: [PATCH] GDBus: prefer getsockopt()-style credentials-passing APIs
|
||||||
|
|
||||||
|
Conceptually, a D-Bus server is really trying to determine the credentials
|
||||||
|
of (the process that initiated) a connection, not the credentials that
|
||||||
|
the process had when it sent a particular message. Ideally, it does
|
||||||
|
this with a getsockopt()-style API that queries the credentials of the
|
||||||
|
connection's initiator without requiring any particular cooperation from
|
||||||
|
that process, avoiding a class of possible failures.
|
||||||
|
|
||||||
|
The leading '\0' in the D-Bus protocol is primarily a workaround
|
||||||
|
for platforms where the message-based credentials-passing API is
|
||||||
|
strictly better than the getsockopt()-style API (for example, on
|
||||||
|
FreeBSD, SCM_CREDS includes a process ID but getpeereid() does not),
|
||||||
|
or where the getsockopt()-style API does not exist at all. As a result
|
||||||
|
libdbus, the reference implementation of D-Bus, does not implement
|
||||||
|
Linux SCM_CREDENTIALS at all - it has no reason to do so, because the
|
||||||
|
SO_PEERCRED socket option is equally informative.
|
||||||
|
|
||||||
|
This change makes GDBusServer on Linux more closely match the behaviour
|
||||||
|
of libdbus.
|
||||||
|
|
||||||
|
In particular, GNOME/glib#1831 indicates that when a libdbus client
|
||||||
|
connects to a GDBus server, recvmsg() sometimes yields a SCM_CREDENTIALS
|
||||||
|
message with cmsg_data={pid=0, uid=65534, gid=65534}. I think this is
|
||||||
|
most likely a race condition in the early steps to connect:
|
||||||
|
|
||||||
|
client server
|
||||||
|
connect
|
||||||
|
accept
|
||||||
|
send '\0' <- race -> set SO_PASSCRED = 1
|
||||||
|
receive '\0'
|
||||||
|
|
||||||
|
If the server wins the race:
|
||||||
|
|
||||||
|
client server
|
||||||
|
connect
|
||||||
|
accept
|
||||||
|
set SO_PASSCRED = 1
|
||||||
|
send '\0'
|
||||||
|
receive '\0'
|
||||||
|
|
||||||
|
then everything is fine. However, if the client wins the race:
|
||||||
|
|
||||||
|
client server
|
||||||
|
connect
|
||||||
|
accept
|
||||||
|
send '\0'
|
||||||
|
set SO_PASSCRED = 1
|
||||||
|
receive '\0'
|
||||||
|
|
||||||
|
then the kernel does not record credentials for the message containing
|
||||||
|
'\0' (because SO_PASSCRED was 0 at the time). However, by the time the
|
||||||
|
server receives the message, the kernel knows that credentials are
|
||||||
|
desired. I would have expected the kernel to omit the credentials header
|
||||||
|
in this case, but it seems that instead, it synthesizes a credentials
|
||||||
|
structure with a dummy process ID 0, a dummy uid derived from
|
||||||
|
/proc/sys/kernel/overflowuid and a dummy gid derived from
|
||||||
|
/proc/sys/kernel/overflowgid.
|
||||||
|
|
||||||
|
In an unconfigured GDBusServer, hitting this race condition results in
|
||||||
|
falling back to DBUS_COOKIE_SHA1 authentication, which in practice usually
|
||||||
|
succeeds in authenticating the peer's uid. However, we encourage AF_UNIX
|
||||||
|
servers on Unix platforms to allow only EXTERNAL authentication as a
|
||||||
|
security-hardening measure, because DBUS_COOKIE_SHA1 relies on a series
|
||||||
|
of assumptions including a cryptographically strong PRNG and a shared
|
||||||
|
home directory with no write access by others, which are not necessarily
|
||||||
|
true for all operating systems and users. EXTERNAL authentication will
|
||||||
|
fail if the server cannot determine the client's credentials.
|
||||||
|
|
||||||
|
In particular, this caused a regression when CVE-2019-14822 was fixed
|
||||||
|
in ibus, which appears to be resolved by this commit. Qt clients
|
||||||
|
(which use libdbus) intermittently fail to connect to an ibus server
|
||||||
|
(which uses GDBusServer), because ibus no longer allows DBUS_COOKIE_SHA1
|
||||||
|
authentication or non-matching uids.
|
||||||
|
|
||||||
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
||||||
|
Closes: https://gitlab.gnome.org/GNOME/glib/issues/1831
|
||||||
|
---
|
||||||
|
gio/gcredentialsprivate.h | 18 ++++++++++++++++++
|
||||||
|
gio/gdbusauth.c | 27 +++++++++++++++++++++++++--
|
||||||
|
2 files changed, 43 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/gio/gcredentialsprivate.h b/gio/gcredentialsprivate.h
|
||||||
|
index 06f0aed19..e9ec09b9f 100644
|
||||||
|
--- a/gio/gcredentialsprivate.h
|
||||||
|
+++ b/gio/gcredentialsprivate.h
|
||||||
|
@@ -81,6 +81,18 @@
|
||||||
|
*/
|
||||||
|
#undef G_CREDENTIALS_SPOOFING_SUPPORTED
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * G_CREDENTIALS_PREFER_MESSAGE_PASSING:
|
||||||
|
+ *
|
||||||
|
+ * Defined to 1 if the data structure transferred by the message-passing
|
||||||
|
+ * API is strictly more informative than the one transferred by the
|
||||||
|
+ * `getsockopt()`-style API, and hence should be preferred, even for
|
||||||
|
+ * protocols like D-Bus that are defined in terms of the credentials of
|
||||||
|
+ * the (process that opened the) socket, as opposed to the credentials
|
||||||
|
+ * of an individual message.
|
||||||
|
+ */
|
||||||
|
+#undef G_CREDENTIALS_PREFER_MESSAGE_PASSING
|
||||||
|
+
|
||||||
|
#ifdef __linux__
|
||||||
|
#define G_CREDENTIALS_SUPPORTED 1
|
||||||
|
#define G_CREDENTIALS_USE_LINUX_UCRED 1
|
||||||
|
@@ -100,6 +112,12 @@
|
||||||
|
#define G_CREDENTIALS_NATIVE_SIZE (sizeof (struct cmsgcred))
|
||||||
|
#define G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED 1
|
||||||
|
#define G_CREDENTIALS_SPOOFING_SUPPORTED 1
|
||||||
|
+/* GLib doesn't implement it yet, but FreeBSD's getsockopt()-style API
|
||||||
|
+ * is getpeereid(), which is not as informative as struct cmsgcred -
|
||||||
|
+ * it does not tell us the PID. As a result, libdbus prefers to use
|
||||||
|
+ * SCM_CREDS, and if we implement getpeereid() in future, we should
|
||||||
|
+ * do the same. */
|
||||||
|
+#define G_CREDENTIALS_PREFER_MESSAGE_PASSING 1
|
||||||
|
|
||||||
|
#elif defined(__NetBSD__)
|
||||||
|
#define G_CREDENTIALS_SUPPORTED 1
|
||||||
|
diff --git a/gio/gdbusauth.c b/gio/gdbusauth.c
|
||||||
|
index 752ec23fc..14cc5d70e 100644
|
||||||
|
--- a/gio/gdbusauth.c
|
||||||
|
+++ b/gio/gdbusauth.c
|
||||||
|
@@ -31,6 +31,7 @@
|
||||||
|
#include "gdbusutils.h"
|
||||||
|
#include "gioenumtypes.h"
|
||||||
|
#include "gcredentials.h"
|
||||||
|
+#include "gcredentialsprivate.h"
|
||||||
|
#include "gdbusprivate.h"
|
||||||
|
#include "giostream.h"
|
||||||
|
#include "gdatainputstream.h"
|
||||||
|
@@ -969,9 +970,31 @@ _g_dbus_auth_run_server (GDBusAuth *auth,
|
||||||
|
|
||||||
|
g_data_input_stream_set_newline_type (dis, G_DATA_STREAM_NEWLINE_TYPE_CR_LF);
|
||||||
|
|
||||||
|
- /* first read the NUL-byte */
|
||||||
|
+ /* read the NUL-byte, possibly with credentials attached */
|
||||||
|
#ifdef G_OS_UNIX
|
||||||
|
- if (G_IS_UNIX_CONNECTION (auth->priv->stream))
|
||||||
|
+#ifndef G_CREDENTIALS_PREFER_MESSAGE_PASSING
|
||||||
|
+ if (G_IS_SOCKET_CONNECTION (auth->priv->stream))
|
||||||
|
+ {
|
||||||
|
+ GSocket *sock = g_socket_connection_get_socket (G_SOCKET_CONNECTION (auth->priv->stream));
|
||||||
|
+
|
||||||
|
+ local_error = NULL;
|
||||||
|
+ credentials = g_socket_get_credentials (sock, &local_error);
|
||||||
|
+
|
||||||
|
+ if (credentials == NULL && !g_error_matches (local_error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED))
|
||||||
|
+ {
|
||||||
|
+ g_propagate_error (error, local_error);
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ /* Clear the error indicator, so we can retry with
|
||||||
|
+ * g_unix_connection_receive_credentials() if necessary */
|
||||||
|
+ g_clear_error (&local_error);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+ if (credentials == NULL && G_IS_UNIX_CONNECTION (auth->priv->stream))
|
||||||
|
{
|
||||||
|
local_error = NULL;
|
||||||
|
credentials = g_unix_connection_receive_credentials (G_UNIX_CONNECTION (auth->priv->stream),
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
||||||
|
From 1485a97d8051b0aa047987f7b0c0bfe4ba4ce55b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simon McVittie <smcv@collabora.com>
|
||||||
|
Date: Fri, 18 Oct 2019 10:55:09 +0100
|
||||||
|
Subject: [PATCH] credentials: Invalid Linux struct ucred means "no
|
||||||
|
information"
|
||||||
|
|
||||||
|
On Linux, if getsockopt SO_PEERCRED is used on a TCP socket, one
|
||||||
|
might expect it to fail with an appropriate error like ENOTSUP or
|
||||||
|
EPROTONOSUPPORT. However, it appears that in fact it succeeds, but
|
||||||
|
yields a credentials structure with pid 0, uid -1 and gid -1. These
|
||||||
|
are not real process, user and group IDs that can be allocated to a
|
||||||
|
real process (pid 0 needs to be reserved to give kill(0) its documented
|
||||||
|
special semantics, and similarly uid and gid -1 need to be reserved for
|
||||||
|
setresuid() and setresgid()) so it is not meaningful to signal them to
|
||||||
|
high-level API users.
|
||||||
|
|
||||||
|
An API user with Linux-specific knowledge can still inspect these fields
|
||||||
|
via g_credentials_get_native() if desired.
|
||||||
|
|
||||||
|
Similarly, if SO_PASSCRED is used to receive a SCM_CREDENTIALS message
|
||||||
|
on a receiving Unix socket, but the sending socket had not enabled
|
||||||
|
SO_PASSCRED at the time that the message was sent, it is possible
|
||||||
|
for it to succeed but yield a credentials structure with pid 0, uid
|
||||||
|
/proc/sys/kernel/overflowuid and gid /proc/sys/kernel/overflowgid. Even
|
||||||
|
if we were to read those pseudo-files, we cannot distinguish between
|
||||||
|
the overflow IDs and a real process that legitimately has the same IDs
|
||||||
|
(typically they are set to 'nobody' and 'nogroup', which can be used
|
||||||
|
by a real process), so we detect this situation by noticing that
|
||||||
|
pid == 0, and to save syscalls we do not read the overflow IDs from
|
||||||
|
/proc at all.
|
||||||
|
|
||||||
|
This results in a small API change: g_credentials_is_same_user() now
|
||||||
|
returns FALSE if we compare two credentials structures that are both
|
||||||
|
invalid. This seems like reasonable, conservative behaviour: if we cannot
|
||||||
|
prove that they are the same user, we should assume they are not.
|
||||||
|
|
||||||
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
||||||
|
---
|
||||||
|
gio/gcredentials.c | 42 +++++++++++++++++++++++++++++++++++++++---
|
||||||
|
1 file changed, 39 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/gio/gcredentials.c b/gio/gcredentials.c
|
||||||
|
index c350e3c88..c4794ded7 100644
|
||||||
|
--- a/gio/gcredentials.c
|
||||||
|
+++ b/gio/gcredentials.c
|
||||||
|
@@ -265,6 +265,35 @@ g_credentials_to_string (GCredentials *credentials)
|
||||||
|
|
||||||
|
/* ---------------------------------------------------------------------------------------------------- */
|
||||||
|
|
||||||
|
+#if G_CREDENTIALS_USE_LINUX_UCRED
|
||||||
|
+/*
|
||||||
|
+ * Check whether @native contains invalid data. If getsockopt SO_PEERCRED
|
||||||
|
+ * is used on a TCP socket, it succeeds but yields a credentials structure
|
||||||
|
+ * with pid 0, uid -1 and gid -1. Similarly, if SO_PASSCRED is used on a
|
||||||
|
+ * receiving Unix socket when the sending socket did not also enable
|
||||||
|
+ * SO_PASSCRED, it can succeed but yield a credentials structure with
|
||||||
|
+ * pid 0, uid /proc/sys/kernel/overflowuid and gid
|
||||||
|
+ * /proc/sys/kernel/overflowgid.
|
||||||
|
+ */
|
||||||
|
+static gboolean
|
||||||
|
+linux_ucred_check_valid (struct ucred *native,
|
||||||
|
+ GError **error)
|
||||||
|
+{
|
||||||
|
+ if (native->pid == 0
|
||||||
|
+ || native->uid == -1
|
||||||
|
+ || native->gid == -1)
|
||||||
|
+ {
|
||||||
|
+ g_set_error_literal (error,
|
||||||
|
+ G_IO_ERROR,
|
||||||
|
+ G_IO_ERROR_INVALID_DATA,
|
||||||
|
+ _("GCredentials contains invalid data"));
|
||||||
|
+ return FALSE;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return TRUE;
|
||||||
|
+}
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* g_credentials_is_same_user:
|
||||||
|
* @credentials: A #GCredentials.
|
||||||
|
@@ -294,7 +323,8 @@ g_credentials_is_same_user (GCredentials *credentials,
|
||||||
|
|
||||||
|
ret = FALSE;
|
||||||
|
#if G_CREDENTIALS_USE_LINUX_UCRED
|
||||||
|
- if (credentials->native.uid == other_credentials->native.uid)
|
||||||
|
+ if (linux_ucred_check_valid (&credentials->native, NULL)
|
||||||
|
+ && credentials->native.uid == other_credentials->native.uid)
|
||||||
|
ret = TRUE;
|
||||||
|
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
||||||
|
if (credentials->native.cmcred_euid == other_credentials->native.cmcred_euid)
|
||||||
|
@@ -453,7 +483,10 @@ g_credentials_get_unix_user (GCredentials *credentials,
|
||||||
|
g_return_val_if_fail (error == NULL || *error == NULL, -1);
|
||||||
|
|
||||||
|
#if G_CREDENTIALS_USE_LINUX_UCRED
|
||||||
|
- ret = credentials->native.uid;
|
||||||
|
+ if (linux_ucred_check_valid (&credentials->native, error))
|
||||||
|
+ ret = credentials->native.uid;
|
||||||
|
+ else
|
||||||
|
+ ret = -1;
|
||||||
|
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
||||||
|
ret = credentials->native.cmcred_euid;
|
||||||
|
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
|
||||||
|
@@ -499,7 +532,10 @@ g_credentials_get_unix_pid (GCredentials *credentials,
|
||||||
|
g_return_val_if_fail (error == NULL || *error == NULL, -1);
|
||||||
|
|
||||||
|
#if G_CREDENTIALS_USE_LINUX_UCRED
|
||||||
|
- ret = credentials->native.pid;
|
||||||
|
+ if (linux_ucred_check_valid (&credentials->native, error))
|
||||||
|
+ ret = credentials->native.pid;
|
||||||
|
+ else
|
||||||
|
+ ret = -1;
|
||||||
|
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
||||||
|
ret = credentials->native.cmcred_pid;
|
||||||
|
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
849
SOURCES/CVE-2021-27219.patch
Normal file
849
SOURCES/CVE-2021-27219.patch
Normal file
@ -0,0 +1,849 @@
|
|||||||
|
From 7b46597384de916b4027ebaff662d06ff3ea2bc8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Philip Withnall <pwithnall@endlessos.org>
|
||||||
|
Date: Thu, 4 Feb 2021 13:30:52 +0000
|
||||||
|
Subject: [PATCH 1/6] gstrfuncs: Add internal g_memdup2() function
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
This will replace the existing `g_memdup()` function for use within
|
||||||
|
GLib. It has an unavoidable security flaw of taking its `byte_size`
|
||||||
|
argument as a `guint` rather than as a `gsize`. Most callers will
|
||||||
|
expect it to be a `gsize`, and may pass in large values which could
|
||||||
|
silently be truncated, resulting in an undersize allocation compared
|
||||||
|
to what the caller expects.
|
||||||
|
|
||||||
|
This could lead to a classic buffer overflow vulnerability for many
|
||||||
|
callers of `g_memdup()`.
|
||||||
|
|
||||||
|
`g_memdup2()`, in comparison, takes its `byte_size` as a `gsize`.
|
||||||
|
|
||||||
|
Spotted by Kevin Backhouse of GHSL.
|
||||||
|
|
||||||
|
In GLib 2.68, `g_memdup2()` will be a new public API. In this version
|
||||||
|
for backport to older stable releases, it’s a new `static inline` API
|
||||||
|
in a private header, so that use of `g_memdup()` within GLib can be
|
||||||
|
fixed without adding a new API in a stable release series.
|
||||||
|
|
||||||
|
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
||||||
|
Helps: CVE-2021-27219
|
||||||
|
Helps: GHSL-2021-045
|
||||||
|
Helps: #2319
|
||||||
|
(cherry picked from commit 5e5f75a77e399c638be66d74e5daa8caeb433e00)
|
||||||
|
---
|
||||||
|
docs/reference/glib/meson.build | 1 +
|
||||||
|
glib/gstrfuncsprivate.h | 55 +++++++++++++++++++++++++++++++++
|
||||||
|
glib/meson.build | 1 +
|
||||||
|
glib/tests/strfuncs.c | 23 ++++++++++++++
|
||||||
|
4 files changed, 80 insertions(+)
|
||||||
|
create mode 100644 glib/gstrfuncsprivate.h
|
||||||
|
|
||||||
|
diff --git a/docs/reference/glib/meson.build b/docs/reference/glib/meson.build
|
||||||
|
index f0f915e96..1a3680941 100644
|
||||||
|
--- a/docs/reference/glib/meson.build
|
||||||
|
+++ b/docs/reference/glib/meson.build
|
||||||
|
@@ -20,6 +20,7 @@ if get_option('gtk_doc')
|
||||||
|
'gprintfint.h',
|
||||||
|
'gmirroringtable.h',
|
||||||
|
'gscripttable.h',
|
||||||
|
+ 'gstrfuncsprivate.h',
|
||||||
|
'glib-mirroring-tab',
|
||||||
|
'gnulib',
|
||||||
|
'pcre',
|
||||||
|
diff --git a/glib/gstrfuncsprivate.h b/glib/gstrfuncsprivate.h
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..85c88328a
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/glib/gstrfuncsprivate.h
|
||||||
|
@@ -0,0 +1,55 @@
|
||||||
|
+/* GLIB - Library of useful routines for C programming
|
||||||
|
+ * Copyright (C) 1995-1997 Peter Mattis, Spencer Kimball and Josh MacDonald
|
||||||
|
+ *
|
||||||
|
+ * This library is free software; you can redistribute it and/or
|
||||||
|
+ * modify it under the terms of the GNU Lesser General Public
|
||||||
|
+ * License as published by the Free Software Foundation; either
|
||||||
|
+ * version 2.1 of the License, or (at your option) any later version.
|
||||||
|
+ *
|
||||||
|
+ * This library is distributed in the hope that it will be useful,
|
||||||
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
+ * Lesser General Public License for more details.
|
||||||
|
+ *
|
||||||
|
+ * You should have received a copy of the GNU Lesser General Public
|
||||||
|
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#include <glib.h>
|
||||||
|
+#include <string.h>
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * g_memdup2:
|
||||||
|
+ * @mem: (nullable): the memory to copy.
|
||||||
|
+ * @byte_size: the number of bytes to copy.
|
||||||
|
+ *
|
||||||
|
+ * Allocates @byte_size bytes of memory, and copies @byte_size bytes into it
|
||||||
|
+ * from @mem. If @mem is %NULL it returns %NULL.
|
||||||
|
+ *
|
||||||
|
+ * This replaces g_memdup(), which was prone to integer overflows when
|
||||||
|
+ * converting the argument from a #gsize to a #guint.
|
||||||
|
+ *
|
||||||
|
+ * This static inline version is a backport of the new public API from
|
||||||
|
+ * GLib 2.68, kept internal to GLib for backport to older stable releases.
|
||||||
|
+ * See https://gitlab.gnome.org/GNOME/glib/-/issues/2319.
|
||||||
|
+ *
|
||||||
|
+ * Returns: (nullable): a pointer to the newly-allocated copy of the memory,
|
||||||
|
+ * or %NULL if @mem is %NULL.
|
||||||
|
+ * Since: 2.68
|
||||||
|
+ */
|
||||||
|
+static inline gpointer
|
||||||
|
+g_memdup2 (gconstpointer mem,
|
||||||
|
+ gsize byte_size)
|
||||||
|
+{
|
||||||
|
+ gpointer new_mem;
|
||||||
|
+
|
||||||
|
+ if (mem && byte_size != 0)
|
||||||
|
+ {
|
||||||
|
+ new_mem = g_malloc (byte_size);
|
||||||
|
+ memcpy (new_mem, mem, byte_size);
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ new_mem = NULL;
|
||||||
|
+
|
||||||
|
+ return new_mem;
|
||||||
|
+}
|
||||||
|
diff --git a/glib/meson.build b/glib/meson.build
|
||||||
|
index a2f9da81c..481fd06ff 100644
|
||||||
|
--- a/glib/meson.build
|
||||||
|
+++ b/glib/meson.build
|
||||||
|
@@ -167,6 +167,7 @@ glib_sources = files(
|
||||||
|
'gslist.c',
|
||||||
|
'gstdio.c',
|
||||||
|
'gstrfuncs.c',
|
||||||
|
+ 'gstrfuncsprivate.h',
|
||||||
|
'gstring.c',
|
||||||
|
'gstringchunk.c',
|
||||||
|
'gtestutils.c',
|
||||||
|
diff --git a/glib/tests/strfuncs.c b/glib/tests/strfuncs.c
|
||||||
|
index 7e031bdb1..2aa252946 100644
|
||||||
|
--- a/glib/tests/strfuncs.c
|
||||||
|
+++ b/glib/tests/strfuncs.c
|
||||||
|
@@ -32,6 +32,8 @@
|
||||||
|
#include <string.h>
|
||||||
|
#include "glib.h"
|
||||||
|
|
||||||
|
+#include "gstrfuncsprivate.h"
|
||||||
|
+
|
||||||
|
#if defined (_MSC_VER) && (_MSC_VER <= 1800)
|
||||||
|
#define isnan(x) _isnan(x)
|
||||||
|
|
||||||
|
@@ -199,6 +201,26 @@ test_is_to_digit (void)
|
||||||
|
#undef TEST_DIGIT
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* Testing g_memdup2() function with various positive and negative cases */
|
||||||
|
+static void
|
||||||
|
+test_memdup2 (void)
|
||||||
|
+{
|
||||||
|
+ gchar *str_dup = NULL;
|
||||||
|
+ const gchar *str = "The quick brown fox jumps over the lazy dog";
|
||||||
|
+
|
||||||
|
+ /* Testing negative cases */
|
||||||
|
+ g_assert_null (g_memdup2 (NULL, 1024));
|
||||||
|
+ g_assert_null (g_memdup2 (str, 0));
|
||||||
|
+ g_assert_null (g_memdup2 (NULL, 0));
|
||||||
|
+
|
||||||
|
+ /* Testing normal usage cases */
|
||||||
|
+ str_dup = g_memdup2 (str, strlen (str) + 1);
|
||||||
|
+ g_assert_nonnull (str_dup);
|
||||||
|
+ g_assert_cmpstr (str, ==, str_dup);
|
||||||
|
+
|
||||||
|
+ g_free (str_dup);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void
|
||||||
|
test_strdup (void)
|
||||||
|
{
|
||||||
|
@@ -1726,6 +1748,7 @@ main (int argc,
|
||||||
|
g_test_init (&argc, &argv, NULL);
|
||||||
|
|
||||||
|
g_test_add_func ("/strfuncs/test-is-to-digit", test_is_to_digit);
|
||||||
|
+ g_test_add_func ("/strfuncs/memdup2", test_memdup2);
|
||||||
|
g_test_add_func ("/strfuncs/strdup", test_strdup);
|
||||||
|
g_test_add_func ("/strfuncs/strndup", test_strndup);
|
||||||
|
g_test_add_func ("/strfuncs/strdup-printf", test_strdup_printf);
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
||||||
|
From d6aab169954d9e6e77753dee68e1b3f5932f6dee Mon Sep 17 00:00:00 2001
|
||||||
|
From: Philip Withnall <pwithnall@endlessos.org>
|
||||||
|
Date: Thu, 4 Feb 2021 13:41:21 +0000
|
||||||
|
Subject: [PATCH 2/6] glib: Use g_memdup2() instead of g_memdup() in obvious
|
||||||
|
places
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Convert all the call sites which use `g_memdup()`’s length argument
|
||||||
|
trivially (for example, by passing a `sizeof()` or an existing `gsize`
|
||||||
|
variable), so that they use `g_memdup2()` instead.
|
||||||
|
|
||||||
|
In almost all of these cases the use of `g_memdup()` would not have
|
||||||
|
caused problems, but it will soon be deprecated, so best port away from
|
||||||
|
it
|
||||||
|
|
||||||
|
In particular, this fixes an overflow within `g_bytes_new()`, identified
|
||||||
|
as GHSL-2021-045 (aka CVE-2021-27219) by GHSL team member Kevin Backhouse.
|
||||||
|
|
||||||
|
Adapted for GLib 2.58 by Simon McVittie.
|
||||||
|
|
||||||
|
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
||||||
|
Fixes: CVE-2021-27219
|
||||||
|
Fixes: GHSL-2021-045
|
||||||
|
Helps: #2319
|
||||||
|
(cherry picked from commit 0736b7c1e7cf4232c5d7eb2b0fbfe9be81bd3baa)
|
||||||
|
[Backport to 2.58: Omit changes to ghash.c, will be a separate commit]
|
||||||
|
[Backport to 2.58: Omit changes to giochannel.c, not needed in this branch]
|
||||||
|
[Backport to 2.58: Omit changes to uri test, not needed in this branch]
|
||||||
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
||||||
|
---
|
||||||
|
glib/gbytes.c | 6 ++++--
|
||||||
|
glib/gdir.c | 3 ++-
|
||||||
|
glib/gslice.c | 3 ++-
|
||||||
|
glib/gtestutils.c | 3 ++-
|
||||||
|
glib/gvariant.c | 7 ++++---
|
||||||
|
glib/gvarianttype.c | 3 ++-
|
||||||
|
glib/tests/array-test.c | 2 +-
|
||||||
|
glib/tests/option-context.c | 6 ++++--
|
||||||
|
8 files changed, 21 insertions(+), 12 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/glib/gbytes.c b/glib/gbytes.c
|
||||||
|
index 3b14a51cd..5141170d7 100644
|
||||||
|
--- a/glib/gbytes.c
|
||||||
|
+++ b/glib/gbytes.c
|
||||||
|
@@ -33,6 +33,8 @@
|
||||||
|
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
+#include "gstrfuncsprivate.h"
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* GBytes:
|
||||||
|
*
|
||||||
|
@@ -94,7 +96,7 @@ g_bytes_new (gconstpointer data,
|
||||||
|
{
|
||||||
|
g_return_val_if_fail (data != NULL || size == 0, NULL);
|
||||||
|
|
||||||
|
- return g_bytes_new_take (g_memdup (data, size), size);
|
||||||
|
+ return g_bytes_new_take (g_memdup2 (data, size), size);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
@@ -490,7 +492,7 @@ g_bytes_unref_to_data (GBytes *bytes,
|
||||||
|
* Copy: Non g_malloc (or compatible) allocator, or static memory,
|
||||||
|
* so we have to copy, and then unref.
|
||||||
|
*/
|
||||||
|
- result = g_memdup (bytes->data, bytes->size);
|
||||||
|
+ result = g_memdup2 (bytes->data, bytes->size);
|
||||||
|
*size = bytes->size;
|
||||||
|
g_bytes_unref (bytes);
|
||||||
|
}
|
||||||
|
diff --git a/glib/gdir.c b/glib/gdir.c
|
||||||
|
index cb4ad0b2f..9d955d57f 100644
|
||||||
|
--- a/glib/gdir.c
|
||||||
|
+++ b/glib/gdir.c
|
||||||
|
@@ -37,6 +37,7 @@
|
||||||
|
#include "gconvert.h"
|
||||||
|
#include "gfileutils.h"
|
||||||
|
#include "gstrfuncs.h"
|
||||||
|
+#include "gstrfuncsprivate.h"
|
||||||
|
#include "gtestutils.h"
|
||||||
|
#include "glibintl.h"
|
||||||
|
|
||||||
|
@@ -113,7 +114,7 @@ g_dir_open_with_errno (const gchar *path,
|
||||||
|
return NULL;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
- return g_memdup (&dir, sizeof dir);
|
||||||
|
+ return g_memdup2 (&dir, sizeof dir);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
diff --git a/glib/gslice.c b/glib/gslice.c
|
||||||
|
index 454c8a602..8e2359515 100644
|
||||||
|
--- a/glib/gslice.c
|
||||||
|
+++ b/glib/gslice.c
|
||||||
|
@@ -45,6 +45,7 @@
|
||||||
|
#include "gmain.h"
|
||||||
|
#include "gmem.h" /* gslice.h */
|
||||||
|
#include "gstrfuncs.h"
|
||||||
|
+#include "gstrfuncsprivate.h"
|
||||||
|
#include "gutils.h"
|
||||||
|
#include "gtrashstack.h"
|
||||||
|
#include "gtestutils.h"
|
||||||
|
@@ -352,7 +353,7 @@ g_slice_get_config_state (GSliceConfig ckey,
|
||||||
|
array[i++] = allocator->contention_counters[address];
|
||||||
|
array[i++] = allocator_get_magazine_threshold (allocator, address);
|
||||||
|
*n_values = i;
|
||||||
|
- return g_memdup (array, sizeof (array[0]) * *n_values);
|
||||||
|
+ return g_memdup2 (array, sizeof (array[0]) * *n_values);
|
||||||
|
default:
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
diff --git a/glib/gtestutils.c b/glib/gtestutils.c
|
||||||
|
index 0447dcda5..14e071fce 100644
|
||||||
|
--- a/glib/gtestutils.c
|
||||||
|
+++ b/glib/gtestutils.c
|
||||||
|
@@ -49,6 +49,7 @@
|
||||||
|
#include "gpattern.h"
|
||||||
|
#include "grand.h"
|
||||||
|
#include "gstrfuncs.h"
|
||||||
|
+#include "gstrfuncsprivate.h"
|
||||||
|
#include "gtimer.h"
|
||||||
|
#include "gslice.h"
|
||||||
|
#include "gspawn.h"
|
||||||
|
@@ -3397,7 +3398,7 @@ g_test_log_extract (GTestLogBuffer *tbuffer)
|
||||||
|
if (p <= tbuffer->data->str + mlength)
|
||||||
|
{
|
||||||
|
g_string_erase (tbuffer->data, 0, mlength);
|
||||||
|
- tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup (&msg, sizeof (msg)));
|
||||||
|
+ tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup2 (&msg, sizeof (msg)));
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/glib/gvariant.c b/glib/gvariant.c
|
||||||
|
index 8be9ce798..45a1a73dc 100644
|
||||||
|
--- a/glib/gvariant.c
|
||||||
|
+++ b/glib/gvariant.c
|
||||||
|
@@ -33,6 +33,7 @@
|
||||||
|
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
+#include "gstrfuncsprivate.h"
|
||||||
|
|
||||||
|
/**
|
||||||
|
* SECTION:gvariant
|
||||||
|
@@ -720,7 +721,7 @@ g_variant_new_variant (GVariant *value)
|
||||||
|
g_variant_ref_sink (value);
|
||||||
|
|
||||||
|
return g_variant_new_from_children (G_VARIANT_TYPE_VARIANT,
|
||||||
|
- g_memdup (&value, sizeof value),
|
||||||
|
+ g_memdup2 (&value, sizeof value),
|
||||||
|
1, g_variant_is_trusted (value));
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1224,7 +1225,7 @@ g_variant_new_fixed_array (const GVariantType *element_type,
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
- data = g_memdup (elements, n_elements * element_size);
|
||||||
|
+ data = g_memdup2 (elements, n_elements * element_size);
|
||||||
|
value = g_variant_new_from_data (array_type, data,
|
||||||
|
n_elements * element_size,
|
||||||
|
FALSE, g_free, data);
|
||||||
|
@@ -1901,7 +1902,7 @@ g_variant_dup_bytestring (GVariant *value,
|
||||||
|
if (length)
|
||||||
|
*length = size;
|
||||||
|
|
||||||
|
- return g_memdup (original, size + 1);
|
||||||
|
+ return g_memdup2 (original, size + 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
diff --git a/glib/gvarianttype.c b/glib/gvarianttype.c
|
||||||
|
index c8433e65a..dbbf7d2d1 100644
|
||||||
|
--- a/glib/gvarianttype.c
|
||||||
|
+++ b/glib/gvarianttype.c
|
||||||
|
@@ -28,6 +28,7 @@
|
||||||
|
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
+#include "gstrfuncsprivate.h"
|
||||||
|
|
||||||
|
/**
|
||||||
|
* SECTION:gvarianttype
|
||||||
|
@@ -1174,7 +1175,7 @@ g_variant_type_new_tuple (const GVariantType * const *items,
|
||||||
|
g_assert (offset < sizeof buffer);
|
||||||
|
buffer[offset++] = ')';
|
||||||
|
|
||||||
|
- return (GVariantType *) g_memdup (buffer, offset);
|
||||||
|
+ return (GVariantType *) g_memdup2 (buffer, offset);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
||||||
|
From 7e2c2a07508a97b9d75e402afe4749b02a34dd8b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simon McVittie <smcv@collabora.com>
|
||||||
|
Date: Thu, 18 Mar 2021 10:31:00 +0000
|
||||||
|
Subject: [PATCH 3/6] ghash: Use g_memdup2() instead of g_memdup()
|
||||||
|
|
||||||
|
Backport of part of commit 0736b7c1e7cf4232c5d7eb2b0fbfe9be81bd3baa
|
||||||
|
to the simpler structure of the GHashTable code in glib-2-58.
|
||||||
|
|
||||||
|
Helps: #2319
|
||||||
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
||||||
|
---
|
||||||
|
glib/ghash.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/glib/ghash.c b/glib/ghash.c
|
||||||
|
index 6bb04a50d..608d136f4 100644
|
||||||
|
--- a/glib/ghash.c
|
||||||
|
+++ b/glib/ghash.c
|
||||||
|
@@ -34,6 +34,7 @@
|
||||||
|
|
||||||
|
#include "glib-private.h"
|
||||||
|
#include "gstrfuncs.h"
|
||||||
|
+#include "gstrfuncsprivate.h"
|
||||||
|
#include "gatomic.h"
|
||||||
|
#include "gtestutils.h"
|
||||||
|
#include "gslice.h"
|
||||||
|
@@ -967,7 +968,7 @@ g_hash_table_insert_node (GHashTable *hash_table,
|
||||||
|
* split the table.
|
||||||
|
*/
|
||||||
|
if (G_UNLIKELY (hash_table->keys == hash_table->values && hash_table->keys[node_index] != new_value))
|
||||||
|
- hash_table->values = g_memdup (hash_table->keys, sizeof (gpointer) * hash_table->size);
|
||||||
|
+ hash_table->values = g_memdup2 (hash_table->keys, sizeof (gpointer) * hash_table->size);
|
||||||
|
|
||||||
|
/* Step 3: Actually do the write */
|
||||||
|
hash_table->values[node_index] = new_value;
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
||||||
|
From 9e0c87610dccd1b0eaca28a3baa521ea6a24f46b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Philip Withnall <pwithnall@endlessos.org>
|
||||||
|
Date: Thu, 4 Feb 2021 13:39:25 +0000
|
||||||
|
Subject: [PATCH 4/6] gobject: Use g_memdup2() instead of g_memdup() in obvious
|
||||||
|
places
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Convert all the call sites which use `g_memdup()`’s length argument
|
||||||
|
trivially (for example, by passing a `sizeof()`), so that they use
|
||||||
|
`g_memdup2()` instead.
|
||||||
|
|
||||||
|
In almost all of these cases the use of `g_memdup()` would not have
|
||||||
|
caused problems, but it will soon be deprecated, so best port away from
|
||||||
|
it.
|
||||||
|
|
||||||
|
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
||||||
|
Helps: #2319
|
||||||
|
(cherry picked from commit 6110caea45b235420b98cd41d845cc92238f6781)
|
||||||
|
---
|
||||||
|
gobject/gsignal.c | 3 ++-
|
||||||
|
gobject/gtype.c | 9 +++++----
|
||||||
|
gobject/gtypemodule.c | 3 ++-
|
||||||
|
gobject/tests/param.c | 4 +++-
|
||||||
|
4 files changed, 12 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/gobject/gsignal.c b/gobject/gsignal.c
|
||||||
|
index b22dfcca8..92555eb60 100644
|
||||||
|
--- a/gobject/gsignal.c
|
||||||
|
+++ b/gobject/gsignal.c
|
||||||
|
@@ -28,6 +28,7 @@
|
||||||
|
#include <signal.h>
|
||||||
|
|
||||||
|
#include "gsignal.h"
|
||||||
|
+#include "gstrfuncsprivate.h"
|
||||||
|
#include "gtype-private.h"
|
||||||
|
#include "gbsearcharray.h"
|
||||||
|
#include "gvaluecollector.h"
|
||||||
|
@@ -1724,7 +1725,7 @@ g_signal_newv (const gchar *signal_name,
|
||||||
|
node->single_va_closure_is_valid = FALSE;
|
||||||
|
node->flags = signal_flags & G_SIGNAL_FLAGS_MASK;
|
||||||
|
node->n_params = n_params;
|
||||||
|
- node->param_types = g_memdup (param_types, sizeof (GType) * n_params);
|
||||||
|
+ node->param_types = g_memdup2 (param_types, sizeof (GType) * n_params);
|
||||||
|
node->return_type = return_type;
|
||||||
|
node->class_closure_bsa = NULL;
|
||||||
|
if (accumulator)
|
||||||
|
diff --git a/gobject/gtype.c b/gobject/gtype.c
|
||||||
|
index 275a8b60b..9e663ce52 100644
|
||||||
|
--- a/gobject/gtype.c
|
||||||
|
+++ b/gobject/gtype.c
|
||||||
|
@@ -33,6 +33,7 @@
|
||||||
|
|
||||||
|
#include "glib-private.h"
|
||||||
|
#include "gconstructor.h"
|
||||||
|
+#include "gstrfuncsprivate.h"
|
||||||
|
|
||||||
|
#ifdef G_OS_WIN32
|
||||||
|
#include <windows.h>
|
||||||
|
@@ -1471,7 +1472,7 @@ type_add_interface_Wm (TypeNode *node,
|
||||||
|
iholder->next = iface_node_get_holders_L (iface);
|
||||||
|
iface_node_set_holders_W (iface, iholder);
|
||||||
|
iholder->instance_type = NODE_TYPE (node);
|
||||||
|
- iholder->info = info ? g_memdup (info, sizeof (*info)) : NULL;
|
||||||
|
+ iholder->info = info ? g_memdup2 (info, sizeof (*info)) : NULL;
|
||||||
|
iholder->plugin = plugin;
|
||||||
|
|
||||||
|
/* create an iface entry for this type */
|
||||||
|
@@ -1732,7 +1733,7 @@ type_iface_retrieve_holder_info_Wm (TypeNode *iface,
|
||||||
|
INVALID_RECURSION ("g_type_plugin_*", iholder->plugin, NODE_NAME (iface));
|
||||||
|
|
||||||
|
check_interface_info_I (iface, instance_type, &tmp_info);
|
||||||
|
- iholder->info = g_memdup (&tmp_info, sizeof (tmp_info));
|
||||||
|
+ iholder->info = g_memdup2 (&tmp_info, sizeof (tmp_info));
|
||||||
|
}
|
||||||
|
|
||||||
|
return iholder; /* we don't modify write lock upon returning NULL */
|
||||||
|
@@ -2013,10 +2014,10 @@ type_iface_vtable_base_init_Wm (TypeNode *iface,
|
||||||
|
IFaceEntry *pentry = type_lookup_iface_entry_L (pnode, iface);
|
||||||
|
|
||||||
|
if (pentry)
|
||||||
|
- vtable = g_memdup (pentry->vtable, iface->data->iface.vtable_size);
|
||||||
|
+ vtable = g_memdup2 (pentry->vtable, iface->data->iface.vtable_size);
|
||||||
|
}
|
||||||
|
if (!vtable)
|
||||||
|
- vtable = g_memdup (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size);
|
||||||
|
+ vtable = g_memdup2 (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size);
|
||||||
|
entry->vtable = vtable;
|
||||||
|
vtable->g_type = NODE_TYPE (iface);
|
||||||
|
vtable->g_instance_type = NODE_TYPE (node);
|
||||||
|
diff --git a/gobject/gtypemodule.c b/gobject/gtypemodule.c
|
||||||
|
index c67f789b1..cf877bc0b 100644
|
||||||
|
--- a/gobject/gtypemodule.c
|
||||||
|
+++ b/gobject/gtypemodule.c
|
||||||
|
@@ -19,6 +19,7 @@
|
||||||
|
|
||||||
|
#include <stdlib.h>
|
||||||
|
|
||||||
|
+#include "gstrfuncsprivate.h"
|
||||||
|
#include "gtypeplugin.h"
|
||||||
|
#include "gtypemodule.h"
|
||||||
|
|
||||||
|
@@ -436,7 +437,7 @@ g_type_module_register_type (GTypeModule *module,
|
||||||
|
module_type_info->loaded = TRUE;
|
||||||
|
module_type_info->info = *type_info;
|
||||||
|
if (type_info->value_table)
|
||||||
|
- module_type_info->info.value_table = g_memdup (type_info->value_table,
|
||||||
|
+ module_type_info->info.value_table = g_memdup2 (type_info->value_table,
|
||||||
|
sizeof (GTypeValueTable));
|
||||||
|
|
||||||
|
return module_type_info->type;
|
||||||
|
diff --git a/gobject/tests/param.c b/gobject/tests/param.c
|
||||||
|
index 758289bf8..971cff162 100644
|
||||||
|
--- a/gobject/tests/param.c
|
||||||
|
+++ b/gobject/tests/param.c
|
||||||
|
@@ -2,6 +2,8 @@
|
||||||
|
#include <glib-object.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
|
||||||
|
+#include "gstrfuncsprivate.h"
|
||||||
|
+
|
||||||
|
static void
|
||||||
|
test_param_value (void)
|
||||||
|
{
|
||||||
|
@@ -851,7 +853,7 @@ main (int argc, char *argv[])
|
||||||
|
test_path = g_strdup_printf ("/param/implement/subprocess/%d-%d-%d-%d",
|
||||||
|
data.change_this_flag, data.change_this_type,
|
||||||
|
data.use_this_flag, data.use_this_type);
|
||||||
|
- test_data = g_memdup (&data, sizeof (TestParamImplementData));
|
||||||
|
+ test_data = g_memdup2 (&data, sizeof (TestParamImplementData));
|
||||||
|
g_test_add_data_func_full (test_path, test_data, test_param_implement_child, g_free);
|
||||||
|
g_free (test_path);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
||||||
|
From d3f7a79540fc1e85eb82c2987e9f7e2dbd93ff74 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Philip Withnall <pwithnall@endlessos.org>
|
||||||
|
Date: Thu, 4 Feb 2021 13:37:56 +0000
|
||||||
|
Subject: [PATCH 5/6] gio: Use g_memdup2() instead of g_memdup() in obvious
|
||||||
|
places
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Convert all the call sites which use `g_memdup()`’s length argument
|
||||||
|
trivially (for example, by passing a `sizeof()`), so that they use
|
||||||
|
`g_memdup2()` instead.
|
||||||
|
|
||||||
|
In almost all of these cases the use of `g_memdup()` would not have
|
||||||
|
caused problems, but it will soon be deprecated, so best port away from
|
||||||
|
it.
|
||||||
|
|
||||||
|
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
||||||
|
Helps: #2319
|
||||||
|
(cherry picked from commit be8834340a2d928ece82025463ae23dee2c333d0)
|
||||||
|
---
|
||||||
|
gio/gdbusconnection.c | 5 +++--
|
||||||
|
gio/gdbusinterfaceskeleton.c | 3 ++-
|
||||||
|
gio/gfile.c | 7 ++++---
|
||||||
|
gio/gsettingsschema.c | 5 +++--
|
||||||
|
gio/gwin32registrykey.c | 8 +++++---
|
||||||
|
gio/tests/async-close-output-stream.c | 6 ++++--
|
||||||
|
gio/tests/gdbus-export.c | 5 +++--
|
||||||
|
gio/win32/gwinhttpfile.c | 9 +++++----
|
||||||
|
8 files changed, 29 insertions(+), 19 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/gio/gdbusconnection.c b/gio/gdbusconnection.c
|
||||||
|
index 6f7e5fefc..117c8df35 100644
|
||||||
|
--- a/gio/gdbusconnection.c
|
||||||
|
+++ b/gio/gdbusconnection.c
|
||||||
|
@@ -119,6 +119,7 @@
|
||||||
|
#include "gasyncinitable.h"
|
||||||
|
#include "giostream.h"
|
||||||
|
#include "gasyncresult.h"
|
||||||
|
+#include "gstrfuncsprivate.h"
|
||||||
|
#include "gtask.h"
|
||||||
|
|
||||||
|
#ifdef G_OS_UNIX
|
||||||
|
@@ -3970,7 +3971,7 @@ _g_dbus_interface_vtable_copy (const GDBusInterfaceVTable *vtable)
|
||||||
|
/* Don't waste memory by copying padding - remember to update this
|
||||||
|
* when changing struct _GDBusInterfaceVTable in gdbusconnection.h
|
||||||
|
*/
|
||||||
|
- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer));
|
||||||
|
+ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer));
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
@@ -3987,7 +3988,7 @@ _g_dbus_subtree_vtable_copy (const GDBusSubtreeVTable *vtable)
|
||||||
|
/* Don't waste memory by copying padding - remember to update this
|
||||||
|
* when changing struct _GDBusSubtreeVTable in gdbusconnection.h
|
||||||
|
*/
|
||||||
|
- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer));
|
||||||
|
+ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer));
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
diff --git a/gio/gdbusinterfaceskeleton.c b/gio/gdbusinterfaceskeleton.c
|
||||||
|
index 96bd520aa..672604c49 100644
|
||||||
|
--- a/gio/gdbusinterfaceskeleton.c
|
||||||
|
+++ b/gio/gdbusinterfaceskeleton.c
|
||||||
|
@@ -27,6 +27,7 @@
|
||||||
|
#include "gdbusprivate.h"
|
||||||
|
#include "gdbusmethodinvocation.h"
|
||||||
|
#include "gdbusconnection.h"
|
||||||
|
+#include "gstrfuncsprivate.h"
|
||||||
|
#include "gtask.h"
|
||||||
|
#include "gioerror.h"
|
||||||
|
|
||||||
|
@@ -697,7 +698,7 @@ add_connection_locked (GDBusInterfaceSkeleton *interface_,
|
||||||
|
* properly before building the hooked_vtable, so we create it
|
||||||
|
* once at the last minute.
|
||||||
|
*/
|
||||||
|
- interface_->priv->hooked_vtable = g_memdup (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable));
|
||||||
|
+ interface_->priv->hooked_vtable = g_memdup2 (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable));
|
||||||
|
interface_->priv->hooked_vtable->method_call = skeleton_intercept_handle_method_call;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/gio/gfile.c b/gio/gfile.c
|
||||||
|
index ff313ebf8..29ebaaa62 100644
|
||||||
|
--- a/gio/gfile.c
|
||||||
|
+++ b/gio/gfile.c
|
||||||
|
@@ -60,6 +60,7 @@
|
||||||
|
#include "gasyncresult.h"
|
||||||
|
#include "gioerror.h"
|
||||||
|
#include "glibintl.h"
|
||||||
|
+#include "gstrfuncsprivate.h"
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
@@ -7734,7 +7735,7 @@ measure_disk_usage_progress (gboolean reporting,
|
||||||
|
g_main_context_invoke_full (g_task_get_context (task),
|
||||||
|
g_task_get_priority (task),
|
||||||
|
measure_disk_usage_invoke_progress,
|
||||||
|
- g_memdup (&progress, sizeof progress),
|
||||||
|
+ g_memdup2 (&progress, sizeof progress),
|
||||||
|
g_free);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -7752,7 +7753,7 @@ measure_disk_usage_thread (GTask *task,
|
||||||
|
data->progress_callback ? measure_disk_usage_progress : NULL, task,
|
||||||
|
&result.disk_usage, &result.num_dirs, &result.num_files,
|
||||||
|
&error))
|
||||||
|
- g_task_return_pointer (task, g_memdup (&result, sizeof result), g_free);
|
||||||
|
+ g_task_return_pointer (task, g_memdup2 (&result, sizeof result), g_free);
|
||||||
|
else
|
||||||
|
g_task_return_error (task, error);
|
||||||
|
}
|
||||||
|
@@ -7776,7 +7777,7 @@ g_file_real_measure_disk_usage_async (GFile *file,
|
||||||
|
|
||||||
|
task = g_task_new (file, cancellable, callback, user_data);
|
||||||
|
g_task_set_source_tag (task, g_file_real_measure_disk_usage_async);
|
||||||
|
- g_task_set_task_data (task, g_memdup (&data, sizeof data), g_free);
|
||||||
|
+ g_task_set_task_data (task, g_memdup2 (&data, sizeof data), g_free);
|
||||||
|
g_task_set_priority (task, io_priority);
|
||||||
|
|
||||||
|
g_task_run_in_thread (task, measure_disk_usage_thread);
|
||||||
|
diff --git a/gio/gsettingsschema.c b/gio/gsettingsschema.c
|
||||||
|
index 17b7e3b01..499944395 100644
|
||||||
|
--- a/gio/gsettingsschema.c
|
||||||
|
+++ b/gio/gsettingsschema.c
|
||||||
|
@@ -20,6 +20,7 @@
|
||||||
|
|
||||||
|
#include "gsettingsschema-internal.h"
|
||||||
|
#include "gsettings.h"
|
||||||
|
+#include "gstrfuncsprivate.h"
|
||||||
|
|
||||||
|
#include "gvdb/gvdb-reader.h"
|
||||||
|
#include "strinfo.c"
|
||||||
|
@@ -1054,9 +1055,9 @@ g_settings_schema_list_children (GSettingsSchema *schema)
|
||||||
|
|
||||||
|
if (g_str_has_suffix (key, "/"))
|
||||||
|
{
|
||||||
|
- gint length = strlen (key);
|
||||||
|
+ gsize length = strlen (key);
|
||||||
|
|
||||||
|
- strv[j] = g_memdup (key, length);
|
||||||
|
+ strv[j] = g_memdup2 (key, length);
|
||||||
|
strv[j][length - 1] = '\0';
|
||||||
|
j++;
|
||||||
|
}
|
||||||
|
diff --git a/gio/gwin32registrykey.c b/gio/gwin32registrykey.c
|
||||||
|
index c19fede4e..619fd48af 100644
|
||||||
|
--- a/gio/gwin32registrykey.c
|
||||||
|
+++ b/gio/gwin32registrykey.c
|
||||||
|
@@ -28,6 +28,8 @@
|
||||||
|
#include <ntstatus.h>
|
||||||
|
#include <winternl.h>
|
||||||
|
|
||||||
|
+#include "gstrfuncsprivate.h"
|
||||||
|
+
|
||||||
|
#ifndef _WDMDDK_
|
||||||
|
typedef enum _KEY_INFORMATION_CLASS {
|
||||||
|
KeyBasicInformation,
|
||||||
|
@@ -247,7 +249,7 @@ g_win32_registry_value_iter_copy (const GWin32RegistryValueIter *iter)
|
||||||
|
new_iter->value_name_size = iter->value_name_size;
|
||||||
|
|
||||||
|
if (iter->value_data != NULL)
|
||||||
|
- new_iter->value_data = g_memdup (iter->value_data, iter->value_data_size);
|
||||||
|
+ new_iter->value_data = g_memdup2 (iter->value_data, iter->value_data_size);
|
||||||
|
|
||||||
|
new_iter->value_data_size = iter->value_data_size;
|
||||||
|
|
||||||
|
@@ -268,8 +270,8 @@ g_win32_registry_value_iter_copy (const GWin32RegistryValueIter *iter)
|
||||||
|
new_iter->value_data_expanded_charsize = iter->value_data_expanded_charsize;
|
||||||
|
|
||||||
|
if (iter->value_data_expanded_u8 != NULL)
|
||||||
|
- new_iter->value_data_expanded_u8 = g_memdup (iter->value_data_expanded_u8,
|
||||||
|
- iter->value_data_expanded_charsize);
|
||||||
|
+ new_iter->value_data_expanded_u8 = g_memdup2 (iter->value_data_expanded_u8,
|
||||||
|
+ iter->value_data_expanded_charsize);
|
||||||
|
|
||||||
|
new_iter->value_data_expanded_u8_size = iter->value_data_expanded_charsize;
|
||||||
|
|
||||||
|
diff --git a/gio/tests/async-close-output-stream.c b/gio/tests/async-close-output-stream.c
|
||||||
|
index 5f6620275..d3f97a119 100644
|
||||||
|
--- a/gio/tests/async-close-output-stream.c
|
||||||
|
+++ b/gio/tests/async-close-output-stream.c
|
||||||
|
@@ -24,6 +24,8 @@
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
+#include "gstrfuncsprivate.h"
|
||||||
|
+
|
||||||
|
#define DATA_TO_WRITE "Hello world\n"
|
||||||
|
|
||||||
|
typedef struct
|
||||||
|
@@ -147,9 +149,9 @@ prepare_data (SetupData *data,
|
||||||
|
|
||||||
|
data->expected_size = g_memory_output_stream_get_data_size (G_MEMORY_OUTPUT_STREAM (data->data_stream));
|
||||||
|
|
||||||
|
- g_assert_cmpint (data->expected_size, >, 0);
|
||||||
|
+ g_assert_cmpuint (data->expected_size, >, 0);
|
||||||
|
|
||||||
|
- data->expected_output = g_memdup (written, (guint)data->expected_size);
|
||||||
|
+ data->expected_output = g_memdup2 (written, data->expected_size);
|
||||||
|
|
||||||
|
/* then recreate the streams and prepare them for the asynchronous close */
|
||||||
|
destroy_streams (data);
|
||||||
|
diff --git a/gio/tests/gdbus-export.c b/gio/tests/gdbus-export.c
|
||||||
|
index ef0dddeee..a3c842360 100644
|
||||||
|
--- a/gio/tests/gdbus-export.c
|
||||||
|
+++ b/gio/tests/gdbus-export.c
|
||||||
|
@@ -23,6 +23,7 @@
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
#include "gdbus-tests.h"
|
||||||
|
+#include "gstrfuncsprivate.h"
|
||||||
|
|
||||||
|
/* all tests rely on a shared mainloop */
|
||||||
|
static GMainLoop *loop = NULL;
|
||||||
|
@@ -652,7 +653,7 @@ subtree_introspect (GDBusConnection *connection,
|
||||||
|
g_assert_not_reached ();
|
||||||
|
}
|
||||||
|
|
||||||
|
- return g_memdup (interfaces, 2 * sizeof (void *));
|
||||||
|
+ return g_memdup2 (interfaces, 2 * sizeof (void *));
|
||||||
|
}
|
||||||
|
|
||||||
|
static const GDBusInterfaceVTable *
|
||||||
|
@@ -708,7 +709,7 @@ dynamic_subtree_introspect (GDBusConnection *connection,
|
||||||
|
{
|
||||||
|
const GDBusInterfaceInfo *interfaces[2] = { &dyna_interface_info, NULL };
|
||||||
|
|
||||||
|
- return g_memdup (interfaces, 2 * sizeof (void *));
|
||||||
|
+ return g_memdup2 (interfaces, 2 * sizeof (void *));
|
||||||
|
}
|
||||||
|
|
||||||
|
static const GDBusInterfaceVTable *
|
||||||
|
diff --git a/gio/win32/gwinhttpfile.c b/gio/win32/gwinhttpfile.c
|
||||||
|
index d5df16d91..f424d21cc 100644
|
||||||
|
--- a/gio/win32/gwinhttpfile.c
|
||||||
|
+++ b/gio/win32/gwinhttpfile.c
|
||||||
|
@@ -29,6 +29,7 @@
|
||||||
|
#include "gio/gfile.h"
|
||||||
|
#include "gio/gfileattribute.h"
|
||||||
|
#include "gio/gfileinfo.h"
|
||||||
|
+#include "gstrfuncsprivate.h"
|
||||||
|
#include "gwinhttpfile.h"
|
||||||
|
#include "gwinhttpfileinputstream.h"
|
||||||
|
#include "gwinhttpfileoutputstream.h"
|
||||||
|
@@ -393,10 +394,10 @@ g_winhttp_file_resolve_relative_path (GFile *file,
|
||||||
|
child = g_object_new (G_TYPE_WINHTTP_FILE, NULL);
|
||||||
|
child->vfs = winhttp_file->vfs;
|
||||||
|
child->url = winhttp_file->url;
|
||||||
|
- child->url.lpszScheme = g_memdup (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2);
|
||||||
|
- child->url.lpszHostName = g_memdup (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2);
|
||||||
|
- child->url.lpszUserName = g_memdup (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2);
|
||||||
|
- child->url.lpszPassword = g_memdup (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2);
|
||||||
|
+ child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2);
|
||||||
|
+ child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2);
|
||||||
|
+ child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2);
|
||||||
|
+ child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2);
|
||||||
|
child->url.lpszUrlPath = wnew_path;
|
||||||
|
child->url.dwUrlPathLength = wcslen (wnew_path);
|
||||||
|
child->url.lpszExtraInfo = NULL;
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
||||||
|
From 661f5edc901219a1a99bb51f171be13063878bd6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michael Catanzaro <mcatanzaro@redhat.com>
|
||||||
|
Date: Thu, 20 May 2021 15:58:53 -0500
|
||||||
|
Subject: [PATCH 6/6] gdatainputstream: replace easy use of g_memdup()
|
||||||
|
|
||||||
|
This code is passing a gsize, so might as well switch this to g_memdup2().
|
||||||
|
|
||||||
|
This is the only use of g_memdup() in GLib 2.56 that is not part of GLib
|
||||||
|
2.58. All other uses analyzed in glib!2000.
|
||||||
|
---
|
||||||
|
gio/gdatainputstream.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/gio/gdatainputstream.c b/gio/gdatainputstream.c
|
||||||
|
index 9f207b158..ebef7c797 100644
|
||||||
|
--- a/gio/gdatainputstream.c
|
||||||
|
+++ b/gio/gdatainputstream.c
|
||||||
|
@@ -27,6 +27,7 @@
|
||||||
|
#include "gioenumtypes.h"
|
||||||
|
#include "gioerror.h"
|
||||||
|
#include "glibintl.h"
|
||||||
|
+#include "gstrfuncsprivate.h"
|
||||||
|
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
@@ -1082,7 +1083,7 @@ g_data_input_stream_read_async (GDataInputStream *stream,
|
||||||
|
data = g_slice_new0 (GDataInputStreamReadData);
|
||||||
|
if (stop_chars_len == -1)
|
||||||
|
stop_chars_len = strlen (stop_chars);
|
||||||
|
- data->stop_chars = g_memdup (stop_chars, stop_chars_len);
|
||||||
|
+ data->stop_chars = g_memdup2 (stop_chars, stop_chars_len);
|
||||||
|
data->stop_chars_len = stop_chars_len;
|
||||||
|
data->last_saw_cr = FALSE;
|
||||||
|
|
||||||
|
--
|
||||||
|
2.31.1
|
@ -1,3 +1,59 @@
|
|||||||
|
From 8fef6abe1131da0c8a7211c740a12ebe11cbcc51 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Philip Withnall <pwithnall@endlessos.org>
|
||||||
|
Date: Wed, 10 Mar 2021 16:05:55 +0000
|
||||||
|
Subject: [PATCH 1/3] glocalfileoutputstream: Factor out a flag check
|
||||||
|
|
||||||
|
This clarifies the code a little. It introduces no functional changes.
|
||||||
|
|
||||||
|
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
||||||
|
---
|
||||||
|
gio/glocalfileoutputstream.c | 9 +++++----
|
||||||
|
1 file changed, 5 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
|
||||||
|
index 57d2d5dfe..6a70b2a04 100644
|
||||||
|
--- a/gio/glocalfileoutputstream.c
|
||||||
|
+++ b/gio/glocalfileoutputstream.c
|
||||||
|
@@ -751,6 +751,7 @@ handle_overwrite_open (const char *filename,
|
||||||
|
int res;
|
||||||
|
int mode;
|
||||||
|
int errsv;
|
||||||
|
+ gboolean replace_destination_set = (flags & G_FILE_CREATE_REPLACE_DESTINATION);
|
||||||
|
|
||||||
|
mode = mode_from_flags_or_info (flags, reference_info);
|
||||||
|
|
||||||
|
@@ -857,8 +858,8 @@ handle_overwrite_open (const char *filename,
|
||||||
|
* The second strategy consist simply in copying the old file
|
||||||
|
* to a backup file and rewrite the contents of the file.
|
||||||
|
*/
|
||||||
|
-
|
||||||
|
- if ((flags & G_FILE_CREATE_REPLACE_DESTINATION) ||
|
||||||
|
+
|
||||||
|
+ if (replace_destination_set ||
|
||||||
|
(!(original_stat.st_nlink > 1) && !is_symlink))
|
||||||
|
{
|
||||||
|
char *dirname, *tmp_filename;
|
||||||
|
@@ -877,7 +878,7 @@ handle_overwrite_open (const char *filename,
|
||||||
|
|
||||||
|
/* try to keep permissions (unless replacing) */
|
||||||
|
|
||||||
|
- if ( ! (flags & G_FILE_CREATE_REPLACE_DESTINATION) &&
|
||||||
|
+ if (!replace_destination_set &&
|
||||||
|
(
|
||||||
|
#ifdef HAVE_FCHOWN
|
||||||
|
fchown (tmpfd, original_stat.st_uid, original_stat.st_gid) == -1 ||
|
||||||
|
@@ -1016,7 +1017,7 @@ handle_overwrite_open (const char *filename,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (flags & G_FILE_CREATE_REPLACE_DESTINATION)
|
||||||
|
+ if (replace_destination_set)
|
||||||
|
{
|
||||||
|
g_close (fd, NULL);
|
||||||
|
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
||||||
From 6c10e8ce6905e8fcc3466eb8af707b5d0d3bdb85 Mon Sep 17 00:00:00 2001
|
From 6c10e8ce6905e8fcc3466eb8af707b5d0d3bdb85 Mon Sep 17 00:00:00 2001
|
||||||
From: Philip Withnall <pwithnall@endlessos.org>
|
From: Philip Withnall <pwithnall@endlessos.org>
|
||||||
Date: Wed, 24 Feb 2021 17:36:07 +0000
|
Date: Wed, 24 Feb 2021 17:36:07 +0000
|
||||||
@ -276,3 +332,57 @@ index 98eeb85d4..44db6e295 100644
|
|||||||
--
|
--
|
||||||
2.31.1
|
2.31.1
|
||||||
|
|
||||||
|
From 7f0b0d7fd744ad2f51236444005db49c80a0293d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Philip Withnall <pwithnall@endlessos.org>
|
||||||
|
Date: Wed, 24 Feb 2021 17:42:24 +0000
|
||||||
|
Subject: [PATCH 3/3] glocalfileoutputstream: Add a missing O_CLOEXEC flag to
|
||||||
|
replace()
|
||||||
|
|
||||||
|
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
||||||
|
---
|
||||||
|
gio/glocalfileoutputstream.c | 15 ++++++++++++---
|
||||||
|
1 file changed, 12 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
|
||||||
|
index 4a7766f68..275770fa4 100644
|
||||||
|
--- a/gio/glocalfileoutputstream.c
|
||||||
|
+++ b/gio/glocalfileoutputstream.c
|
||||||
|
@@ -56,6 +56,12 @@
|
||||||
|
#define O_BINARY 0
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#ifndef O_CLOEXEC
|
||||||
|
+#define O_CLOEXEC 0
|
||||||
|
+#else
|
||||||
|
+#define HAVE_O_CLOEXEC 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
struct _GLocalFileOutputStreamPrivate {
|
||||||
|
char *tmp_filename;
|
||||||
|
char *original_filename;
|
||||||
|
@@ -1127,7 +1133,7 @@ _g_local_file_output_stream_replace (const char *filename,
|
||||||
|
sync_on_close = FALSE;
|
||||||
|
|
||||||
|
/* If the file doesn't exist, create it */
|
||||||
|
- open_flags = O_CREAT | O_EXCL | O_BINARY;
|
||||||
|
+ open_flags = O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC;
|
||||||
|
if (readable)
|
||||||
|
open_flags |= O_RDWR;
|
||||||
|
else
|
||||||
|
@@ -1157,8 +1163,11 @@ _g_local_file_output_stream_replace (const char *filename,
|
||||||
|
set_error_from_open_errno (filename, error);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
-
|
||||||
|
-
|
||||||
|
+#if !defined(HAVE_O_CLOEXEC) && defined(F_SETFD)
|
||||||
|
+ else
|
||||||
|
+ fcntl (fd, F_SETFD, FD_CLOEXEC);
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
stream = g_object_new (G_TYPE_LOCAL_FILE_OUTPUT_STREAM, NULL);
|
||||||
|
stream->priv->fd = fd;
|
||||||
|
stream->priv->sync_on_close = sync_on_close;
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
386
SOURCES/gmain-corruption.patch
Normal file
386
SOURCES/gmain-corruption.patch
Normal file
@ -0,0 +1,386 @@
|
|||||||
|
From 2bad3cb3bf8f0cc3f45057061f9a538ecf7742b6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
|
||||||
|
Date: Thu, 14 Feb 2019 17:46:33 +0200
|
||||||
|
Subject: [PATCH 1/5] Use atomic reference counting for GSource
|
||||||
|
|
||||||
|
If attached to a context already it would use a mutex instead but at
|
||||||
|
least before that the reference counting is not thread-safe currently.
|
||||||
|
---
|
||||||
|
glib/gmain.c | 50 +++++++++++++++-----------------------------------
|
||||||
|
1 file changed, 15 insertions(+), 35 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/glib/gmain.c b/glib/gmain.c
|
||||||
|
index 26e68823d..5b91c3117 100644
|
||||||
|
--- a/glib/gmain.c
|
||||||
|
+++ b/glib/gmain.c
|
||||||
|
@@ -374,15 +374,6 @@ typedef struct _GSourceIter
|
||||||
|
#define SOURCE_DESTROYED(source) (((source)->flags & G_HOOK_FLAG_ACTIVE) == 0)
|
||||||
|
#define SOURCE_BLOCKED(source) (((source)->flags & G_SOURCE_BLOCKED) != 0)
|
||||||
|
|
||||||
|
-#define SOURCE_UNREF(source, context) \
|
||||||
|
- G_STMT_START { \
|
||||||
|
- if ((source)->ref_count > 1) \
|
||||||
|
- (source)->ref_count--; \
|
||||||
|
- else \
|
||||||
|
- g_source_unref_internal ((source), (context), TRUE); \
|
||||||
|
- } G_STMT_END
|
||||||
|
-
|
||||||
|
-
|
||||||
|
/* Forward declarations */
|
||||||
|
|
||||||
|
static void g_source_unref_internal (GSource *source,
|
||||||
|
@@ -977,10 +968,10 @@ g_source_iter_next (GSourceIter *iter, GSource **source)
|
||||||
|
*/
|
||||||
|
|
||||||
|
if (iter->source && iter->may_modify)
|
||||||
|
- SOURCE_UNREF (iter->source, iter->context);
|
||||||
|
+ g_source_unref_internal (iter->source, iter->context, TRUE);
|
||||||
|
iter->source = next_source;
|
||||||
|
if (iter->source && iter->may_modify)
|
||||||
|
- iter->source->ref_count++;
|
||||||
|
+ g_source_ref (iter->source);
|
||||||
|
|
||||||
|
*source = iter->source;
|
||||||
|
return *source != NULL;
|
||||||
|
@@ -994,7 +985,7 @@ g_source_iter_clear (GSourceIter *iter)
|
||||||
|
{
|
||||||
|
if (iter->source && iter->may_modify)
|
||||||
|
{
|
||||||
|
- SOURCE_UNREF (iter->source, iter->context);
|
||||||
|
+ g_source_unref_internal (iter->source, iter->context, TRUE);
|
||||||
|
iter->source = NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -1135,7 +1126,7 @@ g_source_attach_unlocked (GSource *source,
|
||||||
|
|
||||||
|
source->context = context;
|
||||||
|
source->source_id = id;
|
||||||
|
- source->ref_count++;
|
||||||
|
+ g_source_ref (source);
|
||||||
|
|
||||||
|
g_hash_table_insert (context->sources, GUINT_TO_POINTER (id), source);
|
||||||
|
|
||||||
|
@@ -1675,7 +1666,7 @@ g_source_set_funcs (GSource *source,
|
||||||
|
{
|
||||||
|
g_return_if_fail (source != NULL);
|
||||||
|
g_return_if_fail (source->context == NULL);
|
||||||
|
- g_return_if_fail (source->ref_count > 0);
|
||||||
|
+ g_return_if_fail (g_atomic_int_get (&source->ref_count) > 0);
|
||||||
|
g_return_if_fail (funcs != NULL);
|
||||||
|
|
||||||
|
source->source_funcs = funcs;
|
||||||
|
@@ -2050,19 +2041,9 @@ g_source_set_name_by_id (guint tag,
|
||||||
|
GSource *
|
||||||
|
g_source_ref (GSource *source)
|
||||||
|
{
|
||||||
|
- GMainContext *context;
|
||||||
|
-
|
||||||
|
g_return_val_if_fail (source != NULL, NULL);
|
||||||
|
|
||||||
|
- context = source->context;
|
||||||
|
-
|
||||||
|
- if (context)
|
||||||
|
- LOCK_CONTEXT (context);
|
||||||
|
-
|
||||||
|
- source->ref_count++;
|
||||||
|
-
|
||||||
|
- if (context)
|
||||||
|
- UNLOCK_CONTEXT (context);
|
||||||
|
+ g_atomic_int_inc (&source->ref_count);
|
||||||
|
|
||||||
|
return source;
|
||||||
|
}
|
||||||
|
@@ -2078,12 +2059,11 @@ g_source_unref_internal (GSource *source,
|
||||||
|
GSourceCallbackFuncs *old_cb_funcs = NULL;
|
||||||
|
|
||||||
|
g_return_if_fail (source != NULL);
|
||||||
|
-
|
||||||
|
+
|
||||||
|
if (!have_lock && context)
|
||||||
|
LOCK_CONTEXT (context);
|
||||||
|
|
||||||
|
- source->ref_count--;
|
||||||
|
- if (source->ref_count == 0)
|
||||||
|
+ if (g_atomic_int_dec_and_test (&source->ref_count))
|
||||||
|
{
|
||||||
|
TRACE (GLIB_SOURCE_BEFORE_FREE (source, context,
|
||||||
|
source->source_funcs->finalize));
|
||||||
|
@@ -2107,20 +2087,20 @@ g_source_unref_internal (GSource *source,
|
||||||
|
{
|
||||||
|
/* Temporarily increase the ref count again so that GSource methods
|
||||||
|
* can be called from finalize(). */
|
||||||
|
- source->ref_count++;
|
||||||
|
+ g_atomic_int_inc (&source->ref_count);
|
||||||
|
if (context)
|
||||||
|
UNLOCK_CONTEXT (context);
|
||||||
|
source->source_funcs->finalize (source);
|
||||||
|
if (context)
|
||||||
|
LOCK_CONTEXT (context);
|
||||||
|
- source->ref_count--;
|
||||||
|
+ g_atomic_int_add (&source->ref_count, -1);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (old_cb_funcs)
|
||||||
|
{
|
||||||
|
/* Temporarily increase the ref count again so that GSource methods
|
||||||
|
* can be called from callback_funcs.unref(). */
|
||||||
|
- source->ref_count++;
|
||||||
|
+ g_atomic_int_inc (&source->ref_count);
|
||||||
|
if (context)
|
||||||
|
UNLOCK_CONTEXT (context);
|
||||||
|
|
||||||
|
@@ -2128,7 +2108,7 @@ g_source_unref_internal (GSource *source,
|
||||||
|
|
||||||
|
if (context)
|
||||||
|
LOCK_CONTEXT (context);
|
||||||
|
- source->ref_count--;
|
||||||
|
+ g_atomic_int_add (&source->ref_count, -1);
|
||||||
|
}
|
||||||
|
|
||||||
|
g_free (source->name);
|
||||||
|
@@ -3201,7 +3181,7 @@ g_main_dispatch (GMainContext *context)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- SOURCE_UNREF (source, context);
|
||||||
|
+ g_source_unref_internal (source, context, TRUE);
|
||||||
|
}
|
||||||
|
|
||||||
|
g_ptr_array_set_size (context->pending_dispatches, 0);
|
||||||
|
@@ -3440,7 +3420,7 @@ g_main_context_prepare (GMainContext *context,
|
||||||
|
for (i = 0; i < context->pending_dispatches->len; i++)
|
||||||
|
{
|
||||||
|
if (context->pending_dispatches->pdata[i])
|
||||||
|
- SOURCE_UNREF ((GSource *)context->pending_dispatches->pdata[i], context);
|
||||||
|
+ g_source_unref_internal ((GSource *)context->pending_dispatches->pdata[i], context, TRUE);
|
||||||
|
}
|
||||||
|
g_ptr_array_set_size (context->pending_dispatches, 0);
|
||||||
|
|
||||||
|
@@ -3788,7 +3768,7 @@ g_main_context_check (GMainContext *context,
|
||||||
|
|
||||||
|
if (source->flags & G_SOURCE_READY)
|
||||||
|
{
|
||||||
|
- source->ref_count++;
|
||||||
|
+ g_source_ref (source);
|
||||||
|
g_ptr_array_add (context->pending_dispatches, source);
|
||||||
|
|
||||||
|
n_ready++;
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
||||||
|
From 323d0c7658a9a44efc327840c0667044a4b98f89 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
|
||||||
|
Date: Mon, 3 Feb 2020 15:38:28 +0200
|
||||||
|
Subject: [PATCH 2/5] GMainContext - Fix GSource iterator if iteration can
|
||||||
|
modify the list
|
||||||
|
|
||||||
|
We first have to ref the next source and then unref the previous one.
|
||||||
|
This might be the last reference to the previous source, and freeing the
|
||||||
|
previous source might unref and free the next one which would then leave
|
||||||
|
use with a dangling pointer here.
|
||||||
|
|
||||||
|
Fixes https://gitlab.gnome.org/GNOME/glib/issues/2031
|
||||||
|
---
|
||||||
|
glib/gmain.c | 8 ++++++--
|
||||||
|
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/glib/gmain.c b/glib/gmain.c
|
||||||
|
index 5b91c3117..a3ea1d36c 100644
|
||||||
|
--- a/glib/gmain.c
|
||||||
|
+++ b/glib/gmain.c
|
||||||
|
@@ -965,13 +965,17 @@ g_source_iter_next (GSourceIter *iter, GSource **source)
|
||||||
|
* GSourceList to be removed from source_lists (if iter->source is
|
||||||
|
* the only source in its list, and it is destroyed), so we have to
|
||||||
|
* keep it reffed until after we advance iter->current_list, above.
|
||||||
|
+ *
|
||||||
|
+ * Also we first have to ref the next source before unreffing the
|
||||||
|
+ * previous one as unreffing the previous source can potentially
|
||||||
|
+ * free the next one.
|
||||||
|
*/
|
||||||
|
+ if (next_source && iter->may_modify)
|
||||||
|
+ g_source_ref (next_source);
|
||||||
|
|
||||||
|
if (iter->source && iter->may_modify)
|
||||||
|
g_source_unref_internal (iter->source, iter->context, TRUE);
|
||||||
|
iter->source = next_source;
|
||||||
|
- if (iter->source && iter->may_modify)
|
||||||
|
- g_source_ref (iter->source);
|
||||||
|
|
||||||
|
*source = iter->source;
|
||||||
|
return *source != NULL;
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
||||||
|
From fc051ec83d8894dd754bf364562ba9be9ff999fc Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
|
||||||
|
Date: Mon, 3 Feb 2020 15:35:51 +0200
|
||||||
|
Subject: [PATCH 3/5] GMainContext - Fix memory leaks and memory corruption
|
||||||
|
when freeing sources while freeing a context
|
||||||
|
|
||||||
|
Instead of destroying sources directly while freeing the context, and
|
||||||
|
potentially freeing them if this was the last reference to them, collect
|
||||||
|
new references of all sources in a separate list before and at the same
|
||||||
|
time invalidate their context so that they can't access it anymore. Only
|
||||||
|
once all sources have their context invalidated, destroy them while
|
||||||
|
still keeping a reference to them. Once all sources are destroyed we get
|
||||||
|
rid of the additional references and free them if nothing else keeps a
|
||||||
|
reference to them anymore.
|
||||||
|
|
||||||
|
This fixes a regression introduced by 26056558be in 2012.
|
||||||
|
|
||||||
|
The previous code that invalidated the context of each source and then
|
||||||
|
destroyed it before going to the next source without keeping an
|
||||||
|
additional reference caused memory leaks or memory corruption depending
|
||||||
|
on the order of the sources in the sources lists.
|
||||||
|
|
||||||
|
If a source was destroyed it might happen that this was the last
|
||||||
|
reference to this source, and it would then be freed. This would cause
|
||||||
|
the finalize function to be called, which might destroy and unref
|
||||||
|
another source and potentially free it. This other source would then
|
||||||
|
either
|
||||||
|
- go through the normal free logic and change the intern linked list
|
||||||
|
between the sources, while other sources that are unreffed as part of
|
||||||
|
the main context freeing would not. As such the list would be in an
|
||||||
|
inconsistent state and we might dereference freed memory.
|
||||||
|
- go through the normal destroy and free logic but because the context
|
||||||
|
pointer was already invalidated it would simply mark the source as
|
||||||
|
destroyed without actually removing it from the context. This would
|
||||||
|
then cause a memory leak because the reference owned by the context is
|
||||||
|
not freed.
|
||||||
|
|
||||||
|
Fixes https://github.com/gtk-rs/glib/issues/583 while still keeping
|
||||||
|
https://bugzilla.gnome.org/show_bug.cgi?id=661767 fixes.
|
||||||
|
---
|
||||||
|
glib/gmain.c | 35 ++++++++++++++++++++++++++++++++++-
|
||||||
|
1 file changed, 34 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/glib/gmain.c b/glib/gmain.c
|
||||||
|
index a3ea1d36c..1c249ad02 100644
|
||||||
|
--- a/glib/gmain.c
|
||||||
|
+++ b/glib/gmain.c
|
||||||
|
@@ -534,6 +534,7 @@ g_main_context_unref (GMainContext *context)
|
||||||
|
GSourceIter iter;
|
||||||
|
GSource *source;
|
||||||
|
GList *sl_iter;
|
||||||
|
+ GSList *s_iter, *remaining_sources = NULL;
|
||||||
|
GSourceList *list;
|
||||||
|
guint i;
|
||||||
|
|
||||||
|
@@ -553,10 +554,30 @@ g_main_context_unref (GMainContext *context)
|
||||||
|
|
||||||
|
/* g_source_iter_next() assumes the context is locked. */
|
||||||
|
LOCK_CONTEXT (context);
|
||||||
|
- g_source_iter_init (&iter, context, TRUE);
|
||||||
|
+
|
||||||
|
+ /* First collect all remaining sources from the sources lists and store a
|
||||||
|
+ * new reference in a separate list. Also set the context of the sources
|
||||||
|
+ * to NULL so that they can't access a partially destroyed context anymore.
|
||||||
|
+ *
|
||||||
|
+ * We have to do this first so that we have a strong reference to all
|
||||||
|
+ * sources and destroying them below does not also free them, and so that
|
||||||
|
+ * none of the sources can access the context from their finalize/dispose
|
||||||
|
+ * functions. */
|
||||||
|
+ g_source_iter_init (&iter, context, FALSE);
|
||||||
|
while (g_source_iter_next (&iter, &source))
|
||||||
|
{
|
||||||
|
source->context = NULL;
|
||||||
|
+ remaining_sources = g_slist_prepend (remaining_sources, g_source_ref (source));
|
||||||
|
+ }
|
||||||
|
+ g_source_iter_clear (&iter);
|
||||||
|
+
|
||||||
|
+ /* Next destroy all sources. As we still hold a reference to all of them,
|
||||||
|
+ * this won't cause any of them to be freed yet and especially prevents any
|
||||||
|
+ * source that unrefs another source from its finalize function to be freed.
|
||||||
|
+ */
|
||||||
|
+ for (s_iter = remaining_sources; s_iter; s_iter = s_iter->next)
|
||||||
|
+ {
|
||||||
|
+ source = s_iter->data;
|
||||||
|
g_source_destroy_internal (source, context, TRUE);
|
||||||
|
}
|
||||||
|
UNLOCK_CONTEXT (context);
|
||||||
|
@@ -581,6 +602,18 @@ g_main_context_unref (GMainContext *context)
|
||||||
|
g_cond_clear (&context->cond);
|
||||||
|
|
||||||
|
g_free (context);
|
||||||
|
+
|
||||||
|
+ /* And now finally get rid of our references to the sources. This will cause
|
||||||
|
+ * them to be freed unless something else still has a reference to them. Due
|
||||||
|
+ * to setting the context pointers in the sources to NULL above, this won't
|
||||||
|
+ * ever access the context or the internal linked list inside the GSource.
|
||||||
|
+ * We already removed the sources completely from the context above. */
|
||||||
|
+ for (s_iter = remaining_sources; s_iter; s_iter = s_iter->next)
|
||||||
|
+ {
|
||||||
|
+ source = s_iter->data;
|
||||||
|
+ g_source_unref_internal (source, NULL, FALSE);
|
||||||
|
+ }
|
||||||
|
+ g_slist_free (remaining_sources);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Helper function used by mainloop/overflow test.
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
||||||
|
From 1d16e92028f235ed9cd786070832d5bd71017661 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
|
||||||
|
Date: Tue, 11 Feb 2020 09:34:38 +0200
|
||||||
|
Subject: [PATCH 4/5] GMainContext - Move mutex unlocking in destructor right
|
||||||
|
before freeing the mutex
|
||||||
|
|
||||||
|
This does not have any behaviour changes but is cleaner. The mutex is
|
||||||
|
only unlocked now after all operations on the context are done and right
|
||||||
|
before freeing the mutex and the context itself.
|
||||||
|
---
|
||||||
|
glib/gmain.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/glib/gmain.c b/glib/gmain.c
|
||||||
|
index 1c249ad02..44e6ed0c3 100644
|
||||||
|
--- a/glib/gmain.c
|
||||||
|
+++ b/glib/gmain.c
|
||||||
|
@@ -580,7 +580,6 @@ g_main_context_unref (GMainContext *context)
|
||||||
|
source = s_iter->data;
|
||||||
|
g_source_destroy_internal (source, context, TRUE);
|
||||||
|
}
|
||||||
|
- UNLOCK_CONTEXT (context);
|
||||||
|
|
||||||
|
for (sl_iter = context->source_lists; sl_iter; sl_iter = sl_iter->next)
|
||||||
|
{
|
||||||
|
@@ -591,6 +590,7 @@ g_main_context_unref (GMainContext *context)
|
||||||
|
|
||||||
|
g_hash_table_destroy (context->sources);
|
||||||
|
|
||||||
|
+ UNLOCK_CONTEXT (context);
|
||||||
|
g_mutex_clear (&context->mutex);
|
||||||
|
|
||||||
|
g_ptr_array_free (context->pending_dispatches, TRUE);
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
||||||
|
From 02ad7294ad5895178df73a6cd8546c6e67097493 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Benjamin Berg <bberg@redhat.com>
|
||||||
|
Date: Tue, 13 Oct 2020 15:09:43 +0200
|
||||||
|
Subject: [PATCH 5/5] gmain: Fix possible locking issue in source unref
|
||||||
|
|
||||||
|
When unref'ing child sources, the lock is already held. But instead of
|
||||||
|
passing TRUE to g_source_unref_internal it currently passes whether the
|
||||||
|
lock was already held outside of the current invocation. Just pass TRUE
|
||||||
|
to fix this possible issue.
|
||||||
|
---
|
||||||
|
glib/gmain.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/glib/gmain.c b/glib/gmain.c
|
||||||
|
index 44e6ed0c3..95992253d 100644
|
||||||
|
--- a/glib/gmain.c
|
||||||
|
+++ b/glib/gmain.c
|
||||||
|
@@ -2164,7 +2164,7 @@ g_source_unref_internal (GSource *source,
|
||||||
|
g_slist_remove (source->priv->child_sources, child_source);
|
||||||
|
child_source->priv->parent_source = NULL;
|
||||||
|
|
||||||
|
- g_source_unref_internal (child_source, context, have_lock);
|
||||||
|
+ g_source_unref_internal (child_source, context, TRUE);
|
||||||
|
}
|
||||||
|
|
||||||
|
g_slice_free (GSourcePrivate, source->priv);
|
||||||
|
--
|
||||||
|
2.31.1
|
@ -94,3 +94,49 @@ index 6e417f6c1..a7b19826d 100644
|
|||||||
--
|
--
|
||||||
2.19.1
|
2.19.1
|
||||||
|
|
||||||
|
From 4ef58e5661849317a1110c9b93957f2c608677dd Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simon McVittie <smcv@collabora.com>
|
||||||
|
Date: Thu, 3 Jan 2019 08:21:40 +0000
|
||||||
|
Subject: [PATCH 2/2] gvariant test: Also force alignment for tuple test data
|
||||||
|
|
||||||
|
glib!552 (commit 9eed22b3) fixed this for the tests that failed on i686,
|
||||||
|
but this additional test failed on Debian's s390x port
|
||||||
|
(IBM z/Architecture, 64-bit big-endian).
|
||||||
|
|
||||||
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
||||||
|
---
|
||||||
|
glib/tests/gvariant.c | 7 +++++--
|
||||||
|
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/glib/tests/gvariant.c b/glib/tests/gvariant.c
|
||||||
|
index a7b19826d..c4a996c1f 100644
|
||||||
|
--- a/glib/tests/gvariant.c
|
||||||
|
+++ b/glib/tests/gvariant.c
|
||||||
|
@@ -4820,6 +4820,7 @@ test_normal_checking_array_offsets (void)
|
||||||
|
static void
|
||||||
|
test_normal_checking_tuple_offsets (void)
|
||||||
|
{
|
||||||
|
+ gpointer aligned_data;
|
||||||
|
const guint8 data[] = {
|
||||||
|
0x07, 0xe5, 0x00, 0x07, 0x00, 0x07,
|
||||||
|
'(', 'a', 's', 'a', 's', 'a', 's', 'a', 's', 'a', 's', 'a', 's', ')',
|
||||||
|
@@ -4828,13 +4829,15 @@ test_normal_checking_tuple_offsets (void)
|
||||||
|
GVariant *variant = NULL;
|
||||||
|
GVariant *normal_variant = NULL;
|
||||||
|
|
||||||
|
- variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, data, size,
|
||||||
|
- FALSE, NULL, NULL);
|
||||||
|
+ aligned_data = g_memdup (data, size); /* guarantee alignment */
|
||||||
|
+ variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, aligned_data,
|
||||||
|
+ size, FALSE, NULL, NULL);
|
||||||
|
g_assert_nonnull (variant);
|
||||||
|
|
||||||
|
normal_variant = g_variant_get_normal_form (variant);
|
||||||
|
g_assert_nonnull (normal_variant);
|
||||||
|
|
||||||
|
+ g_free (aligned_data);
|
||||||
|
g_variant_unref (normal_variant);
|
||||||
|
g_variant_unref (variant);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.19.1
|
109
SPECS/glib2.spec
109
SPECS/glib2.spec
@ -5,7 +5,7 @@
|
|||||||
|
|
||||||
Name: glib2
|
Name: glib2
|
||||||
Version: 2.56.4
|
Version: 2.56.4
|
||||||
Release: 12%{?dist}
|
Release: 13%{?dist}
|
||||||
Summary: A library of handy utility functions
|
Summary: A library of handy utility functions
|
||||||
|
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
@ -37,73 +37,71 @@ BuildRequires: python3-devel
|
|||||||
# for GIO content-type support
|
# for GIO content-type support
|
||||||
Recommends: shared-mime-info
|
Recommends: shared-mime-info
|
||||||
|
|
||||||
# Downstream patches
|
# Implement RHEL 8 core crypto components policy
|
||||||
Patch01: 0001-gdbus-unix-addresses-test-don-t-g_debug-when-also-te.patch
|
|
||||||
|
|
||||||
# Backported from git master
|
|
||||||
Patch10: 0001-codegen-Change-pointer-casting-to-remove-type-punnin.patch
|
|
||||||
Patch11: 0001-spawn-add-shebang-line-to-script.patch
|
|
||||||
Patch12: 0001-build-sys-Pass-CFLAGS-to-DTRACE.patch
|
|
||||||
Patch13: 0001-gfile-Limit-access-to-files-when-copying.patch
|
|
||||||
|
|
||||||
# Backported from git glib-2-56 branch
|
|
||||||
Patch20: 0001-tests-Allocate-gvariant-data-from-the-heap-to-guaran.patch
|
|
||||||
Patch21: 0002-gvariant-test-Also-force-alignment-for-tuple-test-da.patch
|
|
||||||
|
|
||||||
# Backported from 2.58 (for 3.32 GNOME rebase)
|
|
||||||
Patch30: backport-per-desktop-overrides.patch
|
|
||||||
|
|
||||||
# https://gitlab.gnome.org/GNOME/glib/merge_requests/903
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1630260
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1630260
|
||||||
Patch37: ghmac-gnutls.patch
|
# https://gitlab.gnome.org/GNOME/glib/merge_requests/903
|
||||||
|
Patch0: ghmac-gnutls.patch
|
||||||
|
|
||||||
# Backported from git
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/50
|
||||||
Patch40: 0001-gdbus-codegen-honor-Property.EmitsChangedSignal-anno.patch
|
Patch1: 50.patch
|
||||||
|
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/309
|
||||||
|
Patch2: 309.patch
|
||||||
|
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/403
|
||||||
|
Patch3: 409.patch
|
||||||
|
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/546
|
||||||
|
Patch4: 546.patch
|
||||||
|
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/876
|
||||||
|
Patch5: CVE-2019-12450.patch
|
||||||
|
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/552
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/569
|
||||||
|
Patch6: gvariant-tests.patch
|
||||||
|
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/105
|
||||||
|
Patch7: 105.patch
|
||||||
|
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/532
|
||||||
|
Patch8: 532.patch
|
||||||
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1777213
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1777213
|
||||||
Patch50: 0001-gcredentialsprivate-Document-the-various-private-mac.patch
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1176
|
||||||
Patch51: 0001-GDBus-prefer-getsockopt-style-credentials-passing-AP.patch
|
Patch9: 1176.patch
|
||||||
Patch52: 0001-credentials-Invalid-Linux-struct-ucred-means-no-info.patch
|
|
||||||
|
|
||||||
# Mostly from https://gitlab.gnome.org/GNOME/glib/-/commits/master/gio/gkeyfilesettingsbackend.c
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/450
|
||||||
Patch60: keyfile-backend.patch
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/603
|
||||||
# https://gitlab.gnome.org/GNOME/glib/-/issues/1658
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/974
|
||||||
Patch61: CVE-2019-13012.patch
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/984
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/985
|
||||||
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1927
|
Patch10: keyfile-backend.patch
|
||||||
Patch70: 0001-gstrfuncs-Add-internal-g_memdup2-function.patch
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/604
|
||||||
Patch71: 0002-gio-Use-g_memdup2-instead-of-g_memdup-in-obvious-pla.patch
|
Patch11: CVE-2019-13012.patch
|
||||||
Patch72: 0003-gobject-Use-g_memdup2-instead-of-g_memdup-in-obvious.patch
|
|
||||||
Patch73: 0004-glib-Use-g_memdup2-instead-of-g_memdup-in-obvious-pl.patch
|
|
||||||
Patch74: 0005-gwinhttpfile-Avoid-arithmetic-overflow-when-calculat.patch
|
|
||||||
Patch75: 0006-gdatainputstream-Handle-stop_chars_len-internally-as.patch
|
|
||||||
Patch76: 0007-gwin32-Use-gsize-internally-in-g_wcsdup.patch
|
|
||||||
Patch77: 0008-gkeyfilesettingsbackend-Handle-long-keys-when-conver.patch
|
|
||||||
Patch78: 0009-gsocket-Use-gsize-to-track-native-sockaddr-s-size.patch
|
|
||||||
Patch79: 0010-gtlspassword-Forbid-very-long-TLS-passwords.patch
|
|
||||||
Patch80: 0011-giochannel-Forbid-very-long-line-terminator-strings.patch
|
|
||||||
Patch81: 0012-Use-more-g_memdup2.patch
|
|
||||||
|
|
||||||
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942
|
||||||
Patch90: 0001-gbytearray-Do-not-accept-too-large-byte-arrays.patch
|
Patch12: CVE-2021-27218.patch
|
||||||
|
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1927
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2000
|
||||||
|
Patch13: CVE-2021-27219.patch
|
||||||
|
|
||||||
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1981
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1981
|
||||||
Patch100: 0001-glocalfileoutputstream-Factor-out-a-flag-check.patch
|
Patch14: CVE-2021-28153.patch
|
||||||
Patch101: 0002-glocalfileoutputstream-Fix-CREATE_REPLACE_DESTINATIO.patch
|
|
||||||
Patch102: 0003-glocalfileoutputstream-Add-a-missing-O_CLOEXEC-flag-.patch
|
|
||||||
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1938284
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1938284
|
||||||
Patch110: 0001-libcharset-Drop-a-redundant-environment-variable.patch
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1369
|
||||||
|
Patch15: 1369.patch
|
||||||
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1948988
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1948988
|
||||||
Patch120: 0001-Use-atomic-reference-counting-for-GSource.patch
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/873
|
||||||
Patch121: 0002-GMainContext-Fix-GSource-iterator-if-iteration-can-m.patch
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1353
|
||||||
Patch122: 0003-GMainContext-Fix-memory-leaks-and-memory-corruption-.patch
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1691
|
||||||
Patch123: 0004-GMainContext-Move-mutex-unlocking-in-destructor-righ.patch
|
Patch16: gmain-corruption.patch
|
||||||
Patch124: 0005-gmain-Fix-possible-locking-issue-in-source-unref.patch
|
|
||||||
|
|
||||||
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1713
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1713
|
||||||
Patch130: 0001-gmain-g_main_context_check-can-skip-updating-polled-.patch
|
Patch17: 1713.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
GLib is the low-level core library that forms the basis for projects
|
GLib is the low-level core library that forms the basis for projects
|
||||||
@ -302,6 +300,11 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
|
|||||||
%{_datadir}/installed-tests
|
%{_datadir}/installed-tests
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 20 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-13
|
||||||
|
- Rename and consolidate existing patches for better maintainability
|
||||||
|
- Refresh CVE-2021-27219 patcheset, using better-targeted fixes
|
||||||
|
Resolves: #1939108
|
||||||
|
|
||||||
* Wed May 05 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-12
|
* Wed May 05 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-12
|
||||||
- Fix various problems in GMainContext
|
- Fix various problems in GMainContext
|
||||||
Resolves: #1948988
|
Resolves: #1948988
|
||||||
|
Loading…
Reference in New Issue
Block a user