diff --git a/backport-Add-lock-in-_g_get_unix_mount_points-around-fsent-functions.patch b/backport-Add-lock-in-_g_get_unix_mount_points-around-fsent-functions.patch new file mode 100644 index 0000000000000000000000000000000000000000..45a09bc99448c0d1eebdd72d139b579904b690fa --- /dev/null +++ b/backport-Add-lock-in-_g_get_unix_mount_points-around-fsent-functions.patch @@ -0,0 +1,68 @@ +From f43cf341511dd684a58c09e104e28c11987cbff1 Mon Sep 17 00:00:00 2001 +From: Rozhuk Ivan +Date: Sat, 25 Jun 2022 18:46:08 +0300 +Subject: [PATCH] [PATCH] Add lock in _g_get_unix_mount_points() around + *fsent() functions + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/f43cf341511dd684a58c09e104e28c11987cbff1 + +--- + gio/gunixmounts.c | 22 +++++++++++++--------- + 1 file changed, 13 insertions(+), 9 deletions(-) + +diff --git a/gio/gunixmounts.c b/gio/gunixmounts.c +index 563bdba3b2..3005aa7af3 100644 +--- a/gio/gunixmounts.c ++++ b/gio/gunixmounts.c +@@ -1410,17 +1410,13 @@ _g_get_unix_mount_points (void) + { + struct fstab *fstab = NULL; + GUnixMountPoint *mount_point; +- GList *return_list; ++ GList *return_list = NULL; ++ G_LOCK_DEFINE_STATIC (fsent); + #ifdef HAVE_SYS_SYSCTL_H + int usermnt = 0; + struct stat sb; + #endif +- +- if (!setfsent ()) +- return NULL; + +- return_list = NULL; +- + #ifdef HAVE_SYS_SYSCTL_H + #if defined(HAVE_SYSCTLBYNAME) + { +@@ -1448,7 +1444,14 @@ _g_get_unix_mount_points (void) + } + #endif + #endif +- ++ ++ G_LOCK (fsent); ++ if (!setfsent ()) ++ { ++ G_UNLOCK (fsent); ++ return NULL; ++ } ++ + while ((fstab = getfsent ()) != NULL) + { + gboolean is_read_only = FALSE; +@@ -1482,9 +1485,10 @@ _g_get_unix_mount_points (void) + + return_list = g_list_prepend (return_list, mount_point); + } +- ++ + endfsent (); +- ++ G_UNLOCK (fsent); ++ + return g_list_reverse (return_list); + } + /* Interix {{{2 */ +-- +GitLab diff --git a/backport-Fix-memory-leak-in-gdbusauthmechanismsha1.patch b/backport-Fix-memory-leak-in-gdbusauthmechanismsha1.patch new file mode 100644 index 0000000000000000000000000000000000000000..23899f15a6679607349a4f748d757d8480adb90c --- /dev/null +++ b/backport-Fix-memory-leak-in-gdbusauthmechanismsha1.patch @@ -0,0 +1,27 @@ +From 6ec432386ef98e26e5079b060ad823277e10f41f Mon Sep 17 00:00:00 2001 +From: Loic Le Page +Date: Wed, 26 Jan 2022 14:20:08 +0100 +Subject: [PATCH] Fix memory leak in gio/gdbusauthmechanismsha1.c + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/6ec432386ef98e26e5079b060ad823277e10f41f + +--- + gio/gdbusauthmechanismsha1.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/gio/gdbusauthmechanismsha1.c b/gio/gdbusauthmechanismsha1.c +index a82dddf839..8137b6352d 100644 +--- a/gio/gdbusauthmechanismsha1.c ++++ b/gio/gdbusauthmechanismsha1.c +@@ -909,6 +909,7 @@ keyring_generate_entry (const gchar *cookie_context, + _("(Additionally, releasing the lock for “%s” also failed: %s) "), + path, + local_error->message); ++ g_error_free (local_error); + } + } + else +-- +GitLab + diff --git a/backport-dbusmessage-Disallow-empty-structures-tuples-in-D-Bus-messages.patch b/backport-dbusmessage-Disallow-empty-structures-tuples-in-D-Bus-messages.patch new file mode 100644 index 0000000000000000000000000000000000000000..d22dc95550f2e760924a63cef35dd91ddd7aa5d9 --- /dev/null +++ b/backport-dbusmessage-Disallow-empty-structures-tuples-in-D-Bus-messages.patch @@ -0,0 +1,172 @@ +From 6499ad53567a64cb70f2fdc690ad405350fe1ce3 Mon Sep 17 00:00:00 2001 +From: Sebastian Wilhelmi +Date: Thu, 6 Jan 2022 21:04:56 +0000 +Subject: [PATCH] gdbusmessage: Disallow empty structures/tuples in D-Bus + messages + +They are disallowed in the specification: +https://dbus.freedesktop.org/doc/dbus-specification.html#container-types + +Helps: #2557 + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/6499ad53567a64cb70f2fdc690ad405350fe1ce3 + +--- + gio/gdbusmessage.c | 19 +++++++ + gio/tests/gdbus-serialization.c | 88 +++++++++++++++++++++++++++++++++ + 2 files changed, 107 insertions(+) + +diff --git a/gio/gdbusmessage.c b/gio/gdbusmessage.c +index 6e3bd8b..0645b90 100644 +--- a/gio/gdbusmessage.c ++++ b/gio/gdbusmessage.c +@@ -1833,6 +1833,16 @@ parse_value_from_blob (GMemoryBuffer *buf, + + g_variant_builder_init (&builder, type); + element_type = g_variant_type_first (type); ++ if (!element_type) ++ { ++ g_variant_builder_clear (&builder); ++ g_set_error_literal (&local_error, ++ G_IO_ERROR, ++ G_IO_ERROR_INVALID_ARGUMENT, ++ _("Empty structures (tuples) are not allowed in D-Bus")); ++ goto fail; ++ } ++ + while (element_type != NULL) + { + GVariant *item; +@@ -2538,6 +2548,15 @@ append_value_to_blob (GVariant *value, + default: + if (g_variant_type_is_dict_entry (type) || g_variant_type_is_tuple (type)) + { ++ if (!g_variant_type_first (type)) ++ { ++ g_set_error_literal (error, ++ G_IO_ERROR, ++ G_IO_ERROR_INVALID_ARGUMENT, ++ _("Empty structures (tuples) are not allowed in D-Bus")); ++ goto fail; ++ } ++ + padding_added = ensure_output_padding (mbuf, 8); + if (value != NULL) + { +diff --git a/gio/tests/gdbus-serialization.c b/gio/tests/gdbus-serialization.c +index 2ca28d9..34df053 100644 +--- a/gio/tests/gdbus-serialization.c ++++ b/gio/tests/gdbus-serialization.c +@@ -1411,6 +1411,90 @@ test_message_parse_deep_body_nesting (void) + g_clear_error (&local_error); + } + ++static void ++test_message_parse_empty_structure (void) ++{ ++ const guint8 data[] = ++ { ++ 'l', /* little-endian byte order */ ++ 0x02, /* message type (method return) */ ++ 0x00, /* message flags (none) */ ++ 0x01, /* major protocol version */ ++ 0x08, 0x00, 0x00, 0x00, /* body length (in bytes) */ ++ 0x00, 0x00, 0x00, 0x00, /* message serial */ ++ /* a{yv} of header fields */ ++ 0x20, 0x00, 0x00, 0x00, /* array length (in bytes), must be a multiple of 8 */ ++ 0x01, /* array key (PATH) */ ++ 0x01, /* signature length */ ++ 'o', /* type (OBJECT_PATH) */ ++ 0x00, /* nul terminator */ ++ 0x05, 0x00, 0x00, 0x00, /* length 5 */ ++ '/', 'p', 'a', 't', 'h', 0x00, 0x00, 0x00, /* string '/path' and padding */ ++ 0x03, /* array key (MEMBER) */ ++ 0x01, /* signature length */ ++ 's', /* type (STRING) */ ++ 0x00, /* nul terminator */ ++ 0x06, 0x00, 0x00, 0x00, /* length 6 */ ++ 'M', 'e', 'm', 'b', 'e', 'r', 0x00, 0x00, /* string 'Member' and padding */ ++ 0x08, /* array key (SIGNATURE) */ ++ 0x01, /* signature length */ ++ 'g', /* type (SIGNATURE) */ ++ 0x00, /* nul terminator */ ++ 0x03, /* length 3 */ ++ 'a', '(', ')', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* type 'a()' and padding */ ++ 0x08, 0x00, 0x00, 0x00, /* array length: 4 bytes */ ++ 0x00, 0x00, 0x00, 0x00, /* padding to 8 bytes */ ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* array data */ ++ 0x00 ++ }; ++ gsize size = sizeof (data); ++ GDBusMessage *message = NULL; ++ GError *local_error = NULL; ++ ++ g_test_summary ("Test that empty structures are rejected when parsing."); ++ g_test_bug ("https://gitlab.gnome.org/GNOME/glib/-/issues/2557"); ++ ++ message = g_dbus_message_new_from_blob ((guchar *) data, size, ++ G_DBUS_CAPABILITY_FLAGS_NONE, ++ &local_error); ++ g_assert_error (local_error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT); ++ g_assert_cmpstr (local_error->message, ==, "Empty structures (tuples) are not allowed in D-Bus"); ++ g_assert_null (message); ++ ++ g_clear_error (&local_error); ++} ++ ++static void ++test_message_serialize_empty_structure (void) ++{ ++ GDBusMessage *message; ++ GVariantBuilder builder; ++ gsize size = 0; ++ GError *local_error = NULL; ++ ++ g_test_summary ("Test that empty structures are rejected when serializing."); ++ g_test_bug ("https://gitlab.gnome.org/GNOME/glib/-/issues/2557"); ++ ++ message = g_dbus_message_new (); ++ g_variant_builder_init (&builder, G_VARIANT_TYPE ("(a())")); ++ g_variant_builder_open (&builder, G_VARIANT_TYPE ("a()")); ++ g_variant_builder_add (&builder, "()"); ++ g_variant_builder_close (&builder); ++ g_dbus_message_set_message_type (message, G_DBUS_MESSAGE_TYPE_METHOD_CALL); ++ g_dbus_message_set_header (message, G_DBUS_MESSAGE_HEADER_FIELD_PATH, ++ g_variant_new_object_path ("/path")); ++ g_dbus_message_set_header (message, G_DBUS_MESSAGE_HEADER_FIELD_MEMBER, ++ g_variant_new_string ("Member")); ++ g_dbus_message_set_body (message, g_variant_builder_end (&builder)); ++ ++ g_dbus_message_to_blob (message, &size, G_DBUS_CAPABILITY_FLAGS_NONE, &local_error); ++ g_assert_error (local_error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT); ++ g_assert_cmpstr (local_error->message, ==, "Empty structures (tuples) are not allowed in D-Bus"); ++ ++ g_clear_error (&local_error); ++ g_clear_object (&message); ++} ++ + /* ---------------------------------------------------------------------------------------------------- */ + + int +@@ -1433,6 +1517,8 @@ main (int argc, + test_message_serialize_header_checks); + g_test_add_func ("/gdbus/message-serialize/double-array", + test_message_serialize_double_array); ++ g_test_add_func ("/gdbus/message-serialize/empty-structure", ++ test_message_serialize_empty_structure); + + g_test_add_func ("/gdbus/message-parse/empty-arrays-of-arrays", + test_message_parse_empty_arrays_of_arrays); +@@ -1448,6 +1534,8 @@ main (int argc, + test_message_parse_deep_header_nesting); + g_test_add_func ("/gdbus/message-parse/deep-body-nesting", + test_message_parse_deep_body_nesting); ++ g_test_add_func ("/gdbus/message-parse/empty-structure", ++ test_message_parse_empty_structure); + + return g_test_run(); + } +-- +GitLab + diff --git a/backport-g_get_unix_mount_points-reduce-syscalls-inside-loop.patch b/backport-g_get_unix_mount_points-reduce-syscalls-inside-loop.patch new file mode 100644 index 0000000000000000000000000000000000000000..0ab04beaafc7e8bcb405d2de0e1efe6affbf932e --- /dev/null +++ b/backport-g_get_unix_mount_points-reduce-syscalls-inside-loop.patch @@ -0,0 +1,46 @@ +From 02d0d6497b92d05d1145d1077654ad2453938b6c Mon Sep 17 00:00:00 2001 +From: Rozhuk Ivan +Date: Sat, 25 Jun 2022 19:01:30 +0300 +Subject: [PATCH] [PATCH] _g_get_unix_mount_points(): reduce syscalls inside + loop + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/02d0d6497b92d05d1145d1077654ad2453938b6c + +--- + gio/gunixmounts.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) +diff --git a/gio/gunixmounts.c b/gio/gunixmounts.c +index ba08245..92ab163 100644 +--- a/gio/gunixmounts.c ++++ b/gio/gunixmounts.c +@@ -1414,6 +1414,7 @@ _g_get_unix_mount_points (void) + GList *return_list = NULL; + G_LOCK_DEFINE_STATIC (fsent); + #ifdef HAVE_SYS_SYSCTL_H ++ uid_t uid = getuid (); + int usermnt = 0; + struct stat sb; + #endif +@@ -1466,14 +1467,13 @@ _g_get_unix_mount_points (void) + + #ifdef HAVE_SYS_SYSCTL_H + if (usermnt != 0) +- { +- uid_t uid = getuid (); +- if (stat (fstab->fs_file, &sb) == 0) +- { +- if (uid == 0 || sb.st_uid == uid) +- is_user_mountable = TRUE; +- } +- } ++ { ++ if (uid == 0 || ++ (stat (fstab->fs_file, &sb) == 0 && sb.st_uid == uid)) ++ { ++ is_user_mountable = TRUE; ++ } ++ } + #endif + + mount_point = create_unix_mount_point (fstab->fs_spec, diff --git a/backport-garray-Fix-integer-overflows-in-element-capacity-calculations.patch b/backport-garray-Fix-integer-overflows-in-element-capacity-calculations.patch new file mode 100644 index 0000000000000000000000000000000000000000..8191bb4df017edf9d4d7e35c64455bca0dd98044 --- /dev/null +++ b/backport-garray-Fix-integer-overflows-in-element-capacity-calculations.patch @@ -0,0 +1,56 @@ +From 374a1895b62b2504d0b6ae1c404237802e73ddb6 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Tue, 18 Jan 2022 13:45:13 +0000 +Subject: [PATCH] garray: Fix integer overflows in element capacity + calculations + +Integer overflows in size calculations of buffers (GArray and GPtrArray) +allow subsequent buffer overflows. This happens due to conversions +between gsize and guint. + +Proof of concept demonstrations of the overflows can be found in issue +2578. They are not being added as unit tests as they require too much +memory to test. + +This will affect `GArray`s which are 4GB in size, or `GPtrArray`s which +are 48GB in size. + +Fixes: #2578 + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/374a1895b62b2504d0b6ae1c404237802e73ddb6 + +--- + glib/garray.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/glib/garray.c b/glib/garray.c +index 3803fee037..b441562154 100644 +--- a/glib/garray.c ++++ b/glib/garray.c +@@ -1001,7 +1001,7 @@ g_array_maybe_expand (GRealArray *array, + memset (g_array_elt_pos (array, array->elt_capacity), 0, + g_array_elt_len (array, want_len - array->elt_capacity)); + +- array->elt_capacity = want_alloc / array->elt_size; ++ array->elt_capacity = MIN (want_alloc / array->elt_size, G_MAXUINT); + } + } + +@@ -1518,9 +1518,10 @@ g_ptr_array_maybe_expand (GRealPtrArray *array, + if ((array->len + len) > array->alloc) + { + guint old_alloc = array->alloc; +- array->alloc = g_nearest_pow (array->len + len); +- array->alloc = MAX (array->alloc, MIN_ARRAY_SIZE); +- array->pdata = g_realloc (array->pdata, sizeof (gpointer) * array->alloc); ++ gsize want_alloc = g_nearest_pow (sizeof (gpointer) * (array->len + len)); ++ want_alloc = MAX (want_alloc, MIN_ARRAY_SIZE); ++ array->alloc = MIN (want_alloc / sizeof (gpointer), G_MAXUINT); ++ array->pdata = g_realloc (array->pdata, want_alloc); + if (G_UNLIKELY (g_mem_gc_friendly)) + for ( ; old_alloc < array->alloc; old_alloc++) + array->pdata [old_alloc] = NULL; +-- +GitLab + diff --git a/backport-garray-buffer-overflow-fix.patch b/backport-garray-buffer-overflow-fix.patch new file mode 100644 index 0000000000000000000000000000000000000000..d1830408b9774ffa2cc9c42962287a821ef94d73 --- /dev/null +++ b/backport-garray-buffer-overflow-fix.patch @@ -0,0 +1,280 @@ +From 3a877835389a5e094d2f5d8e7288cd715add4599 Mon Sep 17 00:00:00 2001 +From: blushingpenguin +Date: Sat, 16 Oct 2021 16:45:00 +0100 +Subject: [PATCH] #1331: buffer overflow fix + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/3a877835389a5e094d2f5d8e7288cd715add4599 + +--- + glib/garray.c | 57 ++++++++++++++++++++----------------- + glib/tests/array-test.c | 62 +++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 94 insertions(+), 25 deletions(-) + +diff --git a/glib/garray.c b/glib/garray.c +index 025747ee56..48b3c0c4b5 100644 +--- a/glib/garray.c ++++ b/glib/garray.c +@@ -107,7 +107,7 @@ struct _GRealArray + { + guint8 *data; + guint len; +- guint alloc; ++ guint elt_capacity; + guint elt_size; + guint zero_terminated : 1; + guint clear : 1; +@@ -150,7 +150,7 @@ struct _GRealArray + * Returns: the element of the #GArray at the index given by @i + */ + +-#define g_array_elt_len(array,i) ((array)->elt_size * (i)) ++#define g_array_elt_len(array,i) ((gsize)(array)->elt_size * (i)) + #define g_array_elt_pos(array,i) ((array)->data + g_array_elt_len((array),(i))) + #define g_array_elt_zero(array, pos, len) \ + (memset (g_array_elt_pos ((array), pos), 0, g_array_elt_len ((array), len))) +@@ -159,7 +159,7 @@ struct _GRealArray + g_array_elt_zero ((array), (array)->len, 1); \ + }G_STMT_END + +-static guint g_nearest_pow (guint num) G_GNUC_CONST; ++static gsize g_nearest_pow (gsize num) G_GNUC_CONST; + static void g_array_maybe_expand (GRealArray *array, + guint len); + +@@ -181,6 +181,7 @@ g_array_new (gboolean zero_terminated, + guint elt_size) + { + g_return_val_if_fail (elt_size > 0, NULL); ++ g_return_val_if_fail (elt_size <= G_MAXSIZE / 2 - 1, NULL); + + return g_array_sized_new (zero_terminated, clear, elt_size, 0); + } +@@ -232,7 +233,7 @@ g_array_steal (GArray *array, + + rarray->data = NULL; + rarray->len = 0; +- rarray->alloc = 0; ++ rarray->elt_capacity = 0; + return segment; + } + +@@ -261,12 +262,13 @@ g_array_sized_new (gboolean zero_terminated, + GRealArray *array; + + g_return_val_if_fail (elt_size > 0, NULL); ++ g_return_val_if_fail (elt_size <= G_MAXSIZE, NULL); + + array = g_slice_new (GRealArray); + + array->data = NULL; + array->len = 0; +- array->alloc = 0; ++ array->elt_capacity = 0; + array->zero_terminated = (zero_terminated ? 1 : 0); + array->clear = (clear ? 1 : 0); + array->elt_size = elt_size; +@@ -471,7 +473,7 @@ array_free (GRealArray *array, + { + array->data = NULL; + array->len = 0; +- array->alloc = 0; ++ array->elt_capacity = 0; + } + else + { +@@ -966,22 +968,22 @@ g_array_binary_search (GArray *array, + return result; + } + +-/* Returns the smallest power of 2 greater than n, or n if +- * such power does not fit in a guint ++/* Returns the smallest power of 2 greater than or equal to n, ++ * or 0 if such power does not fit in a gsize + */ +-static guint +-g_nearest_pow (guint num) ++static gsize ++g_nearest_pow (gsize num) + { +- guint n = num - 1; ++ gsize n = num - 1; + +- g_assert (num > 0); ++ g_assert (num > 0 && num <= G_MAXSIZE / 2); + + n |= n >> 1; + n |= n >> 2; + n |= n >> 4; + n |= n >> 8; + n |= n >> 16; +-#if SIZEOF_INT == 8 ++#if GLIB_SIZEOF_SIZE_T == 8 + n |= n >> 32; + #endif + +@@ -992,26 +994,32 @@ static void + g_array_maybe_expand (GRealArray *array, + guint len) + { +- guint want_alloc; ++ guint max_len, want_len; ++ ++ /* The maximum array length is derived from following constraints: ++ * - The number of bytes must fit into a gsize / 2. ++ * - The number of elements must fit into guint. ++ * - zero terminated arrays must leave space for the terminating element ++ */ ++ max_len = MIN (G_MAXSIZE / 2 / array->elt_size, G_MAXUINT) - array->zero_terminated; + + /* Detect potential overflow */ +- if G_UNLIKELY ((G_MAXUINT - array->len) < len) ++ if G_UNLIKELY ((max_len - array->len) < len) + g_error ("adding %u to array would overflow", len); + +- want_alloc = g_array_elt_len (array, array->len + len + +- array->zero_terminated); +- +- if (want_alloc > array->alloc) ++ want_len = array->len + len + array->zero_terminated; ++ if (want_len > array->elt_capacity) + { +- want_alloc = g_nearest_pow (want_alloc); ++ gsize want_alloc = g_nearest_pow(g_array_elt_len (array, want_len)); + want_alloc = MAX (want_alloc, MIN_ARRAY_SIZE); + + array->data = g_realloc (array->data, want_alloc); + + if (G_UNLIKELY (g_mem_gc_friendly)) +- memset (array->data + array->alloc, 0, want_alloc - array->alloc); ++ memset (g_array_elt_pos (array, array->elt_capacity), 0, ++ g_array_elt_len (array, want_len - array->elt_capacity)); + +- array->alloc = want_alloc; ++ array->elt_capacity = want_alloc / array->elt_size; + } + } + +@@ -1297,7 +1305,7 @@ g_array_copy (GArray *array) + + new_rarray = + (GRealArray *) g_array_sized_new (rarray->zero_terminated, rarray->clear, +- rarray->elt_size, rarray->alloc / rarray->elt_size); ++ rarray->elt_size, rarray->elt_capacity); + new_rarray->len = rarray->len; + if (rarray->len > 0) + memcpy (new_rarray->data, rarray->data, rarray->len * rarray->elt_size); +@@ -2298,7 +2306,6 @@ g_byte_array_new_take (guint8 *data, + GRealArray *real; + + g_return_val_if_fail (len <= G_MAXUINT, NULL); +- + array = g_byte_array_new (); + real = (GRealArray *)array; + g_assert (real->data == NULL); +@@ -2306,7 +2313,7 @@ g_byte_array_new_take (guint8 *data, + + real->data = data; + real->len = len; +- real->alloc = len; ++ real->elt_capacity = len; + + return array; + } +diff --git a/glib/tests/array-test.c b/glib/tests/array-test.c +index 471f6171dc..fc9f56b45c 100644 +--- a/glib/tests/array-test.c ++++ b/glib/tests/array-test.c +@@ -845,6 +845,45 @@ test_array_copy_sized (void) + g_array_unref (array1); + } + ++static void ++array_overflow_append_vals (void) ++{ ++ if (!g_test_undefined ()) ++ return; ++ ++ if (g_test_subprocess ()) ++ { ++ GArray *array = g_array_new (TRUE, FALSE, 1); ++ /* Check for overflow should happen before data is accessed. */ ++ g_array_append_vals (array, NULL, G_MAXUINT); ++ } ++ else ++ { ++ g_test_trap_subprocess (NULL, 0, 0); ++ g_test_trap_assert_failed (); ++ g_test_trap_assert_stderr ("*adding 4294967295 to array would overflow*"); ++ } ++} ++ ++static void ++array_overflow_set_size (void) ++{ ++ if (!g_test_undefined ()) ++ return; ++ ++ if (g_test_subprocess ()) ++ { ++ GArray *array = g_array_new (TRUE, FALSE, 1); ++ g_array_set_size (array, G_MAXUINT); ++ } ++ else ++ { ++ g_test_trap_subprocess (NULL, 0, 0); ++ g_test_trap_assert_failed (); ++ g_test_trap_assert_stderr ("*adding 4294967295 to array would overflow*"); ++ } ++} ++ + /* Check g_ptr_array_steal() function */ + static void + pointer_array_steal (void) +@@ -1643,6 +1682,26 @@ pointer_array_steal_index (void) + g_assert_cmpuint (i4, ==, 1); + } + ++static void ++byte_array_new_take_overflow (void) ++{ ++#if G_MAXSIZE <= G_MAXUINT ++ g_test_skip ("Overflow test requires G_MAXSIZE > G_MAXUINT."); ++#else ++ GByteArray* arr; ++ ++ if (!g_test_undefined ()) ++ return; ++ ++ /* Check for overflow should happen before data is accessed. */ ++ g_test_expect_message (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL, ++ "*assertion 'len <= G_MAXUINT' failed"); ++ arr = g_byte_array_new_take (NULL, (gsize)G_MAXUINT + 1); ++ g_assert(!arr); ++ g_test_assert_expected_messages (); ++#endif ++} ++ + static void + byte_array_steal (void) + { +@@ -1998,6 +2057,8 @@ main (int argc, char *argv[]) + g_test_add_func ("/array/clear-func", array_clear_func); + g_test_add_func ("/array/binary-search", test_array_binary_search); + g_test_add_func ("/array/copy-sized", test_array_copy_sized); ++ g_test_add_func ("/array/overflow-append-vals", array_overflow_append_vals); ++ g_test_add_func ("/array/overflow-set-size", array_overflow_set_size); + + for (i = 0; i < G_N_ELEMENTS (array_configurations); i++) + { +@@ -2043,6 +2104,7 @@ main (int argc, char *argv[]) + g_test_add_func ("/bytearray/sort", byte_array_sort); + g_test_add_func ("/bytearray/sort-with-data", byte_array_sort_with_data); + g_test_add_func ("/bytearray/new-take", byte_array_new_take); ++ g_test_add_func ("/bytearray/new-take-overflow", byte_array_new_take_overflow); + g_test_add_func ("/bytearray/free-to-bytes", byte_array_free_to_bytes); + + return g_test_run (); +-- +GitLab + diff --git a/backport-gdbusmessage-Disallow-zero-length-elements-in-arrays.patch b/backport-gdbusmessage-Disallow-zero-length-elements-in-arrays.patch new file mode 100644 index 0000000000000000000000000000000000000000..7835a9c2e269f7aad47a9b232bb3aa63874a6fbb --- /dev/null +++ b/backport-gdbusmessage-Disallow-zero-length-elements-in-arrays.patch @@ -0,0 +1,54 @@ +From c74177337dae7b06383261b2bedabf1f12d816b5 Mon Sep 17 00:00:00 2001 +From: Sebastian Wilhelmi +Date: Thu, 6 Jan 2022 20:57:49 +0000 +Subject: [PATCH] gdbusmessage: Disallow zero-length elements in arrays +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +They are not allowed in the specification, and can lead to infinite +loops when parsing. + +That鈥檚 a security issue if your application is accepting D-Bus messages +from untrusted peers (perhaps in a peer-to-peer connection). It鈥檚 not +exploitable when your application is connected to a bus (such as the +system or session buses), as the bus daemons (dbus-daemon or +dbus-broker) filter out such broken messages and don鈥檛 forward them. + +Arrays of zero-length elements are disallowed in the D-Bus +specification: https://dbus.freedesktop.org/doc/dbus-specification.html#container-types + +oss-fuzz#41428, #41435 +Fixes: #2557 + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/c74177337dae7b06383261b2bedabf1f12d816b5 + +--- + gio/gdbusmessage.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/gio/gdbusmessage.c b/gio/gdbusmessage.c +index 4056bc2c4a..ecef6cd3c5 100644 +--- a/gio/gdbusmessage.c ++++ b/gio/gdbusmessage.c +@@ -1839,6 +1839,16 @@ parse_value_from_blob (GMemoryBuffer *buf, + } + g_variant_builder_add_value (&builder, item); + g_variant_unref (item); ++ ++ /* Array elements must not be zero-length. There are no ++ * valid zero-length serialisations of any types which ++ * can be array elements in the D-Bus wire format, so this ++ * assertion should always hold. ++ * ++ * See https://gitlab.gnome.org/GNOME/glib/-/issues/2557 ++ */ ++ g_assert (buf->pos > (gsize) offset); ++ + offset = buf->pos; + } + } +-- +GitLab + diff --git a/backport-gdbusmethodinvocation-Drop-redundant-quote-from-warning.patch b/backport-gdbusmethodinvocation-Drop-redundant-quote-from-warning.patch new file mode 100644 index 0000000000000000000000000000000000000000..b4b344b8f44e4a8560c5b745facd7d0ff92657ad --- /dev/null +++ b/backport-gdbusmethodinvocation-Drop-redundant-quote-from-warning.patch @@ -0,0 +1,31 @@ +From 7143457076d6469f76185a2f1d7071aca40a591e Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 17 Mar 2022 19:03:15 +0000 +Subject: [PATCH] gdbusmethodinvocation: Drop redundant quote from warning + message + +Signed-off-by: Philip Withnall + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/7143457076d6469f76185a2f1d7071aca40a591e + +--- + gio/gdbusmethodinvocation.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gio/gdbusmethodinvocation.c b/gio/gdbusmethodinvocation.c +index 8e7abc83c4..705af079f4 100644 +--- a/gio/gdbusmethodinvocation.c ++++ b/gio/gdbusmethodinvocation.c +@@ -413,7 +413,7 @@ g_dbus_method_invocation_return_value_internal (GDBusMethodInvocation *invocatio + { + gchar *type_string = g_variant_type_dup_string (type); + +- g_warning ("Type of return value is incorrect: expected '%s', got '%s''", ++ g_warning ("Type of return value is incorrect: expected '%s', got '%s'", + type_string, g_variant_get_type_string (parameters)); + g_variant_type_free (type); + g_free (type_string); +-- +GitLab + diff --git a/backport-gdbusmethodinvocation-Fix-a-leak-on-an-early-return-path.patch b/backport-gdbusmethodinvocation-Fix-a-leak-on-an-early-return-path.patch new file mode 100644 index 0000000000000000000000000000000000000000..01d68254a6cd4cbb73a5a7cc70c3ad3c3ae928a8 --- /dev/null +++ b/backport-gdbusmethodinvocation-Fix-a-leak-on-an-early-return-path.patch @@ -0,0 +1,67 @@ +From a3b8846e54c7132056411605f815b67e831833d2 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 17 Mar 2022 19:04:42 +0000 +Subject: [PATCH] gdbusmethodinvocation: Fix a leak on an early return path + +When doing an early return from `g_dbus_method_invocation_return_*()` +due to passing in the wrong type (or no return value when one was +expected), the parameters were not correctly sunk and were leaked. + +Fix that. A unit test will be added in a following commit. + +Signed-off-by: Philip Withnall + +Coverity CID: #1474536 + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/a3b8846e54c7132056411605f815b67e831833d2 + +--- + gio/gdbusmethodinvocation.c | 17 ++++++++--------- + 1 file changed, 8 insertions(+), 9 deletions(-) + +diff --git a/gio/gdbusmethodinvocation.c b/gio/gdbusmethodinvocation.c +index c22e19ef0d..c15d83ec84 100644 +--- a/gio/gdbusmethodinvocation.c ++++ b/gio/gdbusmethodinvocation.c +@@ -397,14 +397,7 @@ g_dbus_method_invocation_return_value_internal (GDBusMethodInvocation *invocatio + g_return_if_fail ((parameters == NULL) || g_variant_is_of_type (parameters, G_VARIANT_TYPE_TUPLE)); + + if (g_dbus_message_get_flags (invocation->message) & G_DBUS_MESSAGE_FLAGS_NO_REPLY_EXPECTED) +- { +- if (parameters != NULL) +- { +- g_variant_ref_sink (parameters); +- g_variant_unref (parameters); +- } +- goto out; +- } ++ goto out; + + if (parameters == NULL) + parameters = g_variant_new_tuple (NULL, 0); +@@ -508,7 +501,7 @@ g_dbus_method_invocation_return_value_internal (GDBusMethodInvocation *invocatio + } + + reply = g_dbus_message_new_method_reply (invocation->message); +- g_dbus_message_set_body (reply, parameters); ++ g_dbus_message_set_body (reply, g_steal_pointer (¶meters)); + + #ifdef G_OS_UNIX + if (fd_list != NULL) +@@ -525,6 +518,12 @@ g_dbus_method_invocation_return_value_internal (GDBusMethodInvocation *invocatio + g_object_unref (reply); + + out: ++ if (parameters != NULL) ++ { ++ g_variant_ref_sink (parameters); ++ g_variant_unref (parameters); ++ } ++ + g_object_unref (invocation); + } + +-- +GitLab + diff --git a/backport-gdbusmethodinvocation-Fix-dead-code-for-type-checking-GetAll.patch b/backport-gdbusmethodinvocation-Fix-dead-code-for-type-checking-GetAll.patch new file mode 100644 index 0000000000000000000000000000000000000000..68de54a1934536fad0d126d70fb8a25546bdf689 --- /dev/null +++ b/backport-gdbusmethodinvocation-Fix-dead-code-for-type-checking-GetAll.patch @@ -0,0 +1,82 @@ +From 76f5460107c86a44be6387c159b34ae50aa1e623 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 17 Mar 2022 18:32:46 +0000 +Subject: [PATCH] gdbusmethodinvocation: Fix dead code for type checking GetAll + +`property_info` is only ever set for `Get` and `Set` calls, not for +`GetAll`, as it only represents a single property. So this code was +never reachable. + +Move it out so that it is reachable. + +Signed-off-by: Philip Withnall + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/76f5460107c86a44be6387c159b34ae50aa1e623 + +--- + gio/gdbusmethodinvocation.c | 34 ++++++++++++++++++---------------- + 1 file changed, 18 insertions(+), 16 deletions(-) + +diff --git a/gio/gdbusmethodinvocation.c b/gio/gdbusmethodinvocation.c +index c15d83ec84..8e7abc83c4 100644 +--- a/gio/gdbusmethodinvocation.c ++++ b/gio/gdbusmethodinvocation.c +@@ -424,7 +424,9 @@ g_dbus_method_invocation_return_value_internal (GDBusMethodInvocation *invocatio + + /* property_info is only non-NULL if set that way from + * GDBusConnection, so this must be the case of async property +- * handling on either 'Get', 'Set' or 'GetAll'. ++ * handling on either 'Get' or 'Set'. ++ * ++ * property_info is NULL for 'GetAll'. + */ + if (invocation->property_info != NULL) + { +@@ -454,21 +456,6 @@ g_dbus_method_invocation_return_value_internal (GDBusMethodInvocation *invocatio + g_variant_unref (nested); + } + +- else if (g_str_equal (invocation->method_name, "GetAll")) +- { +- if (!g_variant_is_of_type (parameters, G_VARIANT_TYPE ("(a{sv})"))) +- { +- g_warning ("Type of return value for property 'GetAll' call should be '(a{sv})' but got '%s'", +- g_variant_get_type_string (parameters)); +- goto out; +- } +- +- /* Could iterate the list of properties and make sure that all +- * of them are actually on the interface and with the correct +- * types, but let's not do that for now... +- */ +- } +- + else if (g_str_equal (invocation->method_name, "Set")) + { + if (!g_variant_is_of_type (parameters, G_VARIANT_TYPE_UNIT)) +@@ -482,6 +469,21 @@ g_dbus_method_invocation_return_value_internal (GDBusMethodInvocation *invocatio + else + g_assert_not_reached (); + } ++ else if (g_str_equal (invocation->interface_name, "org.freedesktop.DBus.Properties") && ++ g_str_equal (invocation->method_name, "GetAll")) ++ { ++ if (!g_variant_is_of_type (parameters, G_VARIANT_TYPE ("(a{sv})"))) ++ { ++ g_warning ("Type of return value for property 'GetAll' call should be '(a{sv})' but got '%s'", ++ g_variant_get_type_string (parameters)); ++ goto out; ++ } ++ ++ /* Could iterate the list of properties and make sure that all ++ * of them are actually on the interface and with the correct ++ * types, but let's not do that for now... ++ */ ++ } + + if (G_UNLIKELY (_g_dbus_debug_return ())) + { +-- +GitLab + diff --git a/backport-gio-tool-Fix-a-minor-memory-leak.patch b/backport-gio-tool-Fix-a-minor-memory-leak.patch new file mode 100644 index 0000000000000000000000000000000000000000..a4ea1a183853dd2b22123314f8f8fe88f328e944 --- /dev/null +++ b/backport-gio-tool-Fix-a-minor-memory-leak.patch @@ -0,0 +1,73 @@ +From 49cc9b96f4c19a98ddf6e9b7417c7019ebc28ca3 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Wed, 27 Apr 2022 15:01:08 +0100 +Subject: [PATCH] gio-tool: Fix a minor memory leak when using gio-set with + bytestrings +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Tested using: +```sh +touch ~/foo +gio set ~/foo -t bytestring user::test "\x00\x00" +``` +(it doesn鈥檛 matter that this fails; the bytestring is still decoded) + +Signed-off-by: Philip Withnall + +Coverity CID: #1474407 + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/49cc9b96f4c19a98ddf6e9b7417c7019ebc28ca3 + +--- + gio/gio-tool-set.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/gio/gio-tool-set.c b/gio/gio-tool-set.c +index 4dbe1214ff..c2a9431f61 100644 +--- a/gio/gio-tool-set.c ++++ b/gio/gio-tool-set.c +@@ -76,12 +76,14 @@ handle_set (int argc, char *argv[], gboolean do_help) + const char *attribute; + GFileAttributeType type; + gpointer value; ++ gpointer value_allocated = NULL; + gboolean b; + guint32 uint32; + gint32 int32; + guint64 uint64; + gint64 int64; + gchar *param; ++ int retval = 0; + + g_set_prgname ("gio set"); + +@@ -147,7 +149,7 @@ handle_set (int argc, char *argv[], gboolean do_help) + value = argv[3]; + break; + case G_FILE_ATTRIBUTE_TYPE_BYTE_STRING: +- value = hex_unescape (argv[3]); ++ value = value_allocated = hex_unescape (argv[3]); + break; + case G_FILE_ATTRIBUTE_TYPE_BOOLEAN: + b = g_ascii_strcasecmp (argv[3], "true") == 0; +@@ -194,11 +196,11 @@ handle_set (int argc, char *argv[], gboolean do_help) + { + print_error ("%s", error->message); + g_error_free (error); +- g_object_unref (file); +- return 1; ++ retval = 1; + } + ++ g_clear_pointer (&value_allocated, g_free); + g_object_unref (file); + +- return 0; ++ return retval; + } +-- +GitLab + diff --git a/backport-gopenuriportal-Fix-a-use-after-free-on-an-error-path.patch b/backport-gopenuriportal-Fix-a-use-after-free-on-an-error-path.patch new file mode 100644 index 0000000000000000000000000000000000000000..78ef9b6f5d31df1e2a0f92729cc31ecfd00a4751 --- /dev/null +++ b/backport-gopenuriportal-Fix-a-use-after-free-on-an-error-path.patch @@ -0,0 +1,39 @@ +From 969eb835dc2f07c34ae8ca45ddbc41590a2e2f8e Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 28 Apr 2022 10:56:10 +0100 +Subject: [PATCH] gopenuriportal: Fix a use-after-free on an error path + +`path` was used in building the error message after it had been freed. +Spotted by scan-build. + +Signed-off-by: Philip Withnall + +Helps: #1767 + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/969eb835dc2f07c34ae8ca45ddbc41590a2e2f8e + +--- + gio/gopenuriportal.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/gio/gopenuriportal.c b/gio/gopenuriportal.c +index 6ef8f037c3..2f527d8289 100644 +--- a/gio/gopenuriportal.c ++++ b/gio/gopenuriportal.c +@@ -108,10 +108,10 @@ g_openuri_portal_open_uri (const char *uri, + errsv = errno; + if (fd == -1) + { +- g_free (path); +- g_variant_builder_clear (&opt_builder); + g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errsv), + "Failed to open '%s'", path); ++ g_free (path); ++ g_variant_builder_clear (&opt_builder); + return FALSE; + } + +-- +GitLab + diff --git a/backport-gprintf-Fix-a-memory-leak-with-an-invalid-format.patch b/backport-gprintf-Fix-a-memory-leak-with-an-invalid-format.patch new file mode 100644 index 0000000000000000000000000000000000000000..b650871c040146c635cefed8fa2b70f2aa871880 --- /dev/null +++ b/backport-gprintf-Fix-a-memory-leak-with-an-invalid-format.patch @@ -0,0 +1,39 @@ +From 7329c6e09bf59ccae2d8d3e788ce43bb6af6c3db Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Wed, 9 Mar 2022 14:07:34 +0000 +Subject: [PATCH] gprintf: Fix a memory leak with an invalid format in + g_vasprintf() + +If using the fallback implementation of `g_vasprintf()`. + +Signed-off-by: Philip Withnall + +Coverity CID: #1474726 + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/7329c6e09bf59ccae2d8d3e788ce43bb6af6c3db + +--- + glib/gprintf.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/glib/gprintf.c b/glib/gprintf.c +index 555a630bc2..0e094f00fa 100644 +--- a/glib/gprintf.c ++++ b/glib/gprintf.c +@@ -356,6 +356,12 @@ g_vasprintf (gchar **string, + + len = _g_vsprintf (*string, format, args2); + va_end (args2); ++ ++ if (len < 0) ++ { ++ g_free (*string); ++ *string = NULL; ++ } + } + #endif + +-- +GitLab + diff --git a/backport-gunixmounts-Add-cache-to-g_unix_mount_points_get.patch b/backport-gunixmounts-Add-cache-to-g_unix_mount_points_get.patch new file mode 100644 index 0000000000000000000000000000000000000000..31cac2bcce3325d50f8ecbd2d9d9f6f5c6a518ee --- /dev/null +++ b/backport-gunixmounts-Add-cache-to-g_unix_mount_points_get.patch @@ -0,0 +1,76 @@ +From 36f7684d56c5d6182398b5db992c1e81ef6cb2f5 Mon Sep 17 00:00:00 2001 +From: Rozhuk Ivan +Date: Sun, 18 Oct 2020 03:06:46 +0300 +Subject: [PATCH] gunixmounts: Add cache to g_unix_mount_points_get() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +`_g_get_unix_mount_points()` parses `/etc/fstab` every time it’s called, +so caching the result can improve performance when mounts are queried +frequently. + +The cache will remain in memory until `/etc/fstab` is next modified. +This means that the final copy of the cache will be deliberately +‘leaked’ on process exit. + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/36f7684d56c5d6182398b5db992c1e81ef6cb2f5 + +--- + gio/gunixmounts.c | 31 +++++++++++++++++++++++++++++-- + 1 file changed, 29 insertions(+), 2 deletions(-) + +diff --git a/gio/gunixmounts.c b/gio/gunixmounts.c +index ecfa61de86..9c8ef5d666 100644 +--- a/gio/gunixmounts.c ++++ b/gio/gunixmounts.c +@@ -1666,6 +1666,14 @@ g_unix_mount_for (const char *file_path, + return entry; + } + ++static gpointer ++copy_mount_point_cb (gconstpointer src, ++ gpointer data) ++{ ++ GUnixMountPoint *src_mount_point = (GUnixMountPoint *) src; ++ return g_unix_mount_point_copy (src_mount_point); ++} ++ + /** + * g_unix_mount_points_get: + * @time_read: (out) (optional): guint64 to contain a timestamp. +@@ -1681,10 +1689,29 @@ g_unix_mount_for (const char *file_path, + GList * + g_unix_mount_points_get (guint64 *time_read) + { ++ static GList *mnt_pts_last = NULL; ++ static guint64 time_read_last = 0; ++ GList *mnt_pts = NULL; ++ guint64 time_read_now; ++ G_LOCK_DEFINE_STATIC (unix_mount_points); ++ ++ G_LOCK (unix_mount_points); ++ ++ time_read_now = get_mount_points_timestamp (); ++ if (time_read_now != time_read_last || mnt_pts_last == NULL) ++ { ++ time_read_last = time_read_now; ++ g_list_free_full (mnt_pts_last, (GDestroyNotify) g_unix_mount_point_free); ++ mnt_pts_last = _g_get_unix_mount_points (); ++ } ++ mnt_pts = g_list_copy_deep (mnt_pts_last, copy_mount_point_cb, NULL); ++ ++ G_UNLOCK (unix_mount_points); ++ + if (time_read) +- *time_read = get_mount_points_timestamp (); ++ *time_read = time_read_now; + +- return _g_get_unix_mount_points (); ++ return mnt_pts; + } + + /** +-- +GitLab diff --git a/backport-gutf8-add-string-length-check-when-ending-character-offset-is-1.patch b/backport-gutf8-add-string-length-check-when-ending-character-offset-is-1.patch new file mode 100644 index 0000000000000000000000000000000000000000..93603952b9dd3e810deb3f7262772dfc127ce5ad --- /dev/null +++ b/backport-gutf8-add-string-length-check-when-ending-character-offset-is-1.patch @@ -0,0 +1,97 @@ +From 9adbdd45d7101405eb05487bdf6a2015af9f8afd Mon Sep 17 00:00:00 2001 +From: Chen Guanqiao +Date: Thu, 11 Nov 2021 01:04:38 +0800 +Subject: [PATCH] gutf8: add string length check when ending character offset + is -1 + +Some function such as atk_text_get_text, use -1 to indicate the end of the +string. And an crash occurs when the -1 is passed to g_utf8_substring. + +Call Trace: + 0 __memmove_avx_unaligned_erms + 1 memcpy + 2 g_utf8_substring + 3 impl_GetText + 4 handle_other + 5 handle_message + 6 _dbus_object_tree_dispatch_and_unlock + 7 dbus_connection_dispatch + 8 dbus_connection_dispatch + 9 () + 10 g_main_dispatch + 11 g_main_context_dispatch + 12 g_main_context_iterate + 13 g_main_context_iteration + 14 g_application_run + 15 main + +Signed-off-by: Chen Guanqiao + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/9adbdd45d7101405eb05487bdf6a2015af9f8afd + +--- + glib/gutf8.c | 19 +++++++++++++++++-- + glib/tests/utf8-misc.c | 4 ++++ + 2 files changed, 21 insertions(+), 2 deletions(-) + +diff --git a/glib/gutf8.c b/glib/gutf8.c +index 7d053540d6..9097f690b3 100644 +--- a/glib/gutf8.c ++++ b/glib/gutf8.c +@@ -271,11 +271,15 @@ g_utf8_strlen (const gchar *p, + * g_utf8_substring: + * @str: a UTF-8 encoded string + * @start_pos: a character offset within @str +- * @end_pos: another character offset within @str ++ * @end_pos: another character offset within @str, ++ * or `-1` to indicate the end of the string + * + * Copies a substring out of a UTF-8 encoded string. + * The substring will contain @end_pos - @start_pos characters. + * ++ * Since GLib 2.72, `-1` can be passed to @end_pos to indicate the ++ * end of the string. ++ * + * Returns: (transfer full): a newly allocated copy of the requested + * substring. Free with g_free() when no longer needed. + * +@@ -288,8 +292,19 @@ g_utf8_substring (const gchar *str, + { + gchar *start, *end, *out; + ++ g_return_val_if_fail (end_pos >= start_pos || end_pos == -1, NULL); ++ + start = g_utf8_offset_to_pointer (str, start_pos); +- end = g_utf8_offset_to_pointer (start, end_pos - start_pos); ++ ++ if (end_pos == -1) ++ { ++ glong length = g_utf8_strlen (start, -1); ++ end = g_utf8_offset_to_pointer (start, length); ++ } ++ else ++ { ++ end = g_utf8_offset_to_pointer (start, end_pos - start_pos); ++ } + + out = g_malloc (end - start + 1); + memcpy (out, start, end - start); +diff --git a/glib/tests/utf8-misc.c b/glib/tests/utf8-misc.c +index 7a8c37448b..c137294229 100644 +--- a/glib/tests/utf8-misc.c ++++ b/glib/tests/utf8-misc.c +@@ -128,6 +128,10 @@ test_utf8_substring (void) + r = g_utf8_substring ("abc\xe2\x82\xa0gh\xe2\x82\xa4", 2, 5); + g_assert_cmpstr (r, ==, "c\xe2\x82\xa0g"); + g_free (r); ++ ++ r = g_utf8_substring ("abcd", 1, -1); ++ g_assert_cmpstr (r, ==, "bcd"); ++ g_free (r); + } + + static void +-- +GitLab + diff --git a/backport-gutils-Fix-g_find_program_in_path-to-return-an-absolute-path.patch b/backport-gutils-Fix-g_find_program_in_path-to-return-an-absolute-path.patch new file mode 100644 index 0000000000000000000000000000000000000000..a5c50db86429ecfb4196312d62b0da5415a2e430 --- /dev/null +++ b/backport-gutils-Fix-g_find_program_in_path-to-return-an-absolute-path.patch @@ -0,0 +1,42 @@ +From 78dc1cc3cd669e9fb92ae7847bab2b308c0a8628 Mon Sep 17 00:00:00 2001 +From: Christoph Niethammer +Date: Thu, 27 Jan 2022 03:54:01 +0100 +Subject: [PATCH] gutils: Fix g_find_program_in_path() to return an absolute + path + +Fix a possibility of returning a relative path, in case PATH contains +a relative path. According to the doc, the function should return an +absolute path. + +Signed-off-by: Christoph Niethammer + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/78dc1cc3cd669e9fb92ae7847bab2b308c0a8628 + +--- + glib/gutils.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/glib/gutils.c b/glib/gutils.c +index 6652d0ba05..6cc4506073 100644 +--- a/glib/gutils.c ++++ b/glib/gutils.c +@@ -456,7 +456,14 @@ g_find_program_in_path (const gchar *program) + !g_file_test (startp, G_FILE_TEST_IS_DIR)) + { + gchar *ret; +- ret = g_strdup (startp); ++ if (g_path_is_absolute (startp)) { ++ ret = g_strdup (startp); ++ } else { ++ gchar *cwd = NULL; ++ cwd = g_get_current_dir (); ++ ret = g_build_filename (cwd, startp, NULL); ++ g_free (cwd); ++ } + g_free (freeme); + #ifdef G_OS_WIN32 + g_free ((gchar *) path_copy); +-- +GitLab + diff --git a/backport-gvariant-serialiser-Prevent-unbounded-recursion.patch b/backport-gvariant-serialiser-Prevent-unbounded-recursion.patch new file mode 100644 index 0000000000000000000000000000000000000000..578bbf600176ec0fdca0f1f4099afd235c4ae7af --- /dev/null +++ b/backport-gvariant-serialiser-Prevent-unbounded-recursion.patch @@ -0,0 +1,55 @@ +From 77233f6f0779fe0c1cb48861d7deded4ae413567 Mon Sep 17 00:00:00 2001 +From: Sebastian Wilhelmi +Date: Thu, 6 Jan 2022 20:50:34 +0000 +Subject: [PATCH] gvariant-serialiser: Prevent unbounded recursion in + is_normal() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This fixes a bug in 7c4e6e9fbe473de0401c778c6b0c4aad27d5145a. + +The original approach in that commit accidentally only checked the depth +at the leaf nodes in the variant tree, whereas actually the depth should +be checked before recursing to avoid stack overflow. + +It neglected to consider that `g_variant_serialised_is_normal()` would +be recursed into by some of the `DISPATCH(_is_normal)` cases. When that +happened, the depth check was after the recursion so couldn鈥檛 prevent a +stack overflow. + +Fixes: #2572 + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/77233f6f0779fe0c1cb48861d7deded4ae413567 + +--- + glib/gvariant-serialiser.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/glib/gvariant-serialiser.c b/glib/gvariant-serialiser.c +index 832a8fdc2a..7b13381b6f 100644 +--- a/glib/gvariant-serialiser.c ++++ b/glib/gvariant-serialiser.c +@@ -1587,6 +1587,9 @@ g_variant_serialised_byteswap (GVariantSerialised serialised) + gboolean + g_variant_serialised_is_normal (GVariantSerialised serialised) + { ++ if (serialised.depth >= G_VARIANT_MAX_RECURSION_DEPTH) ++ return FALSE; ++ + DISPATCH_CASES (serialised.type_info, + + return gvs_/**/,/**/_is_normal (serialised); +@@ -1595,8 +1598,6 @@ g_variant_serialised_is_normal (GVariantSerialised serialised) + + if (serialised.data == NULL) + return FALSE; +- if (serialised.depth >= G_VARIANT_MAX_RECURSION_DEPTH) +- return FALSE; + + /* some hard-coded terminal cases */ + switch (g_variant_type_info_get_type_char (serialised.type_info)) +-- +GitLab + diff --git a/backport-tests-Add-some-tests-for-g_string_append_vprintf.patch b/backport-tests-Add-some-tests-for-g_string_append_vprintf.patch new file mode 100644 index 0000000000000000000000000000000000000000..72811bdc3ed13456130d4fc2e984ed76b8a885f0 --- /dev/null +++ b/backport-tests-Add-some-tests-for-g_string_append_vprintf.patch @@ -0,0 +1,77 @@ +From d6ad10404f1d61d83803336ba5b64ec0bfd07da8 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Wed, 9 Mar 2022 14:09:57 +0000 +Subject: [PATCH] tests: Add some tests for g_string_append_vprintf() + +This adds coverage of one previously uncovered branch in `gstring.c`. +Real progress! + +Signed-off-by: Philip Withnall + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/d6ad10404f1d61d83803336ba5b64ec0bfd07da8 + +--- + glib/tests/string.c | 39 +++++++++++++++++++++++++++++++++++++++ + 1 file changed, 39 insertions(+) + +diff --git a/glib/tests/string.c b/glib/tests/string.c +index 24098d1be6..0229099e79 100644 +--- a/glib/tests/string.c ++++ b/glib/tests/string.c +@@ -215,6 +215,44 @@ test_string_append (void) + g_string_free (string, TRUE); + } + ++static void string_append_vprintf_va (GString *string, ++ const gchar *format, ++ ...) G_GNUC_PRINTF (2, 3); ++ ++/* Wrapper around g_string_append_vprintf() which takes varargs */ ++static void ++string_append_vprintf_va (GString *string, ++ const gchar *format, ++ ...) ++{ ++ va_list args; ++ ++ va_start (args, format); ++ g_string_append_vprintf (string, format, args); ++ va_end (args); ++} ++ ++static void ++test_string_append_vprintf (void) ++{ ++ GString *string; ++ ++ /* append */ ++ string = g_string_new ("firsthalf"); ++ ++ string_append_vprintf_va (string, "some %s placeholders", "format"); ++ ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wformat" ++#pragma GCC diagnostic ignored "-Wformat-extra-args" ++ string_append_vprintf_va (string, "%l", "invalid"); ++#pragma GCC diagnostic pop ++ ++ g_assert_cmpstr (string->str, ==, "firsthalfsome format placeholders"); ++ ++ g_string_free (string, TRUE); ++} ++ + static void + test_string_prepend_c (void) + { +@@ -571,6 +609,7 @@ main (int argc, + g_test_add_func ("/string/test-string-assign", test_string_assign); + g_test_add_func ("/string/test-string-append-c", test_string_append_c); + g_test_add_func ("/string/test-string-append", test_string_append); ++ g_test_add_func ("/string/test-string-append-vprintf", test_string_append_vprintf); + g_test_add_func ("/string/test-string-prepend-c", test_string_prepend_c); + g_test_add_func ("/string/test-string-prepend", test_string_prepend); + g_test_add_func ("/string/test-string-insert", test_string_insert); +-- +GitLab + diff --git a/backport-tests-Add-some-tests-for-g_vasprintf-invalid-format-strings.patch b/backport-tests-Add-some-tests-for-g_vasprintf-invalid-format-strings.patch new file mode 100644 index 0000000000000000000000000000000000000000..8c9a9829094b8ab8bf59c2b8378a7b95b7921752 --- /dev/null +++ b/backport-tests-Add-some-tests-for-g_vasprintf-invalid-format-strings.patch @@ -0,0 +1,75 @@ +From 27e1509cd68e58d9057091eadf97de96165c2bea Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Wed, 9 Mar 2022 14:08:49 +0000 +Subject: [PATCH] tests: Add some tests for g_vasprintf() invalid format + strings + +Signed-off-by: Philip Withnall + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/27e1509cd68e58d9057091eadf97de96165c2bea + +--- + glib/tests/test-printf.c | 40 ++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 40 insertions(+) + +diff --git a/glib/tests/test-printf.c b/glib/tests/test-printf.c +index 59a461ddb0..77eb76a4ab 100644 +--- a/glib/tests/test-printf.c ++++ b/glib/tests/test-printf.c +@@ -895,6 +895,44 @@ test_upper_bound (void) + g_assert_cmpint (res, ==, 20); + } + ++static gint test_vasprintf_va (gchar **string, ++ const gchar *format, ++ ...) G_GNUC_PRINTF (2, 3); ++ ++/* Wrapper around g_vasprintf() which takes varargs */ ++static gint ++test_vasprintf_va (gchar **string, ++ const gchar *format, ++ ...) ++{ ++ va_list args; ++ gint len; ++ ++ va_start (args, format); ++ len = g_vasprintf (string, format, args); ++ va_end (args); ++ ++ return len; ++} ++ ++static void ++test_vasprintf_invalid_format_placeholder (void) ++{ ++ gint len = 0; ++ gchar *buf = "some non-null string"; ++ ++ g_test_summary ("Test error handling for invalid format placeholder in g_vasprintf()"); ++ ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wformat" ++#pragma GCC diagnostic ignored "-Wformat-extra-args" ++ len = test_vasprintf_va (&buf, "%l", "nope"); ++#pragma GCC diagnostic pop ++ ++ g_assert_cmpint (len, ==, -1); ++ g_assert_null (buf); ++} ++ + int + main (int argc, + char *argv[]) +@@ -935,5 +973,7 @@ main (int argc, + g_test_add_func ("/sprintf/test-positional-params", test_positional_params3); + g_test_add_func ("/sprintf/upper-bound", test_upper_bound); + ++ g_test_add_func ("/vasprintf/invalid-format-placeholder", test_vasprintf_invalid_format_placeholder); ++ + return g_test_run(); + } +-- +GitLab + diff --git a/backport-tests-Add-unit-tests-for-GDBusMethodInvocation.patch b/backport-tests-Add-unit-tests-for-GDBusMethodInvocation.patch new file mode 100644 index 0000000000000000000000000000000000000000..9a18166689203298ae85dbb43df3d4bc5bb307c3 --- /dev/null +++ b/backport-tests-Add-unit-tests-for-GDBusMethodInvocation.patch @@ -0,0 +1,442 @@ +From a7750cd02004d5e5f2660426b4d6728a604ef1e2 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 17 Mar 2022 19:05:14 +0000 +Subject: [PATCH] tests: Add unit tests for GDBusMethodInvocation + +These should cover everything to do with returning a value or error from +a `GDBusMethodInvocation` object. + +Signed-off-by: Philip Withnall + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/a7750cd02004d5e5f2660426b4d6728a604ef1e2 + +--- + gio/tests/gdbus-method-invocation.c | 402 ++++++++++++++++++++++++++++ + gio/tests/meson.build | 1 + + 2 files changed, 403 insertions(+) + create mode 100644 gio/tests/gdbus-method-invocation.c + +diff --git a/gio/tests/gdbus-method-invocation.c b/gio/tests/gdbus-method-invocation.c +new file mode 100644 +index 0000000000..985fd45ced +--- /dev/null ++++ b/gio/tests/gdbus-method-invocation.c +@@ -0,0 +1,402 @@ ++/* GIO - GLib Input, Output and Streaming Library ++ * ++ * Copyright © 2022 Endless OS Foundation, LLC ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General ++ * Public License along with this library; if not, see . ++ * ++ * SPDX-License-Identifier: LGPL-2.1-or-later ++ */ ++ ++#include ++#include ++#include ++#include ++ ++#include "gdbus-tests.h" ++ ++static const GDBusArgInfo foo_get_fds_in_args = ++{ ++ -1, ++ "type", ++ "s", ++ NULL ++}; ++static const GDBusArgInfo * const foo_get_fds_in_arg_pointers[] = {&foo_get_fds_in_args, NULL}; ++ ++static const GDBusArgInfo foo_get_fds_out_args = ++{ ++ -1, ++ "some_fd", ++ "h", ++ NULL ++}; ++static const GDBusArgInfo * const foo_get_fds_out_arg_pointers[] = {&foo_get_fds_out_args, NULL}; ++ ++static const GDBusMethodInfo foo_method_info_wrong_return_type = ++{ ++ -1, ++ "WrongReturnType", ++ NULL, /* in args */ ++ NULL, /* out args */ ++ NULL /* annotations */ ++}; ++static const GDBusMethodInfo foo_method_info_close_before_returning = ++{ ++ -1, ++ "CloseBeforeReturning", ++ NULL, /* in args */ ++ NULL, /* out args */ ++ NULL /* annotations */ ++}; ++static const GDBusMethodInfo foo_method_info_get_fds = ++{ ++ -1, ++ "GetFDs", ++ (GDBusArgInfo **) foo_get_fds_in_arg_pointers, ++ (GDBusArgInfo **) foo_get_fds_out_arg_pointers, ++ NULL /* annotations */ ++}; ++static const GDBusMethodInfo foo_method_info_return_error = ++{ ++ -1, ++ "ReturnError", ++ NULL, /* in args */ ++ NULL, /* out args */ ++ NULL /* annotations */ ++}; ++static const GDBusMethodInfo * const foo_method_info_pointers[] = { ++ &foo_method_info_wrong_return_type, ++ &foo_method_info_close_before_returning, ++ &foo_method_info_get_fds, ++ &foo_method_info_return_error, ++ NULL ++}; ++ ++static const GDBusPropertyInfo foo_property_info[] = ++{ ++ { ++ -1, ++ "InvalidType", ++ "s", ++ G_DBUS_PROPERTY_INFO_FLAGS_READABLE | G_DBUS_PROPERTY_INFO_FLAGS_WRITABLE, ++ NULL ++ }, ++ { ++ -1, ++ "InvalidTypeNull", ++ "s", ++ G_DBUS_PROPERTY_INFO_FLAGS_READABLE | G_DBUS_PROPERTY_INFO_FLAGS_WRITABLE, ++ NULL ++ }, ++ { ++ -1, ++ "InvalidValueType", ++ "s", ++ G_DBUS_PROPERTY_INFO_FLAGS_READABLE | G_DBUS_PROPERTY_INFO_FLAGS_WRITABLE, ++ NULL ++ }, ++}; ++static const GDBusPropertyInfo * const foo_property_info_pointers[] = ++{ ++ &foo_property_info[0], ++ &foo_property_info[1], ++ &foo_property_info[2], ++ NULL ++}; ++ ++static const GDBusInterfaceInfo foo_interface_info = ++{ ++ -1, ++ "org.example.Foo", ++ (GDBusMethodInfo **) &foo_method_info_pointers, ++ NULL, /* signals */ ++ (GDBusPropertyInfo **) &foo_property_info_pointers, ++ NULL, /* annotations */ ++}; ++ ++/* ---------------------------------------------------------------------------------------------------- */ ++ ++static void ++test_method_invocation_return_method_call (GDBusConnection *connection, ++ const gchar *sender, ++ const gchar *object_path, ++ const gchar *interface_name, ++ const gchar *method_name, ++ GVariant *parameters, ++ GDBusMethodInvocation *invocation, ++ gpointer user_data) ++{ ++ gboolean no_reply = g_dbus_message_get_flags (g_dbus_method_invocation_get_message (invocation)) & G_DBUS_MESSAGE_FLAGS_NO_REPLY_EXPECTED; ++ ++ if (g_str_equal (interface_name, "org.freedesktop.DBus.Properties") && ++ g_str_equal (method_name, "Get")) ++ { ++ const gchar *iface_name, *prop_name; ++ ++ g_variant_get (parameters, "(&s&s)", &iface_name, &prop_name); ++ g_assert_cmpstr (iface_name, ==, "org.example.Foo"); ++ ++ /* Do different things depending on the property name. */ ++ if (g_str_equal (prop_name, "InvalidType")) ++ { ++ if (!no_reply) ++ g_test_expect_message ("GLib-GIO", G_LOG_LEVEL_WARNING, ++ "Type of return value for property 'Get' call should be '(v)' but got '(s)'"); ++ g_dbus_method_invocation_return_value (invocation, g_variant_new ("(s)", "this type is invalid")); ++ } ++ else if (g_str_equal (prop_name, "InvalidTypeNull")) ++ { ++ if (!no_reply) ++ g_test_expect_message ("GLib-GIO", G_LOG_LEVEL_WARNING, ++ "Type of return value for property 'Get' call should be '(v)' but got '()'"); ++ g_dbus_method_invocation_return_value (invocation, NULL); ++ } ++ else if (g_str_equal (prop_name, "InvalidValueType")) ++ { ++ if (!no_reply) ++ g_test_expect_message ("GLib-GIO", G_LOG_LEVEL_WARNING, ++ "Value returned from property 'Get' call for 'InvalidValueType' should be 's' but is 'u'"); ++ g_dbus_method_invocation_return_value (invocation, g_variant_new ("(v)", g_variant_new_uint32 (123))); ++ } ++ else ++ { ++ g_assert_not_reached (); ++ } ++ ++ g_test_assert_expected_messages (); ++ } ++ else if (g_str_equal (interface_name, "org.freedesktop.DBus.Properties") && ++ g_str_equal (method_name, "Set")) ++ { ++ const gchar *iface_name, *prop_name; ++ GVariant *value; ++ ++ g_variant_get (parameters, "(&s&sv)", &iface_name, &prop_name, &value); ++ g_assert_cmpstr (iface_name, ==, "org.example.Foo"); ++ ++ if (g_str_equal (prop_name, "InvalidType")) ++ { ++ if (!no_reply) ++ g_test_expect_message ("GLib-GIO", G_LOG_LEVEL_WARNING, ++ "Type of return value for property 'Set' call should be '()' but got '(s)'"); ++ g_dbus_method_invocation_return_value (invocation, g_variant_new ("(s)", "should be unit")); ++ } ++ else ++ { ++ g_assert_not_reached (); ++ } ++ ++ g_test_assert_expected_messages (); ++ g_variant_unref (value); ++ } ++ else if (g_str_equal (interface_name, "org.freedesktop.DBus.Properties") && ++ g_str_equal (method_name, "GetAll")) ++ { ++ const gchar *iface_name; ++ ++ g_variant_get (parameters, "(&s)", &iface_name); ++ g_assert_cmpstr (iface_name, ==, "org.example.Foo"); ++ ++ if (!no_reply) ++ g_test_expect_message ("GLib-GIO", G_LOG_LEVEL_WARNING, ++ "Type of return value for property 'GetAll' call should be '(a{sv})' but got '(s)'"); ++ g_dbus_method_invocation_return_value (invocation, g_variant_new ("(s)", "should be a different type")); ++ } ++ else if (g_str_equal (interface_name, "org.example.Foo") && ++ g_str_equal (method_name, "WrongReturnType")) ++ { ++ if (!no_reply) ++ g_test_expect_message ("GLib-GIO", G_LOG_LEVEL_WARNING, ++ "Type of return value is incorrect: expected '()', got '(s)'"); ++ g_dbus_method_invocation_return_value (invocation, g_variant_new ("(s)", "should be a different type")); ++ } ++ else if (g_str_equal (interface_name, "org.example.Foo") && ++ g_str_equal (method_name, "CloseBeforeReturning")) ++ { ++ g_dbus_connection_close (connection, NULL, NULL, NULL); ++ ++ g_dbus_method_invocation_return_value (invocation, NULL); ++ } ++ else if (g_str_equal (interface_name, "org.example.Foo") && ++ g_str_equal (method_name, "GetFDs")) ++ { ++ const gchar *action; ++ GUnixFDList *list = NULL; ++ GError *local_error = NULL; ++ ++ g_variant_get (parameters, "(&s)", &action); ++ ++ list = g_unix_fd_list_new (); ++ g_unix_fd_list_append (list, 1, &local_error); ++ g_assert_no_error (local_error); ++ ++ if (g_str_equal (action, "WrongNumber")) ++ { ++ g_unix_fd_list_append (list, 1, &local_error); ++ g_assert_no_error (local_error); ++ } ++ ++ if (g_str_equal (action, "Valid") || ++ g_str_equal (action, "WrongNumber")) ++ g_dbus_method_invocation_return_value_with_unix_fd_list (invocation, g_variant_new ("(h)"), list); ++ else ++ g_assert_not_reached (); ++ ++ g_object_unref (list); ++ } ++ else if (g_str_equal (interface_name, "org.example.Foo") && ++ g_str_equal (method_name, "ReturnError")) ++ { ++ g_dbus_method_invocation_return_dbus_error (invocation, "org.example.Foo", "SomeError"); ++ } ++ else ++ g_assert_not_reached (); ++} ++ ++static void ++ensure_result_cb (GObject *source, ++ GAsyncResult *result, ++ gpointer user_data) ++{ ++ GDBusConnection *connection = G_DBUS_CONNECTION (source); ++ GVariant *reply; ++ guint *n_outstanding_calls = user_data; ++ ++ reply = g_dbus_connection_call_finish (connection, result, NULL); ++ ++ /* We don鈥檛 care what the reply is. */ ++ g_clear_pointer (&reply, g_variant_unref); ++ ++ g_assert_cmpint (*n_outstanding_calls, >, 0); ++ *n_outstanding_calls = *n_outstanding_calls - 1; ++} ++ ++static void ++test_method_invocation_return (void) ++{ ++ GDBusConnection *connection = NULL; ++ GError *local_error = NULL; ++ guint registration_id; ++ const GDBusInterfaceVTable vtable = { ++ test_method_invocation_return_method_call, NULL, NULL, { 0 } ++ }; ++ guint n_outstanding_calls = 0; ++ ++ g_test_summary ("Test calling g_dbus_method_invocation_return_*() in various ways"); ++ ++ /* Connect to the bus. */ ++ connection = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, &local_error); ++ g_assert_no_error (local_error); ++ g_assert_nonnull (connection); ++ ++ /* Register an object which we can call methods on. */ ++ registration_id = g_dbus_connection_register_object (connection, ++ "/foo", ++ (GDBusInterfaceInfo *) &foo_interface_info, ++ &vtable, NULL, NULL, &local_error); ++ g_assert_no_error (local_error); ++ g_assert_cmpint (registration_id, !=, 0); ++ ++ /* Test a variety of error cases */ ++ { ++ const struct ++ { ++ const gchar *interface_name; ++ const gchar *method_name; ++ const gchar *parameters_string; ++ gboolean tests_undefined_behaviour; ++ } ++ calls[] = ++ { ++ { "org.freedesktop.DBus.Properties", "Get", "('org.example.Foo', 'InvalidType')", TRUE }, ++ { "org.freedesktop.DBus.Properties", "Get", "('org.example.Foo', 'InvalidTypeNull')", TRUE }, ++ { "org.freedesktop.DBus.Properties", "Get", "('org.example.Foo', 'InvalidValueType')", TRUE }, ++ { "org.freedesktop.DBus.Properties", "Set", "('org.example.Foo', 'InvalidType', <'irrelevant'>)", TRUE }, ++ { "org.freedesktop.DBus.Properties", "GetAll", "('org.example.Foo',)", TRUE }, ++ { "org.example.Foo", "WrongReturnType", "()", TRUE }, ++ { "org.example.Foo", "GetFDs", "('Valid',)", FALSE }, ++ { "org.example.Foo", "GetFDs", "('WrongNumber',)", TRUE }, ++ { "org.example.Foo", "ReturnError", "()", FALSE }, ++ { "org.example.Foo", "CloseBeforeReturning", "()", FALSE }, ++ }; ++ gsize i; ++ ++ for (i = 0; i < G_N_ELEMENTS (calls); i++) ++ { ++ if (calls[i].tests_undefined_behaviour && !g_test_undefined ()) ++ { ++ g_test_message ("Skipping %s.%s", calls[i].interface_name, calls[i].method_name); ++ continue; ++ } ++ else ++ { ++ g_test_message ("Calling %s.%s", calls[i].interface_name, calls[i].method_name); ++ } ++ ++ /* Call twice, once expecting a result and once not. Do the call which ++ * doesn鈥檛 expect a result first; message ordering should ensure that ++ * it鈥檚 completed by the time the second call completes, so we don鈥檛 ++ * have to account for it separately. ++ * ++ * That鈥檚 good, because the only way to get g_dbus_connection_call() ++ * to set %G_DBUS_MESSAGE_FLAGS_NO_REPLY_EXPECTED is to not provide ++ * a callback function. */ ++ n_outstanding_calls++; ++ ++ g_dbus_connection_call (connection, ++ g_dbus_connection_get_unique_name (connection), ++ "/foo", ++ calls[i].interface_name, ++ calls[i].method_name, ++ g_variant_new_parsed (calls[i].parameters_string), ++ NULL, ++ G_DBUS_CALL_FLAGS_NONE, ++ -1, ++ NULL, ++ NULL, /* no callback */ ++ NULL); ++ ++ g_dbus_connection_call (connection, ++ g_dbus_connection_get_unique_name (connection), ++ "/foo", ++ calls[i].interface_name, ++ calls[i].method_name, ++ g_variant_new_parsed (calls[i].parameters_string), ++ NULL, ++ G_DBUS_CALL_FLAGS_NONE, ++ -1, ++ NULL, ++ ensure_result_cb, ++ &n_outstanding_calls); ++ } ++ } ++ ++ /* Wait until all the calls are complete. */ ++ while (n_outstanding_calls > 0) ++ g_main_context_iteration (NULL, TRUE); ++ ++ g_dbus_connection_unregister_object (connection, registration_id); ++ g_object_unref (connection); ++} ++ ++int ++main (int argc, ++ char *argv[]) ++{ ++ g_test_init (&argc, &argv, G_TEST_OPTION_ISOLATE_DIRS, NULL); ++ ++ g_test_add_func ("/gdbus/method-invocation/return", test_method_invocation_return); ++ ++ return session_bus_run (); ++} +diff --git a/gio/tests/meson.build b/gio/tests/meson.build +index 81ff551dda..c825b0cd7a 100644 +--- a/gio/tests/meson.build ++++ b/gio/tests/meson.build +@@ -333,6 +333,7 @@ if host_machine.system() != 'windows' + 'suite' : ['slow'], + }, + 'gdbus-introspection' : {'extra_sources' : extra_sources}, ++ 'gdbus-method-invocation' : {'extra_sources' : extra_sources}, + 'gdbus-names' : {'extra_sources' : extra_sources}, + 'gdbus-proxy' : {'extra_sources' : extra_sources}, + 'gdbus-proxy-threads' : { +-- +GitLab + diff --git a/backport-xdgmime-fix-double-free.patch b/backport-xdgmime-fix-double-free.patch new file mode 100644 index 0000000000000000000000000000000000000000..dc9b4f3b98715e1f6b2281cc0be59e910177b4f8 --- /dev/null +++ b/backport-xdgmime-fix-double-free.patch @@ -0,0 +1,35 @@ +From f95ca6cb713383548f16f9a8ba2f6c51a4d25e25 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Fri, 17 Jun 2022 08:48:10 -0500 +Subject: [PATCH] xdgmime: fix double free + +We free xdg_dirs[i] twice, but fail to free xdg_dirs itself. + +Also, since free() is NULL-safe, there is no need for the second check +here. + +Discovered in: https://gitlab.freedesktop.org/xdg/xdgmime/-/merge_requests/16#note_1432025 + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/f95ca6cb713383548f16f9a8ba2f6c51a4d25e25 + +--- + gio/xdgmime/xdgmime.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/gio/xdgmime/xdgmime.c b/gio/xdgmime/xdgmime.c +index 9ab6760486..c3c11625e8 100644 +--- a/gio/xdgmime/xdgmime.c ++++ b/gio/xdgmime/xdgmime.c +@@ -350,8 +350,7 @@ xdg_mime_set_dirs (const char * const *dirs) + + for (i = 0; xdg_dirs != NULL && xdg_dirs[i] != NULL; i++) + free (xdg_dirs[i]); +- if (xdg_dirs != NULL) +- free (xdg_dirs[i]); ++ free (xdg_dirs); + xdg_dirs = NULL; + + if (dirs != NULL) +-- +GitLab diff --git a/glib2.spec b/glib2.spec index 0b66d2dea13bc844ca6086c83984101be100742b..d5a796b5a677c87de3c4839df164cb55856ce8c5 100644 --- a/glib2.spec +++ b/glib2.spec @@ -1,6 +1,6 @@ Name: glib2 Version: 2.66.8 -Release: 6 +Release: 7 Summary: The core library that forms the basis for projects such as GTK+ and GNOME License: LGPLv2+ URL: http://www.gtk.org @@ -20,7 +20,7 @@ Patch6009: backport-gdbusobjectmanagerservice-fix-leak-in-error-path.patch Patch6010: backport-gfileenumerator-fix-leak-in-error-path.patch Patch6011: backport-gsettings-Fix-a-minor-memory-leak-when-getting-GSettingsAction-state.patch Patch6012: backport-fix-a-memory-leak.patch -Patch6013: backport-fix-expectations-when-running-as-root.patch +Patch6013: backport-fix-expectations-when-running-as-root.patch Patch6014: backport-gapplication-fix-arguments-leak-in-error-path.patch Patch6015: backport-gsocks5proxy-Handle-EOF-when-reading-from-a-stream.patch Patch6016: backport-application-Unset-the-registered-state-after-shutting-down.patch @@ -35,6 +35,27 @@ Patch6024: backport-gvariant-Fix-memory-leak-on-a-TYPE-CHECK-failure.patch Patch6025: backport-gvariant-Fix-pointers-being-dereferenced-despite-NULL-checks.patch Patch6026: backport-gtype-Fix-pointer-being-dereferenced-despite-NULL-check.patch Patch6027: backport-add-OOM-handling-in-mimemagic.patch +Patch6028: backport-garray-buffer-overflow-fix.patch +Patch6029: backport-gutf8-add-string-length-check-when-ending-character-offset-is-1.patch +Patch6030: backport-gvariant-serialiser-Prevent-unbounded-recursion.patch +Patch6031: backport-dbusmessage-Disallow-empty-structures-tuples-in-D-Bus-messages.patch +Patch6032: backport-gdbusmessage-Disallow-zero-length-elements-in-arrays.patch +Patch6033: backport-garray-Fix-integer-overflows-in-element-capacity-calculations.patch +Patch6034: backport-gutils-Fix-g_find_program_in_path-to-return-an-absolute-path.patch +Patch6035: backport-Fix-memory-leak-in-gdbusauthmechanismsha1.patch +Patch6036: backport-gprintf-Fix-a-memory-leak-with-an-invalid-format.patch +Patch6037: backport-tests-Add-some-tests-for-g_vasprintf-invalid-format-strings.patch +Patch6038: backport-tests-Add-some-tests-for-g_string_append_vprintf.patch +Patch6039: backport-gdbusmethodinvocation-Fix-a-leak-on-an-early-return-path.patch +Patch6040: backport-gdbusmethodinvocation-Fix-dead-code-for-type-checking-GetAll.patch +Patch6041: backport-gdbusmethodinvocation-Drop-redundant-quote-from-warning.patch +Patch6042: backport-tests-Add-unit-tests-for-GDBusMethodInvocation.patch +Patch6043: backport-gio-tool-Fix-a-minor-memory-leak.patch +Patch6044: backport-gopenuriportal-Fix-a-use-after-free-on-an-error-path.patch +Patch6045: backport-xdgmime-fix-double-free.patch +Patch6046: backport-gunixmounts-Add-cache-to-g_unix_mount_points_get.patch +Patch6047: backport-Add-lock-in-_g_get_unix_mount_points-around-fsent-functions.patch +Patch6048: backport-g_get_unix_mount_points-reduce-syscalls-inside-loop.patch BuildRequires: chrpath gcc gcc-c++ gettext perl-interpreter @@ -208,6 +229,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %endif %changelog +* Sat Oct 15 2022 hanhuihui - 2.66.8-7 +- backport some patches from community + * Mon May 09 2022 wangkerong - 2.66.8-6 - fix issues found by svace static code analyzer fix segfault,memory leak,EOF,arguments leak