diff options
-rw-r--r-- | gio/glocalfileoutputstream.c | 102 | ||||
-rw-r--r-- | gio/tests/file.c | 111 | ||||
-rw-r--r-- | glib/garray.c | 6 | ||||
-rw-r--r-- | glib/gbytes.c | 4 | ||||
-rw-r--r-- | glib/tests/bytes.c | 37 |
5 files changed, 221 insertions, 39 deletions
diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c index 57d2d5dfe..8d7eadd95 100644 --- a/gio/glocalfileoutputstream.c +++ b/gio/glocalfileoutputstream.c @@ -56,6 +56,12 @@ #define O_BINARY 0 #endif +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#else +#define HAVE_O_CLOEXEC 1 +#endif + struct _GLocalFileOutputStreamPrivate { char *tmp_filename; char *original_filename; @@ -751,11 +757,12 @@ handle_overwrite_open (const char *filename, int res; int mode; int errsv; + gboolean replace_destination_set = (flags & G_FILE_CREATE_REPLACE_DESTINATION); mode = mode_from_flags_or_info (flags, reference_info); /* We only need read access to the original file if we are creating a backup. - * We also add O_CREATE to avoid a race if the file was just removed */ + * We also add O_CREAT to avoid a race if the file was just removed */ if (create_backup || readable) open_flags = O_RDWR | O_CREAT | O_BINARY; else @@ -778,16 +785,22 @@ handle_overwrite_open (const char *filename, /* Could be a symlink, or it could be a regular ELOOP error, * but then the next open will fail too. */ is_symlink = TRUE; - fd = g_open (filename, open_flags, mode); + if (!replace_destination_set) + fd = g_open (filename, open_flags, mode); } -#else - fd = g_open (filename, open_flags, mode); - errsv = errno; +#else /* if !O_NOFOLLOW */ /* This is racy, but we do it as soon as possible to minimize the race */ is_symlink = g_file_test (filename, G_FILE_TEST_IS_SYMLINK); + + if (!is_symlink || !replace_destination_set) + { + fd = g_open (filename, open_flags, mode); + errsv = errno; + } #endif - if (fd == -1) + if (fd == -1 && + (!is_symlink || !replace_destination_set)) { char *display_name = g_filename_display_name (filename); g_set_error (error, G_IO_ERROR, @@ -801,7 +814,10 @@ handle_overwrite_open (const char *filename, #ifdef G_OS_WIN32 res = GLIB_PRIVATE_CALL (g_win32_fstat) (fd, &original_stat); #else - res = fstat (fd, &original_stat); + if (!is_symlink) + res = fstat (fd, &original_stat); + else + res = lstat (filename, &original_stat); #endif errsv = errno; @@ -813,23 +829,34 @@ handle_overwrite_open (const char *filename, _("Error when getting information for file “%s”: %s"), display_name, g_strerror (errsv)); g_free (display_name); - goto err_out; + goto error; } /* not a regular file */ if (!S_ISREG (original_stat.st_mode)) { if (S_ISDIR (original_stat.st_mode)) - g_set_error_literal (error, - G_IO_ERROR, - G_IO_ERROR_IS_DIRECTORY, - _("Target file is a directory")); - else - g_set_error_literal (error, + { + g_set_error_literal (error, + G_IO_ERROR, + G_IO_ERROR_IS_DIRECTORY, + _("Target file is a directory")); + goto error; + } + else if (!is_symlink || +#ifdef S_ISLNK + !S_ISLNK (original_stat.st_mode) +#else + FALSE +#endif + ) + { + g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_NOT_REGULAR_FILE, _("Target file is not a regular file")); - goto err_out; + goto error; + } } if (etag != NULL) @@ -842,7 +869,7 @@ handle_overwrite_open (const char *filename, G_IO_ERROR_WRONG_ETAG, _("The file was externally modified")); g_free (current_etag); - goto err_out; + goto error; } g_free (current_etag); } @@ -858,7 +885,7 @@ handle_overwrite_open (const char *filename, * to a backup file and rewrite the contents of the file. */ - if ((flags & G_FILE_CREATE_REPLACE_DESTINATION) || + if (replace_destination_set || (!(original_stat.st_nlink > 1) && !is_symlink)) { char *dirname, *tmp_filename; @@ -877,7 +904,7 @@ handle_overwrite_open (const char *filename, /* try to keep permissions (unless replacing) */ - if ( ! (flags & G_FILE_CREATE_REPLACE_DESTINATION) && + if (!replace_destination_set && ( #ifdef HAVE_FCHOWN fchown (tmpfd, original_stat.st_uid, original_stat.st_gid) == -1 || @@ -910,7 +937,8 @@ handle_overwrite_open (const char *filename, } } - g_close (fd, NULL); + if (fd >= 0) + g_close (fd, NULL); *temp_filename = tmp_filename; return tmpfd; } @@ -934,7 +962,7 @@ handle_overwrite_open (const char *filename, G_IO_ERROR_CANT_CREATE_BACKUP, _("Backup file creation failed")); g_free (backup_filename); - goto err_out; + goto error; } bfd = g_open (backup_filename, @@ -948,7 +976,7 @@ handle_overwrite_open (const char *filename, G_IO_ERROR_CANT_CREATE_BACKUP, _("Backup file creation failed")); g_free (backup_filename); - goto err_out; + goto error; } /* If needed, Try to set the group of the backup same as the @@ -965,7 +993,7 @@ handle_overwrite_open (const char *filename, g_unlink (backup_filename); g_close (bfd, NULL); g_free (backup_filename); - goto err_out; + goto error; } if ((original_stat.st_gid != tmp_statbuf.st_gid) && @@ -982,7 +1010,7 @@ handle_overwrite_open (const char *filename, g_unlink (backup_filename); g_close (bfd, NULL); g_free (backup_filename); - goto err_out; + goto error; } } #endif @@ -997,7 +1025,7 @@ handle_overwrite_open (const char *filename, g_close (bfd, NULL); g_free (backup_filename); - goto err_out; + goto error; } g_close (bfd, NULL); @@ -1012,11 +1040,11 @@ handle_overwrite_open (const char *filename, g_io_error_from_errno (errsv), _("Error seeking in file: %s"), g_strerror (errsv)); - goto err_out; + goto error; } } - if (flags & G_FILE_CREATE_REPLACE_DESTINATION) + if (replace_destination_set) { g_close (fd, NULL); @@ -1028,7 +1056,7 @@ handle_overwrite_open (const char *filename, g_io_error_from_errno (errsv), _("Error removing old file: %s"), g_strerror (errsv)); - goto err_out2; + goto error; } if (readable) @@ -1045,7 +1073,7 @@ handle_overwrite_open (const char *filename, _("Error opening file “%s”: %s"), display_name, g_strerror (errsv)); g_free (display_name); - goto err_out2; + goto error; } } else @@ -1063,15 +1091,16 @@ handle_overwrite_open (const char *filename, g_io_error_from_errno (errsv), _("Error truncating file: %s"), g_strerror (errsv)); - goto err_out; + goto error; } } return fd; - err_out: - g_close (fd, NULL); - err_out2: +error: + if (fd >= 0) + g_close (fd, NULL); + return -1; } @@ -1101,7 +1130,7 @@ _g_local_file_output_stream_replace (const char *filename, sync_on_close = FALSE; /* If the file doesn't exist, create it */ - open_flags = O_CREAT | O_EXCL | O_BINARY; + open_flags = O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC; if (readable) open_flags |= O_RDWR; else @@ -1131,8 +1160,11 @@ _g_local_file_output_stream_replace (const char *filename, set_error_from_open_errno (filename, error); return NULL; } - - +#if !defined(HAVE_O_CLOEXEC) && defined(F_SETFD) + else + fcntl (fd, F_SETFD, FD_CLOEXEC); +#endif + stream = g_object_new (G_TYPE_LOCAL_FILE_OUTPUT_STREAM, NULL); stream->priv->fd = fd; stream->priv->sync_on_close = sync_on_close; diff --git a/gio/tests/file.c b/gio/tests/file.c index d2f147419..1bdbe19b4 100644 --- a/gio/tests/file.c +++ b/gio/tests/file.c @@ -679,7 +679,7 @@ test_replace_cancel (void) guint count; GError *error = NULL; - g_test_bug ("629301"); + g_test_bug ("https://bugzilla.gnome.org/629301"); path = g_dir_make_tmp ("g_file_replace_cancel_XXXXXX", &error); g_assert_no_error (error); @@ -788,6 +788,112 @@ test_replace_cancel (void) } static void +test_replace_symlink (void) +{ +#ifdef G_OS_UNIX + gchar *tmpdir_path = NULL; + GFile *tmpdir = NULL, *source_file = NULL, *target_file = NULL; + GFileOutputStream *stream = NULL; + const gchar *new_contents = "this is a test message which should be written to source and not target"; + gsize n_written; + GFileEnumerator *enumerator = NULL; + GFileInfo *info = NULL; + gchar *contents = NULL; + gsize length = 0; + GError *local_error = NULL; + + g_test_bug ("https://gitlab.gnome.org/GNOME/glib/-/issues/2325"); + + /* Create a fresh, empty working directory. */ + tmpdir_path = g_dir_make_tmp ("g_file_replace_symlink_XXXXXX", &local_error); + g_assert_no_error (local_error); + tmpdir = g_file_new_for_path (tmpdir_path); + + g_test_message ("Using temporary directory %s", tmpdir_path); + g_free (tmpdir_path); + + /* Create symlink `source` which points to `target`. */ + source_file = g_file_get_child (tmpdir, "source"); + target_file = g_file_get_child (tmpdir, "target"); + g_file_make_symbolic_link (source_file, "target", NULL, &local_error); + g_assert_no_error (local_error); + + /* Ensure that `target` doesn’t exist */ + g_assert_false (g_file_query_exists (target_file, NULL)); + + /* Replace the `source` symlink with a regular file using + * %G_FILE_CREATE_REPLACE_DESTINATION, which should replace it *without* + * following the symlink */ + stream = g_file_replace (source_file, NULL, FALSE /* no backup */, + G_FILE_CREATE_REPLACE_DESTINATION, NULL, &local_error); + g_assert_no_error (local_error); + + g_output_stream_write_all (G_OUTPUT_STREAM (stream), new_contents, strlen (new_contents), + &n_written, NULL, &local_error); + g_assert_no_error (local_error); + g_assert_cmpint (n_written, ==, strlen (new_contents)); + + g_output_stream_close (G_OUTPUT_STREAM (stream), NULL, &local_error); + g_assert_no_error (local_error); + + g_clear_object (&stream); + + /* At this point, there should still only be one file: `source`. It should + * now be a regular file. `target` should not exist. */ + enumerator = g_file_enumerate_children (tmpdir, + G_FILE_ATTRIBUTE_STANDARD_NAME "," + G_FILE_ATTRIBUTE_STANDARD_TYPE, + G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, NULL, &local_error); + g_assert_no_error (local_error); + + info = g_file_enumerator_next_file (enumerator, NULL, &local_error); + g_assert_no_error (local_error); + g_assert_nonnull (info); + + g_assert_cmpstr (g_file_info_get_name (info), ==, "source"); + g_assert_cmpint (g_file_info_get_file_type (info), ==, G_FILE_TYPE_REGULAR); + + g_clear_object (&info); + + info = g_file_enumerator_next_file (enumerator, NULL, &local_error); + g_assert_no_error (local_error); + g_assert_null (info); + + g_file_enumerator_close (enumerator, NULL, &local_error); + g_assert_no_error (local_error); + g_clear_object (&enumerator); + + /* Double-check that `target` doesn’t exist */ + g_assert_false (g_file_query_exists (target_file, NULL)); + + /* Check the content of `source`. */ + g_file_load_contents (source_file, + NULL, + &contents, + &length, + NULL, + &local_error); + g_assert_no_error (local_error); + g_assert_cmpstr (contents, ==, new_contents); + g_assert_cmpuint (length, ==, strlen (new_contents)); + g_free (contents); + + /* Tidy up. */ + g_file_delete (source_file, NULL, &local_error); + g_assert_no_error (local_error); + + g_file_delete (tmpdir, NULL, &local_error); + g_assert_no_error (local_error); + + g_clear_object (&target_file); + g_clear_object (&source_file); + g_clear_object (&tmpdir); +#else /* if !G_OS_UNIX */ + g_test_skip ("Symlink replacement tests can only be run on Unix") +#endif +} + +static void on_file_deleted (GObject *object, GAsyncResult *result, gpointer user_data) @@ -1167,7 +1273,7 @@ main (int argc, char *argv[]) { g_test_init (&argc, &argv, NULL); - g_test_bug_base ("http://bugzilla.gnome.org/"); + g_test_bug_base (""); g_test_add_func ("/file/basic", test_basic); g_test_add_func ("/file/build-filename", test_build_filename); @@ -1182,6 +1288,7 @@ main (int argc, char *argv[]) g_test_add_data_func ("/file/async-create-delete/4096", GINT_TO_POINTER (4096), test_create_delete); g_test_add_func ("/file/replace-load", test_replace_load); g_test_add_func ("/file/replace-cancel", test_replace_cancel); + g_test_add_func ("/file/replace-symlink", test_replace_symlink); g_test_add_func ("/file/async-delete", test_async_delete); #ifdef G_OS_UNIX g_test_add_func ("/file/copy-preserve-mode", test_copy_preserve_mode); diff --git a/glib/garray.c b/glib/garray.c index a6cbd57bb..b00033a57 100644 --- a/glib/garray.c +++ b/glib/garray.c @@ -1755,6 +1755,10 @@ g_byte_array_new (void) * Create byte array containing the data. The data will be owned by the array * and will be freed with g_free(), i.e. it could be allocated using g_strdup(). * + * Do not use it if @len is greater than %G_MAXUINT. #GByteArray + * stores the length of its data in #guint, which may be shorter than + * #gsize. + * * Since: 2.32 * * Returns: (transfer full): a new #GByteArray @@ -1766,6 +1770,8 @@ g_byte_array_new_take (guint8 *data, GByteArray *array; GRealArray *real; + g_return_val_if_fail (len <= G_MAXUINT, NULL); + array = g_byte_array_new (); real = (GRealArray *)array; g_assert (real->data == NULL); diff --git a/glib/gbytes.c b/glib/gbytes.c index 84c87e4cf..dee494820 100644 --- a/glib/gbytes.c +++ b/glib/gbytes.c @@ -521,6 +521,10 @@ g_bytes_unref_to_data (GBytes *bytes, * g_bytes_new(), g_bytes_new_take() or g_byte_array_free_to_bytes(). In all * other cases the data is copied. * + * Do not use it if @bytes contains more than %G_MAXUINT + * bytes. #GByteArray stores the length of its data in #guint, which + * may be shorter than #gsize, that @bytes is using. + * * Returns: (transfer full): a new mutable #GByteArray containing the same byte data * * Since: 2.32 diff --git a/glib/tests/bytes.c b/glib/tests/bytes.c index 5ea5c2b35..9e2638291 100644 --- a/glib/tests/bytes.c +++ b/glib/tests/bytes.c @@ -10,12 +10,12 @@ */ #undef G_DISABLE_ASSERT -#undef G_LOG_DOMAIN #include <stdio.h> #include <stdlib.h> #include <string.h> #include "glib.h" +#include "glib/gstrfuncsprivate.h" /* Keep in sync with glib/gbytes.c */ struct _GBytes @@ -334,6 +334,38 @@ test_to_array_transferred (void) } static void +test_to_array_transferred_oversize (void) +{ + g_test_message ("g_bytes_unref_to_array() can only take GBytes up to " + "G_MAXUINT in length; test that longer ones are rejected"); + + if (sizeof (guint) >= sizeof (gsize)) + { + g_test_skip ("Skipping test as guint is not smaller than gsize"); + } + else if (g_test_undefined ()) + { + GByteArray *array = NULL; + GBytes *bytes = NULL; + gpointer data = g_memdup2 (NYAN, N_NYAN); + gsize len = ((gsize) G_MAXUINT) + 1; + + bytes = g_bytes_new_take (data, len); + g_test_expect_message (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL, + "g_byte_array_new_take: assertion 'len <= G_MAXUINT' failed"); + array = g_bytes_unref_to_array (g_steal_pointer (&bytes)); + g_test_assert_expected_messages (); + g_assert_null (array); + + g_free (data); + } + else + { + g_test_skip ("Skipping test as testing undefined behaviour is disabled"); + } +} + +static void test_to_array_two_refs (void) { gconstpointer memory; @@ -407,7 +439,8 @@ main (int argc, char *argv[]) g_test_add_func ("/bytes/to-data/transfered", test_to_data_transferred); g_test_add_func ("/bytes/to-data/two-refs", test_to_data_two_refs); g_test_add_func ("/bytes/to-data/non-malloc", test_to_data_non_malloc); - g_test_add_func ("/bytes/to-array/transfered", test_to_array_transferred); + g_test_add_func ("/bytes/to-array/transferred", test_to_array_transferred); + g_test_add_func ("/bytes/to-array/transferred/oversize", test_to_array_transferred_oversize); g_test_add_func ("/bytes/to-array/two-refs", test_to_array_two_refs); g_test_add_func ("/bytes/to-array/non-malloc", test_to_array_non_malloc); g_test_add_func ("/bytes/null", test_null); |