Branch: refs/heads/master
Author: Colomban Wendling <ban(a)herbesfolles.org>
Committer: GitHub <noreply(a)github.com>
Date: Thu, 05 Oct 2023 20:13:25 UTC
Commit: 3374ea8154b007cb155afd513d6cfdb34a09e5e6
https://github.com/geany/geany/commit/3374ea8154b007cb155afd513d6cfdb34a09e…
Log Message:
-----------
Fix out-of-bounds read in foreach_ptr_array() (#3536)
foreach_ptr_array() was reading one element past the end of the array.
This was not usually noticeable because the resulting garbage pointer
was not actually used, and it's highly unlikely there is protected or
foreign memory right after the array, but there is actually no such
guarantee, and it's bad nonetheless.
This actually resulted in Valgrind complaining, and hence me noticing:
==1217514== Invalid read of size 8
==1217514== at 0x49120B9: keyfile_action (stash.c:271)
==1217514== by 0x49130BB: stash_group_load_from_key_file (stash.c:308)
==1217514== by 0x48F179D: settings_action (keyfile.c:396)
==1217514== by 0x48F2D5E: read_config_file (keyfile.c:1245)
==1217514== by 0x48F3FAB: configuration_load (keyfile.c:1278)
==1217514== by 0x48F5393: load_settings (libmain.c:917)
==1217514== by 0x48F667F: main_lib (libmain.c:1154)
==1217514== by 0x109141: main (main.c:27)
==1217514== Address 0x910a3f0 is 0 bytes after a block of size 16 alloc'd
==1217514== at 0x48406C4: malloc (vg_replace_malloc.c:380)
==1217514== by 0x5B2C717: g_realloc (gmem.c:201)
==1217514== by 0x5AF2AA3: g_ptr_array_maybe_expand (garray.c:1640)
==1217514== by 0x5AF4066: g_ptr_array_add (garray.c:1962)
==1217514== by 0x4912247: add_pref (stash.c:491)
==1217514== by 0x491331E: stash_group_add_integer (stash.c:531)
==1217514== by 0x48F3857: init_pref_groups (keyfile.c:339)
==1217514== by 0x48F42A1: configuration_init (keyfile.c:1500)
==1217514== by 0x48F6661: main_lib (libmain.c:1146)
==1217514== by 0x109141: main (main.c:27)
==1217514==
or:
==1217514== Invalid read of size 8
==1217514== at 0x48EA315: keybindings_foreach (keybindings.c:768)
==1217514== by 0x48EC9B4: load_user_kb (keybindings.c:817)
==1217514== by 0x48EFBDC: keybindings_load_keyfile (keybindings.c:846)
==1217514== by 0x48F6756: main_lib (libmain.c:1206)
==1217514== by 0x109141: main (main.c:27)
==1217514== Address 0xd570830 is 0 bytes after a block of size 32 alloc'd
==1217514== at 0x484582F: realloc (vg_replace_malloc.c:1437)
==1217514== by 0x5B2C717: g_realloc (gmem.c:201)
==1217514== by 0x5AF2AA3: g_ptr_array_maybe_expand (garray.c:1640)
==1217514== by 0x5AF4066: g_ptr_array_add (garray.c:1962)
==1217514== by 0x48ECC43: keybindings_set_item (keybindings.c:180)
==1217514== by 0x48ECD92: add_kb (keybindings.c:295)
==1217514== by 0x48EE686: init_default_kb (keybindings.c:518)
==1217514== by 0x48EFB7C: keybindings_init (keybindings.c:751)
==1217514== by 0x48F6698: main_lib (libmain.c:1160)
==1217514== by 0x109141: main (main.c:27)
The problematic code was setting the new value for the item pointer
after incrementing the index, but before validating it was still in the
valid range.
Fix this by moving the item assignment in the condition expression.
This requires using a comma operator and a logical AND to make sure the
expression does not contribute to the test (allowing e.g. NULL values)
yet being dependent on the index validation passing.
Note that this change, as implemented here, slightly affects behavior:
`item` will point to the last *actual* node of the array (not out of
bounds) after the loop, but also it will not be set at all if the array
has no items. Before this change, the value was NULL for no items, and
garbage otherwise.
As the value after the loop was effectively only usable for empty
arrays, it sounds safe enough to assume no caller depended on an empty
array leading to initializing `item`, so we can drop this special case.
And unsurprisingly no caller in Geany itself depend on that.
Modified Paths:
--------------
src/utils.h
Modified: src/utils.h
3 lines changed, 1 insertions(+), 2 deletions(-)
===================================================================
@@ -106,8 +106,7 @@ G_BEGIN_DECLS
* @param idx @c guint index into @a ptr_array.
* @param ptr_array @c GPtrArray to traverse. */
#define foreach_ptr_array(item, idx, ptr_array) \
- for (idx = 0, item = ((ptr_array)->len > 0 ? g_ptr_array_index((ptr_array), 0) : NULL); \
- idx < (ptr_array)->len; ++idx, item = g_ptr_array_index((ptr_array), idx))
+ for (idx = 0; idx < (ptr_array)->len && (item = g_ptr_array_index((ptr_array), idx), TRUE); ++idx)
/** Iterates all the nodes in @a list.
* @param node should be a (@c GList*).
--------------
This E-Mail was brought to you by github_commit_mail.py (Source: https://github.com/geany/infrastructure).
Branch: refs/heads/master
Author: Thomas Martitz <thomas.martitz(a)mailbox.org>
Committer: Thomas Martitz <thomas.martitz(a)mailbox.org>
Date: Wed, 04 Oct 2023 20:42:26 UTC
Commit: 35b244bde0532a9c8376711574395e67269c7de6
https://github.com/geany/geany/commit/35b244bde0532a9c8376711574395e67269c7…
Log Message:
-----------
Bump plugin API
EditorPrefs was extended and scintilla was updated. Be helpful
and allow plugins to detect this.
Modified Paths:
--------------
src/plugindata.h
Modified: src/plugindata.h
2 lines changed, 1 insertions(+), 1 deletions(-)
===================================================================
@@ -57,7 +57,7 @@ G_BEGIN_DECLS
* @warning You should not test for values below 200 as previously
* @c GEANY_API_VERSION was defined as an enum value, not a macro.
*/
-#define GEANY_API_VERSION 246
+#define GEANY_API_VERSION 247
/* hack to have a different ABI when built with different GTK major versions
* because loading plugins linked to a different one leads to crashes.
--------------
This E-Mail was brought to you by github_commit_mail.py (Source: https://github.com/geany/infrastructure).
Branch: refs/heads/master
Author: Thomas Martitz <thomas.martitz(a)mailbox.org>
Committer: Thomas Martitz <thomas.martitz(a)mailbox.org>
Date: Wed, 04 Oct 2023 20:42:20 UTC
Commit: c2a96e82a40566a61f1fd05eb16d7b83832981b1
https://github.com/geany/geany/commit/c2a96e82a40566a61f1fd05eb16d7b8383298…
Log Message:
-----------
Update scintilla/scintilla_changes.patch and update-scintilla.sh
We previously imported the README but did not keep it up-to-date.
This was adding noise to the diff to pristine scintilla.
Modified Paths:
--------------
scintilla/README
scintilla/scintilla_changes.patch
scripts/update-scintilla.sh
Modified: scintilla/README
98 lines changed, 87 insertions(+), 11 deletions(-)
===================================================================
@@ -1,16 +1,92 @@
-These files are from the Scintilla project, http://www.scintilla.org.
+README for building of Scintilla, Lexilla, and SciTE
-See License.txt for the Scintilla license.
+Scintilla and Lexilla can be built by themselves.
+To build SciTE, Scintilla and Lexilla should first be built.
-We try to keep these files in sync with the official project; any
-changes should be sent there first. Otherwise changes could cause
-conflicts when we next update Scintilla.
+See lexilla/README for information on building Lexilla.
+*** GTK+/Linux version ***
-Public header constants (include/*.h)
--------------------------------------
-You should not add constants in header files - instead use
-Scintilla.iface and HFacer.py.
+You must first have GTK+ 2.24 or later and GCC (7.1 or better) installed.
+Clang may be used by adding CLANG=1 to the make command line.
+Other C++ compilers may work but may require tweaking the make file.
+Either GTK+ 2.x or 3.x may be used with 2.x the default and 3.x
+chosen with the make argument GTK3=1.
-Do not change the value of constants in header files as this will
-break Scintilla's ABI.
+To build Scintilla, use the makefile located in the scintilla/gtk directory
+ cd scintilla/gtk
+ make
+ cd ../..
+
+To build and install SciTE, use the makefile located in the scite/gtk directory
+ cd scite/gtk
+ make
+ sudo make install
+
+This installs SciTE into $prefix/bin. The value of $prefix is determined from
+the location of Gnome if it is installed. This is usually /usr if installed
+with Linux or /usr/local if built from source. If Gnome is not installed
+/usr/bin is used as the prefix. The prefix can be overridden on the command
+line like "make prefix=/opt" but the same value should be used for both make
+and make install as this location is compiled into the executable. The global
+properties file is installed at $prefix/share/scite/SciTEGlobal.properties.
+The language specific properties files are also installed into this directory.
+
+To remove SciTE
+ sudo make uninstall
+
+To clean the object files which may be needed to change $prefix
+ make clean
+
+The current make file supports static and dynamic linking between SciTE, Scintilla, and Lexilla.
+
+
+*** Windows version ***
+
+A C++ 17 compiler is required.
+Visual Studio 2019 is the development system used for most development
+although Mingw-w64 9.2 is also supported.
+
+To build Scintilla, make in the scintilla/win32 directory
+ cd scintilla\win32
+GCC: mingw32-make
+Visual C++: nmake -f scintilla.mak
+ cd ..\..
+
+To build SciTE, use the makefiles located in the scite/win32 directory
+ cd scite\win32
+GCC: mingw32-make
+Visual C++: nmake -f scite.mak
+
+An executable SciTE will now be in scite/bin.
+
+*** GTK+/Windows version ***
+
+Mingw-w64 is known to work. Other compilers will probably not work.
+
+Only Scintilla will build with GTK+ on Windows. SciTE will not work.
+
+Make builds both a static library version of Scintilla with lexers (scintilla.a) and
+a shared library without lexers (libscintilla.so or or libscintilla.dll).
+
+To build Scintilla, make in the scintilla/gtk directory
+ cd scintilla\gtk
+ mingw32-make
+
+*** macOS Cocoa version ***
+
+Xcode 9.2 or later may be used to build Scintilla on macOS.
+
+There is no open source version of SciTE for macOS but there is a commercial
+version available through the App Store.
+
+To build Scintilla, run xcodebuild in the scintilla/cocoa/ScintillaFramework or
+scintilla/cocoa/Scintilla directory
+
+ cd cocoa/Scintilla
+
+ xcodebuild
+
+*** Qt version ***
+
+See the qt/README file to build Scintilla with Qt.
Modified: scintilla/scintilla_changes.patch
25 lines changed, 11 insertions(+), 14 deletions(-)
===================================================================
@@ -4,7 +4,7 @@ diff --git scintilla/gtk/ScintillaGTK.cxx scintilla/gtk/ScintillaGTK.cxx
index 0871ca2..49dc278 100644
--- scintilla/gtk/ScintillaGTK.cxx
+++ scintilla/gtk/ScintillaGTK.cxx
-@@ -3046,11 +3046,13 @@ sptr_t ScintillaGTK::DirectFunction(
+@@ -3205,11 +3205,13 @@
}
/* legacy name for scintilla_object_send_message */
@@ -18,39 +18,39 @@ index 0871ca2..49dc278 100644
gintptr scintilla_object_send_message(ScintillaObject *sci, unsigned int iMessage, uptr_t wParam, sptr_t lParam) {
return scintilla_send_message(sci, iMessage, wParam, lParam);
}
-@@ -3062,6 +3064,7 @@ extern void Platform_Initialise();
+@@ -3218,6 +3220,7 @@
static void scintilla_init(ScintillaObject *sci);
/* legacy name for scintilla_object_get_type */
+GEANY_API_SYMBOL
GType scintilla_get_type() {
static GType scintilla_type = 0;
try {
-@@ -3091,6 +3094,7 @@ GType scintilla_get_type() {
+@@ -3247,6 +3250,7 @@
return scintilla_type;
}
+GEANY_API_SYMBOL
GType scintilla_object_get_type() {
return scintilla_get_type();
}
-@@ -3200,6 +3204,7 @@ static void scintilla_init(ScintillaObje
+@@ -3352,6 +3356,7 @@
}
/* legacy name for scintilla_object_new */
+GEANY_API_SYMBOL
GtkWidget *scintilla_new() {
GtkWidget *widget = GTK_WIDGET(g_object_new(scintilla_get_type(), nullptr));
gtk_widget_set_direction(widget, GTK_TEXT_DIR_LTR);
-@@ -3207,6 +3212,7 @@ GtkWidget* scintilla_new() {
+@@ -3359,6 +3364,7 @@
return widget;
}
+GEANY_API_SYMBOL
GtkWidget *scintilla_object_new() {
return scintilla_new();
}
-@@ -3250,6 +3250,7 @@ void scintilla_release_resources(void) {
+@@ -3381,6 +3387,7 @@
static void *copy_(void *src) { return src; }
static void free_(void *) { }
@@ -62,7 +62,7 @@ diff --git scintilla/lexilla/src/Lexilla.cxx scintilla/lexilla/src/Lexilla.cxx
index cd4b23617..af4a73db4 100644
--- scintilla/lexilla/src/Lexilla.cxx
+++ scintilla/lexilla/src/Lexilla.cxx
-@@ -165,12 +165,69 @@ namespace {
+@@ -167,8 +167,67 @@
CatalogueModules catalogueLexilla;
@@ -120,16 +120,13 @@ index cd4b23617..af4a73db4 100644
+ &lmYAML,
+ });
+}
++
+
void AddEachLexer() {
- if (catalogueLexilla.Count() > 0) {
- return;
- }
-
+ AddGeanyLexers();
+ return;
+
- catalogueLexilla.AddLexerModules({
- //++Autogenerated -- run scripts/LexillaGen.py to regenerate
- //**\(\t\t&\*,\n\)
+ if (catalogueLexilla.Count() > 0) {
+ return;
+ }
Modified: scripts/update-scintilla.sh
1 lines changed, 1 insertions(+), 0 deletions(-)
===================================================================
@@ -56,6 +56,7 @@ copy_to()
# purge executbale bits
umask 111
# copy everything from scintilla but lexers
+copy_to scintilla/README "$SCI_SRC"/README
copy_to scintilla/src "$SCI_SRC"/src/*.cxx
copy_to scintilla/src "$SCI_SRC"/src/*.h
copy_to scintilla/include "$SCI_SRC"/include/*.h
--------------
This E-Mail was brought to you by github_commit_mail.py (Source: https://github.com/geany/infrastructure).