Commit Graph

5522 Commits

Author SHA1 Message Date
Michael Vetter
3d2a82ad4a cleanup: Fix potential NULL dereference in cmd_omemo_(un)trust
Replace malloc() with g_malloc() to handle allocation failure and
ensure enough memory is allocated for the null terminator.
2026-02-26 19:47:13 +01:00
Michael Vetter
d29fcdbed3 refactor: Use p_contact_new instead of malloc in p_contact_new() 2026-02-26 19:29:43 +01:00
Michael Vetter
48205fc6de cleanup: Initialize waittime to 0
This fixes a -fanalyzer uninitialized value warning.
2026-02-26 19:21:45 +01:00
Michael Vetter
caf84ca731 refactor: use g_new in message_pubsub_event_handler_add() 2026-02-26 19:06:44 +01:00
Michael Vetter
f98e33be81 refactor: make Jid use glib functions 2026-02-26 19:06:44 +01:00
Michael Vetter
abffffb499 refactor: make Resource use glib functions 2026-02-26 19:06:44 +01:00
Michael Vetter
8a36ca6d97 refactor: start to standardize on gchar
Make get_random_string() return a gchar*.

This is part of the effort to migrate string declarations and
allocations from char to gchar, replacing standard C allocators
(malloc/calloc/strdup) with their glib equivalents
(g_malloc/g_new0/g_strdup).

The primary goal is to prevent mismatched allocator bugs. While char and
gchar are binary compatible, mixing their respective deallocators is
dangerous:

* Freeing malloc'd memory with g_free() (or vice versa) can lead to
  memory corruption, double-frees, or crashes.
* This is seems to be the case especiall on non Linux platforms or when
  using hardened memory allocators where the GLib slice allocator or
  wrappers may differ from the system heap.

By standardizing on gchar, we ensure that our automatic cleanup macros
(like auto_gchar) always invoke the correct deallocator (g_free).
2026-02-26 19:06:44 +01:00
Michael Vetter
e1fd2a1cf6 refactor: replace calloc with g_new0 for struct allocations
Migrate structure allocations from calloc to glibs g_new0 macro to
improve type safety and memory robustness.

* Type Safety: The macro takes the type name directly, ensuring the
  allocated size always matches the pointer type.
* Static Analysis: It guarantees a non-NULL return by aborting on
  failure, which silences -fanalyzer warnings regarding potential NULL
  pointer dereferences.
* Readability: Removes redundant sizeof() calls and is the glib way
2026-02-26 19:06:39 +01:00
Michael Vetter
f1d4ed41d6 refactor: Use g_malloc0 instead of calloc in get_random_string()
It automatically aborts the program on allocation failure.
Also eliminates the need for repetitive manual NULL checks.
2026-02-26 16:29:50 +01:00
Michael Vetter
8fd3c05983 Merge pull request #2093 from profanity-im/improve-unittests
Improve unittests
2026-02-25 12:50:50 +01:00
Michael Vetter
549f28fa0d tests: Add test for release_is_new()
Also refactor the function so we pass it the current version
and don't rely on the define inside of it.

This function only allows version format in the style of "x.y.z".
2026-02-25 12:40:32 +01:00
Michael Vetter
ea7a59808a refactor: optimize prof_occurrences()
Optimize prof_occurrences by using pointer arithmetic and
g_utf8_next_char instead of calls to g_utf8_offset_to_pointer.

Improve list construction efficiency in prof_occurrences by
using g_slist_prepend and g_slist_reverse instead of appends.

Also fix a slight oversight that could lead to trouble:
When empty search strings (e.g. empty nicks) are passed
it caused matches at every position.

Update the test case to test for empty nicks.
2026-02-25 12:40:32 +01:00
botantony
309c0a64a7 fix: define prefs_changes_print outside of prefs_changes
This causes build failures on macOS runners in Homebrew, see:
https://github.com/Homebrew/homebrew-core/pull/268970
https://github.com/Homebrew/homebrew-core/actions/runs/22305120219/job/64538952484?pr=268970

I didn't run `make format` because it modified other unrelated files
(guess they were not formatted before) but I assume this PR follow the
style guides

Signed-off-by: botantony <antonsm21@gmail.com>
2026-02-24 14:54:31 +01:00
Michael Vetter
657de5f22f Merge pull request #2089 from profanity-im/cleanup
Cleanup
2026-02-23 11:10:38 +01:00
Michael Vetter
6221d1046a cleanup: Cast device ids in omemo.c
Seems like in signal address.device_id is int32 for some reason.
2026-02-20 16:50:03 +01:00
Michael Vetter
10a68437ad cleanup: Move loop var from int to size_t in omemo.c 2026-02-20 16:50:03 +01:00
Michael Vetter
7eb64b2779 cleanup: Cast g_hash_table_lookup return to function pointer
Explicitly cast the void pointer returned by g_hash_table_lookup
to the expected function pointer signature.

Make `-Wpedantic` happy.
2026-02-20 16:49:58 +01:00
Michael Vetter
110b359ee1 cleanup: Cast to get rid of warnings 2026-02-20 16:45:01 +01:00
Michael Vetter
1d0e6580d1 cleanup: Move loop var from int to size_t in cmd_funcs.c 2026-02-20 16:45:01 +01:00
Michael Vetter
ddd43f5e60 cleanup: Move more functions from int to guint in statusbar.c 2026-02-20 16:45:01 +01:00
Michael Vetter
8970b5e61b cleanup: Move some variables from int to guint in statusbar.c 2026-02-20 16:45:01 +01:00
Michael Vetter
1120170ef7 cleanup: Adapt type and cast to get ride of warnings 2026-02-20 16:44:54 +01:00
Michael Vetter
289fed262f cleanup: cast option to curl_easy_setopt
Also found via LTO mismatch.
2026-02-20 16:28:56 +01:00
Michael Vetter
f1acf702a9 chore: Update copyright year 2026-02-20 16:13:31 +01:00
Michael Vetter
6e61383e97 cleanup: Adapt loop counter to proper type
Fixing a couple of -Wsign-compare warnings.
2026-02-20 16:02:27 +01:00
Michael Vetter
3e0c9e79e4 cleanup: Correct comparison in cons_show_wins()
g_strstr_len() actually returns a gchar* to the position. So it is not
like in the case of strlen() where it returns the number of bytes.
2026-02-20 16:02:17 +01:00
Michael Vetter
61fa8d5b66 cleanup: Initialize optional fields in profModule
Let's initialize them with NULL to make the compiler happy.
2026-02-20 16:02:13 +01:00
Michael Vetter
70ed25c418 cleanup: Initialize GOptionEntry entries correctly
The `arg_description` field was forgotten in 034a98587.
2026-02-20 16:02:08 +01:00
Michael Vetter
15fcda7950 cleanup: Fix uninitialized field in color_distance()
`name` of the struct `color_def` was not initialized but is also not
needed in this function.
2026-02-20 16:02:03 +01:00
Michael Vetter
12a181b5d5 cleanup: Wrap release handler in iq.c
GDestroyNotify takes a void* and returns void.

Wrap xmpp_stanza_release to get rid of the incompatible function type
warning.
2026-02-20 16:01:58 +01:00
Michael Vetter
b6a70aa47e cleanup: Fix cast function type warnings in pgp.c
The gpgme_set_passphrase_cb function expects a function
pointer of type gpgme_passphrase_cb_t.

The gpgme_passphrase_cb_t typedef specifies a function that returns
gpgme_error_t so return GPG_ERR_NO_ERROR instead of 0.
2026-02-20 16:01:52 +01:00
Michael Vetter
b8eddb4e3c cleanup: Make muc_nick() return const char*
Fix `type qualifiers ignored on function return type`.
2026-02-20 16:01:46 +01:00
Michael Vetter
fbfa1f13e5 Add meson build system 2026-02-05 09:13:40 +01:00
Karel Balej
7c83c2608d exit gracefully on SIGTERM and SIGHUP
Make profanity exit gracefully when it receives either SIGTERM or
SIGHUP. This means that various cleanups will happen as if the user
issued the /quit command, whereas before these signals would terminate
profanity immediately leaving for instance the connection to the server
unterminated.

The main motivation for this change is so that profanity will exit
gracefully when the user closes the terminal that it's running in, which
is a handy shortcut (but can also happen on accident) and won't now lead
to the connection slowly timing out on the server instead. Similarly for
SIGTERM: profanity now for instance needs not be manually closed before
shutting down the computer to avoid the above as it will instead receive
this signal from the init process.
2026-01-22 13:37:56 +01:00
Steffen Jaeckel
01c781fcf6 Don't publish keys if the server doesn't support pubsub.
Related-to: https://github.com/profanity-im/profanity/issues/2078
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
1d508d592c Fix memory leaks when OMEMO keys have not been generated yet.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
fa1c4dddc9 Fix invalid free after /omemo gen
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
0830d82916 Minor fixes of accounts.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
f19acc2156 Fix reconnect when no account has been set up yet.
e.g. if one connects with an account for the first time and the server
returns a `see-other-host` error.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
c61c72f2f0 When renaming an account, copy all existing keys.
No need to have a fixed list of keys, we can simply copy all existing ones.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
bb964b2f1b Consistency please.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
7c04b17aff Simplify accounts_get_account().
* No need to call `g_key_file_has_key()` before calling a getter.
* Add helper to convert `gcharv` to `glist`.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
81f92f1fed Fix overwriting new accounts when running multiple instances.
If one is running multiple instances of profanity, the behavior of the
accounts module was to constantly overwrite the accounts file with the
version that was on-disk of the first instance of profanity started.

This is changed now in order to only write what we modified, we keep a
copy of the accounts file and when "saving" we re-read accounts from disk
and only update the values of the modified account.

This is not 100% fool proof if one modifies the same account from two
different instances, but still better than before.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
038f345a4e Minor improve theme
* Less `GString`.
* Don't `g_free()` a `strdup()`'ed string.
* Don't lookup the `console` window X times, but only once.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
54fea4afcf Minor improvements.
* Add new TLS policy `direct` as a replacement for `legacy`.
* Document that `/[command]?` prints the help of a command.
* Add option to get help via `/command help`.
* Fix `my-prof.supp` generation and tests for out-of-source builds.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
a50cd3a885 Refactor tlscerts.
* use `gchar` instead of `char`.
* improve situations when strings must be duplicated or can pass ownership.
* encapsulate the X.509 name details into a struct.
* prevent memory leaks if a name detail is contained multiple times.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
62fd40c510 Use gboolean consistently.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
b0221f6146 Simplify conf_string_list_{add,remove}() implementations.
* add can simply do a `memcpy()`.
* in remove we don't have to put the array in a list in order to put it
  back into an array again. Also we don't have to `strdup()` each entry,
  which leads to even less allocations.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
1ede01ed8c Free in reverse order.
... as much as possible ... subject and issuer details excluded.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
a07cff8a99 Use the stronger certificate fingerprint.
If a cert has a SHA256 use that one and only use SHA1 as fallback.

Closes: https://github.com/profanity-im/profanity/issues/2068
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:06 +01:00