Commit Graph

7688 Commits

Author SHA1 Message Date
Michael Vetter
776bc262d0 refactor: change vcard_print() checks
data is allocated via g_new0() so cannot be NULL here.
And it was used before the check already so that didn't make any sense
in the first place.
2026-02-27 22:29:45 +01:00
Michael Vetter
1ec536d343 fix: fix api_get_current_occupants() memory problems
Fix a potential NULL pointer dereference. And free the list properly.
2026-02-27 22:29:45 +01:00
Michael Vetter
2406413e14 fix: fix NULL dereference and memory leaks in OX logic
recp elements were accessed without verifying the success of
_ox_key_lookup().

Also fix several memory leaks.

gpgme_data_new() followed 'gpgme_data_new_from_mem' was redundant.
2026-02-27 22:29:42 +01:00
Michael Vetter
16080ab985 cleanup: Fix potential null pointer dereference 2026-02-27 19:45:57 +01:00
Michael Vetter
f74501e97e cleanup: add a defensive check in cmd_process_input() 2026-02-27 19:36:47 +01:00
Michael Vetter
d8a7b234bb fix: segfault when using /command help
Usually we use `/help command`. Additionally there is a shortcut
`/comamnd?`. 54fea4afcf tried to introduce
to have `/command help`. Which doesn't really work since most commands
get this as parameters. So it never worked. Additionally it introduced
at segfault because it tried to set *question_mark to NULL even we can
also get there without the `?` but by having the `help` as parameter.
2026-02-27 19:33:28 +01:00
Michael Vetter
373ec4a7e3 refactor: replace malloc with g_new0 in many occasions 2026-02-27 19:26:42 +01:00
Michael Vetter
de5949e8eb refactor: partly move plugins to glib
That's not very nice yet but we have to start somewhere.
2026-02-27 19:26:42 +01:00
Michael Vetter
20154048e7 refactor: Move pgp module to gchar 2026-02-27 19:26:42 +01:00
Michael Vetter
45dc50eccf fix: initialize OMEMO pointers and add NULL checks 2026-02-27 19:26:42 +01:00
Michael Vetter
55be1de29c cleanup: use g_new0 and g_strdup for alias allocation
And move whole preferences module to gchar.
2026-02-27 19:26:42 +01:00
Michael Vetter
aec8e48268 refactor: modernize cmd_ac_complete_filepath and simplify path handling 2026-02-27 19:26:42 +01:00
Michael Vetter
65ca3c448b fix: handle potential NULL from malloc in OMEMO fingerprint decoding 2026-02-27 19:26:42 +01:00
Michael Vetter
4ee35028e5 cleanup: use g_malloc and auto_gchar in _win_print_wrapped 2026-02-27 19:26:42 +01:00
Michael Vetter
ba5614fb0e cleanup: use auto_FILE and handle fopen failure in command_docgen 2026-02-27 19:26:42 +01:00
Michael Vetter
156b78adfa cleanup: fix potential NULL dereference and leaks in cmd_sendfile
* Add NULL checks for malloc and strdup calls in cmd_sendfile
* Ensure file handles and descriptors are closed on all error paths
2026-02-27 00:02:59 +01:00
Michael Vetter
5711671c99 refactor: roster export uses GString and g_file_set_contents now
Modernize the /export command implementation by adopting GLib-based
patterns for string manipulation and file handling.

* Replace _writecsv with _append_csv_escaped to efficiently handle CSV
  quote doubling directly within a GString buffer
* Refactor cmd_export to build the CSV content in memory using GString,
  minimizing system calls
* Use g_file_set_contents for atomic writing
2026-02-27 00:02:59 +01:00
Michael Vetter
9f3d78a994 refactor: Make _writecsv safer and with better performance
* Cache strlen() result
* Check for malloc() failure to prevent null pointer dereference
* Ensure the output buffer is null-terminated for safe use with cons_show()
* Simplify the quote escaping logic for better readability.
2026-02-27 00:02:52 +01:00
Michael Vetter
3d2a82ad4a cleanup: Fix potential NULL dereference in cmd_omemo_(un)trust
Replace malloc() with g_malloc() to handle allocation failure and
ensure enough memory is allocated for the null terminator.
2026-02-26 19:47:13 +01:00
Michael Vetter
d29fcdbed3 refactor: Use p_contact_new instead of malloc in p_contact_new() 2026-02-26 19:29:43 +01:00
Michael Vetter
48205fc6de cleanup: Initialize waittime to 0
This fixes a -fanalyzer uninitialized value warning.
2026-02-26 19:21:45 +01:00
Michael Vetter
caf84ca731 refactor: use g_new in message_pubsub_event_handler_add() 2026-02-26 19:06:44 +01:00
Michael Vetter
f98e33be81 refactor: make Jid use glib functions 2026-02-26 19:06:44 +01:00
Michael Vetter
abffffb499 refactor: make Resource use glib functions 2026-02-26 19:06:44 +01:00
Michael Vetter
8a36ca6d97 refactor: start to standardize on gchar
Make get_random_string() return a gchar*.

This is part of the effort to migrate string declarations and
allocations from char to gchar, replacing standard C allocators
(malloc/calloc/strdup) with their glib equivalents
(g_malloc/g_new0/g_strdup).

The primary goal is to prevent mismatched allocator bugs. While char and
gchar are binary compatible, mixing their respective deallocators is
dangerous:

* Freeing malloc'd memory with g_free() (or vice versa) can lead to
  memory corruption, double-frees, or crashes.
* This is seems to be the case especiall on non Linux platforms or when
  using hardened memory allocators where the GLib slice allocator or
  wrappers may differ from the system heap.

By standardizing on gchar, we ensure that our automatic cleanup macros
(like auto_gchar) always invoke the correct deallocator (g_free).
2026-02-26 19:06:44 +01:00
Michael Vetter
e1fd2a1cf6 refactor: replace calloc with g_new0 for struct allocations
Migrate structure allocations from calloc to glibs g_new0 macro to
improve type safety and memory robustness.

* Type Safety: The macro takes the type name directly, ensuring the
  allocated size always matches the pointer type.
* Static Analysis: It guarantees a non-NULL return by aborting on
  failure, which silences -fanalyzer warnings regarding potential NULL
  pointer dereferences.
* Readability: Removes redundant sizeof() calls and is the glib way
2026-02-26 19:06:39 +01:00
Michael Vetter
f1d4ed41d6 refactor: Use g_malloc0 instead of calloc in get_random_string()
It automatically aborts the program on allocation failure.
Also eliminates the need for repetitive manual NULL checks.
2026-02-26 16:29:50 +01:00
Michael Vetter
ec45a19c72 build: enable -fanalyzer for static analysis
Enable gccs static analyzer to detect memory bugs at compile-time. This
validates our __attribute__((__cleanup__)) macros and improves security
when parsing external XMPP data with zero runtime overhead.
2026-02-26 16:28:00 +01:00
Michael Vetter
606a10208a build: Enable _FORTIFY_SOURCE and -Og optimization
Add security hardening via _FORTIFY_SOURCE=2 and switch to -Og to
provide the necessary optimization for these checks while remaining
debugger friendly.

The goal is to catch many buffer overflows and format string errors
at compile-time or runtime.

-Og may occasionally optimize out very short-lived
local variables, making them invisible in the debugger.
So i'm not sure this is a very good idea. But I hope that we will find
bugs earlier and don't even need to debug that often. We might revert
this change later though in case we run into problems too often.

I'm not aware of any other downsides.
2026-02-26 08:50:12 +01:00
Michael Vetter
e95e8b5c6f build: Add -fstack-protector-strong compiler flag
Enable stack protection to detect buffer overflows and harden the binary.
This flag adds a canary to stack frames, causing the
program to terminate immediately if stack corruption is detected.

This helps identify memory safety bugs earlier during development by
turning silent corruption into an immediate crash, and provides
protection against stack-smashing exploits at runtime with negligible
performance overhead.

We don't add this generally because we wan't distributions/users to
decide if they want it. But it can help us find problems early on during
development.
2026-02-26 08:42:24 +01:00
Michael Vetter
8fd3c05983 Merge pull request #2093 from profanity-im/improve-unittests
Improve unittests
2026-02-25 12:50:50 +01:00
Michael Vetter
549f28fa0d tests: Add test for release_is_new()
Also refactor the function so we pass it the current version
and don't rely on the define inside of it.

This function only allows version format in the style of "x.y.z".
2026-02-25 12:40:32 +01:00
Michael Vetter
ea7a59808a refactor: optimize prof_occurrences()
Optimize prof_occurrences by using pointer arithmetic and
g_utf8_next_char instead of calls to g_utf8_offset_to_pointer.

Improve list construction efficiency in prof_occurrences by
using g_slist_prepend and g_slist_reverse instead of appends.

Also fix a slight oversight that could lead to trouble:
When empty search strings (e.g. empty nicks) are passed
it caused matches at every position.

Update the test case to test for empty nicks.
2026-02-25 12:40:32 +01:00
Michael Vetter
ca8cc8f651 tests: Add test for get_mentions() 2026-02-25 12:40:32 +01:00
Michael Vetter
0c15cd1d93 tests: Add test for valid_tls_policy_option()
See last commit with comment regarding cons_show().

In this test here we can see that if we pass NULL cons_show() isn't
called. Making it a bit different that other invalid test cases.
2026-02-25 12:40:32 +01:00
Michael Vetter
b7d53adba6 tests: Add tests for string_matches_one_of()
Writing this test I'm unsure whether a function like
string_matches_one_of() should actually call cons_show().
Let's just note that for later.
2026-02-25 12:40:28 +01:00
Michael Vetter
2b650c8daf build: Set -Qunused-arguments depending on compiler not os
This got introduced in configure.ac in
4ca6296fb7. I'll leave it there as is for
now but let's use the proper way in meson.

See discussion in https://github.com/profanity-im/profanity/pull/2090
2026-02-24 19:07:52 +01:00
Michael Vetter
e6bad112aa Merge pull request #2090 from botantony/fix-function-declaration
fix: define `prefs_changes_print` outside of `prefs_changes`
2026-02-24 19:01:25 +01:00
botantony
309c0a64a7 fix: define prefs_changes_print outside of prefs_changes
This causes build failures on macOS runners in Homebrew, see:
https://github.com/Homebrew/homebrew-core/pull/268970
https://github.com/Homebrew/homebrew-core/actions/runs/22305120219/job/64538952484?pr=268970

I didn't run `make format` because it modified other unrelated files
(guess they were not formatted before) but I assume this PR follow the
style guides

Signed-off-by: botantony <antonsm21@gmail.com>
2026-02-24 14:54:31 +01:00
Michael Vetter
a7be9f1280 tests: Add tests for strtoi_range() 2026-02-23 20:05:32 +01:00
Michael Vetter
5a7bba8093 tests: Add test for string_to_verbosity() 2026-02-23 18:37:14 +01:00
Michael Vetter
74bf33e727 tests: Add test for get_expanded_path() 2026-02-23 18:37:10 +01:00
Michael Vetter
1be326911c tests: Improve autocomplete unit tests
It seems like we didn't even check whether the operations succeed or
not.

* `clear_empty()`
  Add assertion to confirm a newly created autocomplete object is empty.
* `find_after_create()`:
  Add assertion to ensure `autocomplete_complete()` returns NULL when no
  entries are present in th object.
2026-02-23 18:28:49 +01:00
Michael Vetter
657de5f22f Merge pull request #2089 from profanity-im/cleanup
Cleanup
2026-02-23 11:10:38 +01:00
Michael Vetter
2b6bb1ae3e docs: Mention generated html pages in release guide 2026-02-23 10:50:24 +01:00
Michael Vetter
64a72249cb Start new cycle 2026-02-23 10:44:08 +01:00
Michael Vetter
5ff84d98d8 Release 0.16.0 2026-02-23 10:30:36 +01:00
Michael Vetter
a1fe714487 build: enable more warnings in debug mode 2026-02-20 16:50:03 +01:00
Michael Vetter
6221d1046a cleanup: Cast device ids in omemo.c
Seems like in signal address.device_id is int32 for some reason.
2026-02-20 16:50:03 +01:00
Michael Vetter
10a68437ad cleanup: Move loop var from int to size_t in omemo.c 2026-02-20 16:50:03 +01:00