Commit Graph

7674 Commits

Author SHA1 Message Date
Michael Vetter
ba5614fb0e cleanup: use auto_FILE and handle fopen failure in command_docgen 2026-02-27 19:26:42 +01:00
Michael Vetter
156b78adfa cleanup: fix potential NULL dereference and leaks in cmd_sendfile
* Add NULL checks for malloc and strdup calls in cmd_sendfile
* Ensure file handles and descriptors are closed on all error paths
2026-02-27 00:02:59 +01:00
Michael Vetter
5711671c99 refactor: roster export uses GString and g_file_set_contents now
Modernize the /export command implementation by adopting GLib-based
patterns for string manipulation and file handling.

* Replace _writecsv with _append_csv_escaped to efficiently handle CSV
  quote doubling directly within a GString buffer
* Refactor cmd_export to build the CSV content in memory using GString,
  minimizing system calls
* Use g_file_set_contents for atomic writing
2026-02-27 00:02:59 +01:00
Michael Vetter
9f3d78a994 refactor: Make _writecsv safer and with better performance
* Cache strlen() result
* Check for malloc() failure to prevent null pointer dereference
* Ensure the output buffer is null-terminated for safe use with cons_show()
* Simplify the quote escaping logic for better readability.
2026-02-27 00:02:52 +01:00
Michael Vetter
3d2a82ad4a cleanup: Fix potential NULL dereference in cmd_omemo_(un)trust
Replace malloc() with g_malloc() to handle allocation failure and
ensure enough memory is allocated for the null terminator.
2026-02-26 19:47:13 +01:00
Michael Vetter
d29fcdbed3 refactor: Use p_contact_new instead of malloc in p_contact_new() 2026-02-26 19:29:43 +01:00
Michael Vetter
48205fc6de cleanup: Initialize waittime to 0
This fixes a -fanalyzer uninitialized value warning.
2026-02-26 19:21:45 +01:00
Michael Vetter
caf84ca731 refactor: use g_new in message_pubsub_event_handler_add() 2026-02-26 19:06:44 +01:00
Michael Vetter
f98e33be81 refactor: make Jid use glib functions 2026-02-26 19:06:44 +01:00
Michael Vetter
abffffb499 refactor: make Resource use glib functions 2026-02-26 19:06:44 +01:00
Michael Vetter
8a36ca6d97 refactor: start to standardize on gchar
Make get_random_string() return a gchar*.

This is part of the effort to migrate string declarations and
allocations from char to gchar, replacing standard C allocators
(malloc/calloc/strdup) with their glib equivalents
(g_malloc/g_new0/g_strdup).

The primary goal is to prevent mismatched allocator bugs. While char and
gchar are binary compatible, mixing their respective deallocators is
dangerous:

* Freeing malloc'd memory with g_free() (or vice versa) can lead to
  memory corruption, double-frees, or crashes.
* This is seems to be the case especiall on non Linux platforms or when
  using hardened memory allocators where the GLib slice allocator or
  wrappers may differ from the system heap.

By standardizing on gchar, we ensure that our automatic cleanup macros
(like auto_gchar) always invoke the correct deallocator (g_free).
2026-02-26 19:06:44 +01:00
Michael Vetter
e1fd2a1cf6 refactor: replace calloc with g_new0 for struct allocations
Migrate structure allocations from calloc to glibs g_new0 macro to
improve type safety and memory robustness.

* Type Safety: The macro takes the type name directly, ensuring the
  allocated size always matches the pointer type.
* Static Analysis: It guarantees a non-NULL return by aborting on
  failure, which silences -fanalyzer warnings regarding potential NULL
  pointer dereferences.
* Readability: Removes redundant sizeof() calls and is the glib way
2026-02-26 19:06:39 +01:00
Michael Vetter
f1d4ed41d6 refactor: Use g_malloc0 instead of calloc in get_random_string()
It automatically aborts the program on allocation failure.
Also eliminates the need for repetitive manual NULL checks.
2026-02-26 16:29:50 +01:00
Michael Vetter
ec45a19c72 build: enable -fanalyzer for static analysis
Enable gccs static analyzer to detect memory bugs at compile-time. This
validates our __attribute__((__cleanup__)) macros and improves security
when parsing external XMPP data with zero runtime overhead.
2026-02-26 16:28:00 +01:00
Michael Vetter
606a10208a build: Enable _FORTIFY_SOURCE and -Og optimization
Add security hardening via _FORTIFY_SOURCE=2 and switch to -Og to
provide the necessary optimization for these checks while remaining
debugger friendly.

The goal is to catch many buffer overflows and format string errors
at compile-time or runtime.

-Og may occasionally optimize out very short-lived
local variables, making them invisible in the debugger.
So i'm not sure this is a very good idea. But I hope that we will find
bugs earlier and don't even need to debug that often. We might revert
this change later though in case we run into problems too often.

I'm not aware of any other downsides.
2026-02-26 08:50:12 +01:00
Michael Vetter
e95e8b5c6f build: Add -fstack-protector-strong compiler flag
Enable stack protection to detect buffer overflows and harden the binary.
This flag adds a canary to stack frames, causing the
program to terminate immediately if stack corruption is detected.

This helps identify memory safety bugs earlier during development by
turning silent corruption into an immediate crash, and provides
protection against stack-smashing exploits at runtime with negligible
performance overhead.

We don't add this generally because we wan't distributions/users to
decide if they want it. But it can help us find problems early on during
development.
2026-02-26 08:42:24 +01:00
Michael Vetter
8fd3c05983 Merge pull request #2093 from profanity-im/improve-unittests
Improve unittests
2026-02-25 12:50:50 +01:00
Michael Vetter
549f28fa0d tests: Add test for release_is_new()
Also refactor the function so we pass it the current version
and don't rely on the define inside of it.

This function only allows version format in the style of "x.y.z".
2026-02-25 12:40:32 +01:00
Michael Vetter
ea7a59808a refactor: optimize prof_occurrences()
Optimize prof_occurrences by using pointer arithmetic and
g_utf8_next_char instead of calls to g_utf8_offset_to_pointer.

Improve list construction efficiency in prof_occurrences by
using g_slist_prepend and g_slist_reverse instead of appends.

Also fix a slight oversight that could lead to trouble:
When empty search strings (e.g. empty nicks) are passed
it caused matches at every position.

Update the test case to test for empty nicks.
2026-02-25 12:40:32 +01:00
Michael Vetter
ca8cc8f651 tests: Add test for get_mentions() 2026-02-25 12:40:32 +01:00
Michael Vetter
0c15cd1d93 tests: Add test for valid_tls_policy_option()
See last commit with comment regarding cons_show().

In this test here we can see that if we pass NULL cons_show() isn't
called. Making it a bit different that other invalid test cases.
2026-02-25 12:40:32 +01:00
Michael Vetter
b7d53adba6 tests: Add tests for string_matches_one_of()
Writing this test I'm unsure whether a function like
string_matches_one_of() should actually call cons_show().
Let's just note that for later.
2026-02-25 12:40:28 +01:00
Michael Vetter
2b650c8daf build: Set -Qunused-arguments depending on compiler not os
This got introduced in configure.ac in
4ca6296fb7. I'll leave it there as is for
now but let's use the proper way in meson.

See discussion in https://github.com/profanity-im/profanity/pull/2090
2026-02-24 19:07:52 +01:00
Michael Vetter
e6bad112aa Merge pull request #2090 from botantony/fix-function-declaration
fix: define `prefs_changes_print` outside of `prefs_changes`
2026-02-24 19:01:25 +01:00
botantony
309c0a64a7 fix: define prefs_changes_print outside of prefs_changes
This causes build failures on macOS runners in Homebrew, see:
https://github.com/Homebrew/homebrew-core/pull/268970
https://github.com/Homebrew/homebrew-core/actions/runs/22305120219/job/64538952484?pr=268970

I didn't run `make format` because it modified other unrelated files
(guess they were not formatted before) but I assume this PR follow the
style guides

Signed-off-by: botantony <antonsm21@gmail.com>
2026-02-24 14:54:31 +01:00
Michael Vetter
a7be9f1280 tests: Add tests for strtoi_range() 2026-02-23 20:05:32 +01:00
Michael Vetter
5a7bba8093 tests: Add test for string_to_verbosity() 2026-02-23 18:37:14 +01:00
Michael Vetter
74bf33e727 tests: Add test for get_expanded_path() 2026-02-23 18:37:10 +01:00
Michael Vetter
1be326911c tests: Improve autocomplete unit tests
It seems like we didn't even check whether the operations succeed or
not.

* `clear_empty()`
  Add assertion to confirm a newly created autocomplete object is empty.
* `find_after_create()`:
  Add assertion to ensure `autocomplete_complete()` returns NULL when no
  entries are present in th object.
2026-02-23 18:28:49 +01:00
Michael Vetter
657de5f22f Merge pull request #2089 from profanity-im/cleanup
Cleanup
2026-02-23 11:10:38 +01:00
Michael Vetter
2b6bb1ae3e docs: Mention generated html pages in release guide 2026-02-23 10:50:24 +01:00
Michael Vetter
64a72249cb Start new cycle 2026-02-23 10:44:08 +01:00
Michael Vetter
5ff84d98d8 Release 0.16.0 2026-02-23 10:30:36 +01:00
Michael Vetter
a1fe714487 build: enable more warnings in debug mode 2026-02-20 16:50:03 +01:00
Michael Vetter
6221d1046a cleanup: Cast device ids in omemo.c
Seems like in signal address.device_id is int32 for some reason.
2026-02-20 16:50:03 +01:00
Michael Vetter
10a68437ad cleanup: Move loop var from int to size_t in omemo.c 2026-02-20 16:50:03 +01:00
Michael Vetter
7eb64b2779 cleanup: Cast g_hash_table_lookup return to function pointer
Explicitly cast the void pointer returned by g_hash_table_lookup
to the expected function pointer signature.

Make `-Wpedantic` happy.
2026-02-20 16:49:58 +01:00
Michael Vetter
110b359ee1 cleanup: Cast to get rid of warnings 2026-02-20 16:45:01 +01:00
Michael Vetter
1d0e6580d1 cleanup: Move loop var from int to size_t in cmd_funcs.c 2026-02-20 16:45:01 +01:00
Michael Vetter
ddd43f5e60 cleanup: Move more functions from int to guint in statusbar.c 2026-02-20 16:45:01 +01:00
Michael Vetter
8970b5e61b cleanup: Move some variables from int to guint in statusbar.c 2026-02-20 16:45:01 +01:00
Michael Vetter
1120170ef7 cleanup: Adapt type and cast to get ride of warnings 2026-02-20 16:44:54 +01:00
Michael Vetter
289fed262f cleanup: cast option to curl_easy_setopt
Also found via LTO mismatch.
2026-02-20 16:28:56 +01:00
Michael Vetter
759e5830a6 fix: Correct function signature for unittests
Found as LTO type-mismatch.
2026-02-20 16:25:47 +01:00
Michael Vetter
f1acf702a9 chore: Update copyright year 2026-02-20 16:13:31 +01:00
Michael Vetter
6e61383e97 cleanup: Adapt loop counter to proper type
Fixing a couple of -Wsign-compare warnings.
2026-02-20 16:02:27 +01:00
Michael Vetter
3e0c9e79e4 cleanup: Correct comparison in cons_show_wins()
g_strstr_len() actually returns a gchar* to the position. So it is not
like in the case of strlen() where it returns the number of bytes.
2026-02-20 16:02:17 +01:00
Michael Vetter
61fa8d5b66 cleanup: Initialize optional fields in profModule
Let's initialize them with NULL to make the compiler happy.
2026-02-20 16:02:13 +01:00
Michael Vetter
70ed25c418 cleanup: Initialize GOptionEntry entries correctly
The `arg_description` field was forgotten in 034a98587.
2026-02-20 16:02:08 +01:00
Michael Vetter
15fcda7950 cleanup: Fix uninitialized field in color_distance()
`name` of the struct `color_def` was not initialized but is also not
needed in this function.
2026-02-20 16:02:03 +01:00