Commit Graph

224 Commits

Author SHA1 Message Date
467222d0ca fix(ui,db): harden NULL handling, fix CWE-134, optimize iterations
Some checks failed
CI Code / Code Coverage (push) Failing after 10m34s
CI Code / Check spelling (push) Failing after 10m47s
CI Code / Check coding style (push) Failing after 11m4s
CI Code / Linux (ubuntu) (push) Failing after 11m19s
CI Code / Linux (debian) (push) Failing after 11m28s
CI Code / Linux (arch) (push) Failing after 11m38s
security(CWE-134): fix format string injections + add CI check
fix(ui): subwindow lifecycle, newwin/newpad guards, fallback timestamps
fix(db): sqlite cleanup on failures, sqlite3_close_v2
fix(xmpp): queued_messages loop, barejid leak
perf(core): g_hash_table_iter_init instead of g_hash_table_get_keys
refactor(ui): CLAMP macro in _check_subwin_width
test: XEP-0012 and XEP-0045 functional tests

Author: jabber.developer2
Closes #58, #85
2026-02-06 19:27:40 +01:00
266f5aa046 feat(api): add get_current_window call
Some checks failed
CI API Docs / Test C API Documentation Generation (pull_request) Successful in 27s
CI API Docs / Test Python API Documentation Generation (pull_request) Successful in 29s
CI Code / Check coding style (pull_request) Successful in 35s
CI Code / Check spelling (pull_request) Successful in 19s
CI Code / Linux (debian) (pull_request) Successful in 13m22s
CI Code / Linux (arch) (pull_request) Successful in 13m27s
CI Code / Linux (ubuntu) (pull_request) Successful in 13m36s
CI API Docs / Test C API Documentation Generation (push) Successful in 1m2s
CI Code / Check spelling (push) Has been cancelled
CI Code / Check coding style (push) Has been cancelled
CI Code / Linux (ubuntu) (push) Has been cancelled
CI Code / Linux (debian) (push) Has been cancelled
CI API Docs / Test Python API Documentation Generation (push) Successful in 1m8s
CI Code / Linux (arch) (push) Successful in 9m24s
Add prof_get_current_window API to retrieve the title of the currently active window, matching the titlebar display.

The feature is especially useful to track currently used plugin window.
2025-10-20 19:00:48 +02:00
Steffen Jaeckel
0d5123e69a Trampoline Python unref again.
In the past `Py_XDECREF()` was a macro. Preserve compat to ancient Python
versions by having a trampoline which calls `Py_XDECREF()`.

Fixes: #2043
Fixes: c0da36c4 ("Rage-cleanup.")

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
(cherry picked from commit 3299dd8fc6)
2025-09-10 14:00:51 +02:00
6871a4d46f Fix memory leak in _handle_string_or_none_result
All checks were successful
CI / Check spelling (pull_request) Successful in 4m23s
CI / Check coding style (pull_request) Successful in 10m37s
CI / Linux (fedora) (pull_request) Successful in 11m27s
CI / Linux (debian) (pull_request) Successful in 12m48s
CI / Linux (arch) (pull_request) Successful in 16m54s
CI / Linux (ubuntu) (pull_request) Successful in 48m55s
The function did not decref the Python object on type error paths,
resulting in a reference count leak. This caused memory to accumulate
over time. Added Py_XDECREF on all early return paths to properly free
the Python object reference and prevent leaks.
2025-07-02 15:05:44 +02:00
Steffen Jaeckel
666895905b Revert API change of plugins_pre_chat_message_display()
In order to keep the C plugins API stable, we have to revert this part of
the changes done in 16ed7cc187.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-13 13:28:06 +01:00
Steffen Jaeckel
a9c601101d Simplify code
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-13 13:02:13 +01:00
Steffen Jaeckel
4940218257 Minimize strdup() operations in plugins.
Instead of dup'ing each string before free'ing it, simply re-use the same.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-13 13:01:36 +01:00
Steffen Jaeckel
83a4165d92 plugins_(on|pre) API now maybe returns NULL.
Instead of always returning a `strdup()`'ed version, maybe return NULL and
handle this in the calling code.

This is still not true for `plugins_pre_chat_message_display()`, where we
return the passed `messag` in case there are no plugins, since this would
require a bigger refactor of more parts.

This also
* merges the implementation of `sv_ev_incoming_private_message()` and
  `sv_ev_delayed_private_message()`, since they differed only by a single
  line.
* untangles the `#ifdef` mess in `cl_ev_send_muc_msg_corrected()`.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-12 10:15:35 +01:00
Steffen Jaeckel
c0da36c48d Rage-cleanup.
While trying to get the unit tests working again I stumbled over all those
things that I thought could be better^TM.

Now we also know "TODO: why does this make the test fail?" - because
the unit tests are brittle AF ... and we have to init the subsystems
we use in the test, otherwise the cleanup will fail...

BTW. you can now also only run a single test ... or a pattern or so ...
you'd have to read how `cmocka_set_test_filter()` works exactly.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-10 11:45:15 +01:00
Steffen Jaeckel
72b99ceb6d Some minor improvements
* destroy/free/shutdown/close in reverse order of allocation
* more static/auto_Xfree
* less variables/strlen/GString
* properly `\0`-terminate string of testcase

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-10 11:45:15 +01:00
Steffen Jaeckel
c5a131ee46 Introduce our own shutdown callback mechanism.
Instead of adding stuff to `_shutdown()`, we can now register a shutdown
routine from the respective `init()` function of our modules.

This also has the advantage, that we're sure they're called in reverse
order from how the initialization happened.

I didn't simply use `atexit()` because POSIX says that the number of
possible callbacks is limited (min 32) and I was not sure whether
we will maybe extend this number at one point.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-07 21:09:16 +01:00
Steffen Jaeckel
06f5c2670e PyEval_InitThreads() is deprecated
`Py_Initialize()` does it since 3.7, it's a noop and deprecated since 3.9.

https://docs.python.org/3/c-api/init.html#c.PyEval_InitThreads

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-01-28 16:43:13 +01:00
Hanspeter Portner
cb395b7c09 Make muc_nick return a const char* const
In the documentation of the `muc_nick` function we can read:

> The nickname is owned by the chat room and should not be modified or freed

We should reflect that in the return type and `strdup` the value for the
plugin API.

Fixes: https://github.com/profanity-im/profanity/issues/2013
2025-01-26 18:16:14 +01:00
Steffen Jaeckel
848acdd1fa Improve const correctness
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2024-06-19 16:01:46 +02:00
Steffen Jaeckel
dc0f2acb9a Simplify usage of roster_get_display_name()
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-12-12 18:27:11 +01:00
Steffen Jaeckel
835ea397ac Tidy up some code
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-12-12 18:26:21 +01:00
Steffen Jaeckel
31c6d5f09a Improve shutdown
1. close logfile as last action
2. Fix `plugins_shutdown()` accessing `((ProfPlugin*)curr->data)->lang`
   after `curr->data` had already potentially been free'd.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-12-12 16:31:42 +01:00
John Hernandez
db96d13453 Improve string convertion error handling
Before the change, profanity has shown
`TypeError: prof_pre_chat_message_display() missing 3 required positional arguments: 'barejid',
           'resource', and 'message'`
error for received messages with incorrect encoding
instead of proper error handling for string convertion.

That is a temporary fix, correct fix probably would be
passing potentially problematic char* as `bytes` (using `y` instead of `s` format),
but this would require API changes and hence correction of plugins to
handle new input parameters properly (likely with "decode" function).

A bit hard to reproduce. You need to add a plugin with the following code
(or any other plugin with `prof_pre_chat_message_display` present, such as emoticons.py):
```python
def prof_pre_chat_message_display(barejid, resource, message):
    return message
```

and then receive/send message with incorrectly encoded character, it can be any
invalid UTF8 symbol. You'll see error in console, errors don't represent actual
errors in plugins, but rather Profanity's shortcoming, though it make appear so
that the problem is in plugin.

Actual proper handling would likely be using `y` instead of `s` format
(see [reference](https://docs.python.org/3/c-api/arg.html#c.Py_BuildValue))

> s ([str](https://docs.python.org/3/library/stdtypes.html#str) or None) [const char *]
>    Convert a null-terminated C string to a Python [str](https://docs.python.org/3/library/stdtypes.html#str)
object using 'utf-8' encoding. If the C string pointer is NULL, None is used.

to

> y ([bytes](https://docs.python.org/3/library/stdtypes.html#bytes)) [const char *]
>     This converts a C string to a Python [bytes](https://docs.python.org/3/library/stdtypes.html#bytes)
> object. If the C string pointer is NULL, None is returned.

since there is a [problem](https://docs.python.org/3/c-api/arg.html) with `s`:
> s ([str](https://docs.python.org/3/library/stdtypes.html#str)) [const char *]
>    Convert a Unicode object to a C pointer to a character string.
> A pointer to an existing string is stored in the character pointer variable whose address you pass.
> ... Unicode objects are converted to C strings using 'utf-8' encoding.
> **If this conversion fails**, a [UnicodeError](https://docs.python.org/3/library/exceptions.html#UnicodeError) is raised.

In python such problem can be handled using `errors='ignore'` in [bytes.decode](https://docs.python.org/3/library/stdtypes.html#bytes.decode) or in a more sophisticated manner, depending on needs and realization.
2023-11-22 09:29:31 +01:00
John Hernandez
16ed7cc187 Refactor plugins_pre_chat_message_display for Memory Management
Refactor function to enhance memory handling, addressing
temporary workaround introduced in 2e0adbd. Adjustments
ensure cleaner code and maintainability.

Part of the improvements suggested by @sjaeckel.
2023-11-11 22:21:04 +01:00
Michael Vetter
2ab9a306ab Fix /plugins reload error message
`/plugins reload non-existent-plugin` printed:
```
Failed to reload plugin: non-existent-plugin, `:^C
```

There were two mistakes:
error_message instead of error_message->str was passed to cons_show().

And in case of failing to unload the plugin due to not finding it in the
hash table it didn't print an error.

This bug was introduced in cc697de05.
2023-10-19 12:58:19 +02:00
Steffen Jaeckel
ca2df180d8 Introduce a shared implementation for keyfile loading
Instead of copy&pasting the same code over again, use a common
implementation.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-09-04 09:59:09 +02:00
John Hernandez
865a056315 Cleanup g_strfreev() to auto_gcharv
Include some additional minor cleanups
2023-07-13 17:05:07 +02:00
John Hernandez
029f1caa52 Cleanup jid_destroy to auto_jid
Remove unused variables
Apply minor cleanups
2023-07-13 17:05:07 +02:00
John Hernandez
8304ac86ff g_free() to auto_gfree, introduce auto_guchar
Fix 11 potential mem leaks in theme.c
2023-07-13 17:04:59 +02:00
John Hernandez
e1d137f4e6 Change char->free to auto_char char for autocleanup
Replace `gchar` and `g_free` to `auto_gchar`
Correct certain  `char` functions/variables to `gchar`

Related to #1819.

Edited by @jubalh.
2023-07-11 13:26:37 +02:00
John Hernandez
7f3fca2bd0 Cleanup: gchar as gchar instead of char
Use gchar instead of char in most of the cases where gchar is intended.

Reason: improve compatibility and stability. Issue #1819

Minor refactoring.
2023-05-04 16:15:09 +02:00
Michael Vetter
d17bcf619c Format code with clang-format 16 2023-04-14 21:45:21 +02:00
Michael Vetter
e59c401c84 Adapt to g_string_free glib 2.75.3 change
glib 2.75.3 changes warning behaviour of `g_string_free()`.
See:
* https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3219
* https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3226

Use this opportunity to replace the use of GString with
`g_strdup_printf()` where possible.
Otherwise correctly take the return value of `g_string_free()`
which is nicer anyways.
2023-03-21 10:53:10 +01:00
Đoàn Trần Công Danh
5a72fefe89 plugin: python: fix build for Python 3.11
From Python 3.11, PyFrameObject has been changed into opaque struct.
We need to access those fields via API.

Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
2022-09-24 12:49:12 +07:00
j.r
5676159aa5 Fix python executed during configure
Previously it relied on AX_PYTHON_DEVEL, which in turn executes
python-config to get the build flags. However this does not work while
cross compiling because we can't execute the python-config build for the
target platform. To circumvent this problem the python build flags are
now queried via pkgconfig, which has the drawback of not having some
extra build flags, but they do not seem to be needed.

I tested this patch with the termux build system and it build without
their existing hack of injecting python after the configure step. I also
tested non cross compile build on Arch Linux and it also still works.

Fixes #851
2022-02-18 19:45:31 +01:00
Sergei Trofimovich
f0a39a4b66 python_api.c: enlarge c_arguments array to avoid OOB write
Code below explicitly refers past `args_len`th element:

        c_arguments[args_len][0] = NULL;
        c_arguments[args_len][1] = NULL;

Let's always allocate space for `NULL`. Noticed by Steffen Jaeckel.
2021-11-26 07:54:01 +00:00
Sergei Trofimovich
a77a57a6a4 src/plugins/python_api.c: drop redundant NULL pointer check
gcc-12 detects redundant check against array of arrays as:

    src/plugins/python_api.c: In function ‘python_api_register_command’:
    src/plugins/python_api.c:199:31: error: the comparison will always evaluate as ‘true’ for the address of ‘c_arguments’ will never be NULL [-Werror=address]
      199 |         while (c_arguments[i] != NULL && c_arguments[i][0] != NULL) {
          |                               ^~
    src/plugins/python_api.c:161:15: note: ‘c_arguments’ declared here
      161 |         char* c_arguments[args_len == 0 ? 0 : args_len + 1][2];
          |               ^~~~~~~~~~~
2021-11-18 22:29:11 +00:00
Sergei Trofimovich
753d9dbbdb src/plugins/callbacks.c: drop redundant NULL pointer check
gcc-12 detects redundant check against array of arrays as:

    src/plugins/callbacks.c: In function ‘_free_command_help’:
    src/plugins/callbacks.c:85:26: error: the comparison will always evaluate as ‘true’ for the address of ‘args’ will never be NULL [-Werror=address]
       85 |     while (help->args[i] != NULL && help->args[i][0] != NULL) {
          |                          ^~
    In file included from ./src/ui/ui.h:44,
                     from ./src/command/cmd_defs.h:42,
                     from src/plugins/callbacks.c:41:
    ./src/command/cmd_funcs.h:48:12: note: ‘args’ declared here
       48 |     gchar* args[128][2];
          |            ^~~~
2021-11-18 22:27:20 +00:00
Dustin Lagoy
2350a94c44 Add plugin get_barejid_from_roster function 2021-04-29 13:50:57 -04:00
Dustin Lagoy
802442fffc Change nick to name in api to match convention
Change all instances of *get_nick_from_roster to *get_name_from_roster
to match the convention of names in the roster itself.
2021-04-28 09:32:20 -04:00
Dustin Lagoy
ed4d2fcfb2 Add plugin prof_get_nick_from_roster function 2021-04-28 09:17:02 -04:00
Michael Vetter
057c9ad776 Add config.h in files were it was missing
Related to https://github.com/profanity-im/profanity/issues/1512
2021-03-26 19:54:22 +01:00
Michael Vetter
a94378f206 Fix various typos 2020-12-10 09:24:32 +01:00
Michael Vetter
35aecd425f Declare counter var inside loop
We require c99/gnu99 anyways.
2020-11-09 11:33:33 +01:00
Michael Vetter
11d849aa7f Dont hilight console once all messages have been read
If we receive a message we get:
<< room message: eagle@conference.anoxinon.me (win 2)

Same for private chats and regular chats.
And several other kinds of notifications.

If we only receive notifications from a chat window it would be nice to
also clear the hilight on the console window since we already catched up
by reading the actual message in the chat window.

Probably not the best description :-) I hope you get it..

Regards https://github.com/profanity-im/profanity/issues/1399
2020-07-09 15:44:35 +02:00
Michael Vetter
a2726b6a7d Apply coding style 2020-07-07 14:18:57 +02:00
Michael Vetter
a4cadf78fa Revert "Apply coding style"
This reverts commit 9b55f2dec0.

Sorting the includes creates some problems.
2020-07-07 13:53:30 +02:00
Michael Vetter
9b55f2dec0 Apply coding style
Regards https://github.com/profanity-im/profanity/issues/1396
2020-07-07 09:43:28 +02:00
Michael Vetter
914c6752dd Fix reading/writing linked files
"base" was not really base but the filename :-)

Fix https://github.com/profanity-im/profanity/issues/1362
2020-06-13 15:02:43 +02:00
Michael Vetter
180ec2b474 Add to_jid field to ProfMessage struct
Is usefult in many cases if we want cleaner code.
Hope this edit didn't break anything though ;-)
2020-04-11 17:11:53 +02:00
Michael Vetter
1f8b1eb740 Allow utf8 symbols as omemo/pgp/otr indicator char
Fix https://github.com/profanity-im/profanity/issues/1264
2020-02-20 23:36:10 +01:00
Michael Vetter
46fd7150e5 Add vim modeline 2019-11-13 12:11:05 +01:00
Dmitry Podgorny
69bba3ea4e plugins/python: fix double _XOPEN_SOURCE definition
ncursesw defines _XOPEN_SOURCE macro via command-line. In particular, it
is defined in ncursesw.pc and extracted via pkg-config. From other side,
Python defines the same macro unconditionally in pyconfig.h. Python-3.x
defines the macro with value different than ncursesw does. In turn, this
causes a warning that the macro is redefined. And warnings are treated
as errors.

Since both entities define the mecro unconditionally, we can't simply
reorder headers as Python developers suggest. So, undefine the macro
just before the <Python.h> to fix this silly issue.
2019-10-15 12:30:38 +00:00
Michael Vetter
d3dd95963e Sort includes in python_api.c 2019-10-07 15:53:17 +02:00
Michael Vetter
57ebb7cfa6 Destroy hash table ein autocompleters_destroy()
Regards https://github.com/profanity-im/profanity/issues/1019
2019-10-06 17:29:35 +02:00