Commit Graph

217 Commits

Author SHA1 Message Date
Michael Vetter
286e563fbe fix: fix redundant error reporting in http download
We were sequentially checking for errors from 'curl_easy_perform',
'ftell', and 'fclose'. Each time overwriting the last one, resulting in
a leak. This commit ensures that 'err' is only set if it is currently
NULL, preserving the first and most specific error encountered.
2026-02-27 22:29:45 +01:00
Michael Vetter
8a36ca6d97 refactor: start to standardize on gchar
Make get_random_string() return a gchar*.

This is part of the effort to migrate string declarations and
allocations from char to gchar, replacing standard C allocators
(malloc/calloc/strdup) with their glib equivalents
(g_malloc/g_new0/g_strdup).

The primary goal is to prevent mismatched allocator bugs. While char and
gchar are binary compatible, mixing their respective deallocators is
dangerous:

* Freeing malloc'd memory with g_free() (or vice versa) can lead to
  memory corruption, double-frees, or crashes.
* This is seems to be the case especiall on non Linux platforms or when
  using hardened memory allocators where the GLib slice allocator or
  wrappers may differ from the system heap.

By standardizing on gchar, we ensure that our automatic cleanup macros
(like auto_gchar) always invoke the correct deallocator (g_free).
2026-02-26 19:06:44 +01:00
Michael Vetter
e1fd2a1cf6 refactor: replace calloc with g_new0 for struct allocations
Migrate structure allocations from calloc to glibs g_new0 macro to
improve type safety and memory robustness.

* Type Safety: The macro takes the type name directly, ensuring the
  allocated size always matches the pointer type.
* Static Analysis: It guarantees a non-NULL return by aborting on
  failure, which silences -fanalyzer warnings regarding potential NULL
  pointer dereferences.
* Readability: Removes redundant sizeof() calls and is the glib way
2026-02-26 19:06:39 +01:00
Michael Vetter
657de5f22f Merge pull request #2089 from profanity-im/cleanup
Cleanup
2026-02-23 11:10:38 +01:00
Michael Vetter
f1acf702a9 chore: Update copyright year 2026-02-20 16:13:31 +01:00
Michael Vetter
6e61383e97 cleanup: Adapt loop counter to proper type
Fixing a couple of -Wsign-compare warnings.
2026-02-20 16:02:27 +01:00
Steffen Jaeckel
2fb56b8536 Fix some more untyped APIs
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-18 12:16:29 +01:00
Steffen Jaeckel
48ac88de08 Fix GError handling
Several users have reported segfaults when starting up profanity which
has OMEMO support, but OMEMO is not set up yet.

@StefanKropp has been able to reproduce this and tracked it down to
`_load_identity()` calling `omemo_known_devices_keyfile_save()`.
The latter then calls `save_keyfile()` which calls
`g_key_file_save_to_file()`. This can then fail if one of the first two
strings is NULL and won't set the `error` on return. In its error handling
`save_keyfile()` unconditionally dereferences `error` which leads to the
segfault.

Fix this and also go through the entire codebase and verify that the usage
of `GError` is done correctly.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-18 12:16:29 +01:00
Michael
a704887f14 Add types to function prototypes
Build fail under macOS, Clang 16.0.0.
Add parameters to the following prototypes
- bookmark_ignore_on_connect()
- cons_show_qrcode()
2025-09-13 12:36:05 +01:00
Steffen Jaeckel
5810f49c97 url save: fix location printed
Print the final storage location when successfully decrypting a file with
`aesgcm://` source.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-04-23 11:19:04 +02:00
Michael Vetter
07dfeec816 Release 0.15.0 2025-03-27 20:06:38 +01:00
Steffen Jaeckel
6d3f20fe8e Close FILE* before removing the filename.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-18 17:00:58 +01:00
Steffen Jaeckel
4405f33884 Optionally return bytes received from http_file_get()
`http_dl->bytes_received` was already free'd when it was accessed inside
`aesgcm_file_get()`.

Change `http_file_get()` to optionally return the number of bytes received
so we know how much data we have to decrypt.

This fixes #1994

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-18 17:00:58 +01:00
Steffen Jaeckel
422f5fa6f9 Slightly improve http_download related allocations.
* use `calloc()` to allocate zero-initialized structs.
* order the allocation of members by their declaration.
* order the freeing of members in reverse order.
* move init of `silent` flag in plugin case.
* fix double free of `tmpname` in `aesgcm_file_get()`.
* make some functions static.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-18 17:00:58 +01:00
Steffen Jaeckel
cffd310744 Fix shadowing of msg resulting in invalid free.
```
==500714== Invalid free() / delete / delete[] / realloc()
==500714==    at 0x484A78B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==500714==    by 0x5BDCD58: g_free (in /usr/lib64/libglib-2.0.so.0.8200.2)
==500714==    by 0x49016B: http_file_put (http_upload.c:175)
==500714==    by 0x5F613B1: start_thread (in /usr/lib64/libc.so.6)
==500714==    by 0x5FE63D3: clone (in /usr/lib64/libc.so.6)
==500714==  Address 0x86f6510 is 0 bytes inside a block of size 53 free'd
==500714==    at 0x484A78B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==500714==    by 0x5BDCD58: g_free (in /usr/lib64/libglib-2.0.so.0.8200.2)
==500714==    by 0x490299: http_file_put (http_upload.c:324)
==500714==    by 0x5F613B1: start_thread (in /usr/lib64/libc.so.6)
==500714==    by 0x5FE63D3: clone (in /usr/lib64/libc.so.6)
==500714==  Block was alloc'd at
==500714==    at 0x48477C4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==500714==    by 0x5F548A7: __vasprintf_internal (in /usr/lib64/libc.so.6)
==500714==    by 0x5C2DD1D: g_vasprintf (in /usr/lib64/libglib-2.0.so.0.8200.2)
==500714==    by 0x5BF8D97: g_strdup_vprintf (in /usr/lib64/libglib-2.0.so.0.8200.2)
==500714==    by 0x5BF8E58: g_strdup_printf (in /usr/lib64/libglib-2.0.so.0.8200.2)
==500714==    by 0x490264: http_file_put (http_upload.c:318)
==500714==    by 0x5F613B1: start_thread (in /usr/lib64/libc.so.6)
==500714==    by 0x5FE63D3: clone (in /usr/lib64/libc.so.6)
```

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-18 17:00:58 +01:00
Michael Vetter
5b9516b483 Merge pull request #2022 from profanity-im/fixes
Memory fixes
2025-03-13 09:58:09 +01:00
Michael Vetter
71b7d97dcb Get rid of unused define 2025-03-13 09:48:32 +01:00
Michael Vetter
b5f0cc0bd4 Fix more potential leaks in aesgcm_download 2025-03-13 09:48:27 +01:00
Steffen Jaeckel
c0da36c48d Rage-cleanup.
While trying to get the unit tests working again I stumbled over all those
things that I thought could be better^TM.

Now we also know "TODO: why does this make the test fail?" - because
the unit tests are brittle AF ... and we have to init the subsystems
we use in the test, otherwise the cleanup will fail...

BTW. you can now also only run a single test ... or a pattern or so ...
you'd have to read how `cmocka_set_test_filter()` works exactly.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-10 11:45:15 +01:00
Steffen Jaeckel
72b99ceb6d Some minor improvements
* destroy/free/shutdown/close in reverse order of allocation
* more static/auto_Xfree
* less variables/strlen/GString
* properly `\0`-terminate string of testcase

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-10 11:45:15 +01:00
Michael Vetter
43bbb16e8e Close file in case of error 2025-03-06 11:19:28 +01:00
ike08
23fa4750ff Fix unable to download item twice
## Summary

Partial fix for https://github.com/profanity-im/profanity/issues/1939  

> When doing the same in an unencrypted (no e2ee) chat there is no Downloading… message at all but the file is downloaded.  

Download a file twice with `/url save`, the second download will not print download progress to the window.  

The cause is `HTTPDownload`'s `silent` variable is not initialized; so, `silent` points to a second-hand stack memory address with old data. `silent` references data, so the `if` statement will fail in **src/tools/http_download.c:206** and download progress will not print to the window.  

The fix is to initialize `silent` in both encrypted and unencrypted file download scenarios.  

## Testing

Valgrind: Yes  

- `/url save` without OMEMO  
  **SUCCESS**: Try three times with the same URL and download status will display every time.  

- `/url save` with OMEMO  
  **SUCCESS**: Try three times with the same URL and download status will display every time.  

- `/plugins install https://raw.githubusercontent.com/profanity-im/profanity-plugins/master/stable/sounds.py`  
  **SUCCESS**: Try once and download progress is hidden.
2024-02-28 07:23:59 -07:00
Michael Vetter
569e37f018 Update copyright to 2024 2024-01-22 16:03:48 +01:00
Steffen Jaeckel
847a86de50 add connection_get_jid()
Use a singleton `Jid` inside the connection instead of always re-creating
a `Jid` from the same string.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-12-12 18:26:21 +01:00
John Hernandez
092b5530b2 Add emptiness check for /url save and /plugins install
Empty file is not a normal condition for file downloading,
thus user has to be notifed.

Related to https://github.com/profanity-im/profanity/issues/1901
2023-11-10 20:05:01 +01:00
John Hernandez
30fe5f0fb9 Allow redirects for '/plugins install <URL>
Fix https://github.com/profanity-im/profanity/issues/1901
Suggested by @jubalh
2023-11-10 20:04:04 +01:00
Steffen Jaeckel
ca2df180d8 Introduce a shared implementation for keyfile loading
Instead of copy&pasting the same code over again, use a common
implementation.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-09-04 09:59:09 +02:00
Michael Vetter
b88174709f Don't crash when using /plugins install disconnected
When we are not connected and run `/plugins install` we crash because we
get the account struct to check for the (xmpp) tls setting.
To apply that to the http (etc) connection to download the plugin from a
server.

This got introduced in 3a86b8c29 to fix #1624.

There are several ways to handle this (some described in 1880) in this
patch I took the route that it will use secure connection when we are
nto connected and will only check the tls.trust account setting if we
are connected.

Fix https://github.com/profanity-im/profanity/issues/1880
2023-08-28 07:55:29 +02:00
John Hernandez
8304ac86ff g_free() to auto_gfree, introduce auto_guchar
Fix 11 potential mem leaks in theme.c
2023-07-13 17:04:59 +02:00
John Hernandez
e1d137f4e6 Change char->free to auto_char char for autocleanup
Replace `gchar` and `g_free` to `auto_gchar`
Correct certain  `char` functions/variables to `gchar`

Related to #1819.

Edited by @jubalh.
2023-07-11 13:26:37 +02:00
John Hernandez
4a70f5f513 Cleanup char* to auto_gchar gchar* for prefs_get_string
Necessity explained in #1819
2023-07-03 16:06:27 +02:00
Michael Vetter
6247c28e31 Merge pull request #1842 from H3rnand3zzz/feature/plugins-download
New Feature: Plugins Download
2023-06-06 18:35:18 +02:00
John Hernandez
95e06ad169 Add url support (downloading) to /plugins install
Additional changes include code refactoring.
2023-05-16 15:57:07 +02:00
Steffen Jaeckel
12d76e4a21 Fix memleaks & more auto-free
`data_dir` would have been leaked if directory creation failed.

`editor_argv` was leaked at some point, no idea why.

```
==1244734== 118 (32 direct, 86 indirect) bytes in 1 blocks are definitely lost in loss record 6,299 of 7,824
==1244734==    at 0x4846CC3: realloc (vg_replace_malloc.c:1451)
==1244734==    by 0x5E85AD0: g_realloc (in /usr/lib/libglib-2.0.so.0.7600.1)
==1244734==    by 0x5E4A004: ??? (in /usr/lib/libglib-2.0.so.0.7600.1)
==1244734==    by 0x5E4A7B1: g_ptr_array_add (in /usr/lib/libglib-2.0.so.0.7600.1)
==1244734==    by 0x5EA4235: g_strsplit (in /usr/lib/libglib-2.0.so.0.7600.1)
==1244734==    by 0x1F143C: get_message_from_editor (editor.c:92)
==1244734==    by 0x193F6B: _inp_rl_send_to_editor (inputwin.c:950)
==1244734==    by 0x614642F: _rl_dispatch_subseq (readline.c:916)
==1244734==    by 0x6146C85: _rl_dispatch_callback (readline.c:823)
==1244734==    by 0x616739F: rl_callback_read_char (callback.c:241)
==1244734==    by 0x1923DB: inp_readline (inputwin.c:188)
==1244734==    by 0x149860: prof_run (profanity.c:117)
==1244734==    by 0x2283E8: main (main.c:186)
```

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-05-12 08:39:20 +02:00
John Hernandez
7f3fca2bd0 Cleanup: gchar as gchar instead of char
Use gchar instead of char in most of the cases where gchar is intended.

Reason: improve compatibility and stability. Issue #1819

Minor refactoring.
2023-05-04 16:15:09 +02:00
Steffen Jaeckel
af6f468cb7 fix memory leak
`found` was leaked before

This was somehow missed in e9aaba938b

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-04-04 10:58:52 +02:00
Daniel Santos
007f623ad8 Editor executable support flags
* Make editor executable into a string to be able to support
   (multiple) flags.
 * Change /help executable to suit this new feature

Signed-off-by: Daniel Santos <dacs.git@brilhante.top>
2023-03-30 21:44:26 +01:00
Michael Vetter
e59c401c84 Adapt to g_string_free glib 2.75.3 change
glib 2.75.3 changes warning behaviour of `g_string_free()`.
See:
* https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3219
* https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3226

Use this opportunity to replace the use of GString with
`g_strdup_printf()` where possible.
Otherwise correctly take the return value of `g_string_free()`
which is nicer anyways.
2023-03-21 10:53:10 +01:00
IsaacM88
d043d53948 Fix duplicate download IDs.
Fixes https://github.com/profanity-im/profanity/issues/1794

Explanation
The problem is the download's identifier. Downloads are given an ID so they can be referenced later when their progress changes. Currently, the download's ID is the download's URL. When you download the same file twice, you have two downloads with the same ID. Download progress updates are shown on the first of both downloads with the same ID.

Solution
Change the download's ID from its URL to a random number. A random ID is generated when get_random_string() is called from cmd_funcs.c. Several other functions are updated to cope with the new ID format.
2023-03-09 15:02:26 -07:00
MarcoPolo-PasTonMolo
6d266984a4 Fix quote and url autocompletion for MAM and history
After adding MAM quote and url autocompletion wouldn't pick up messages
from MAM or history(from DB) or would have them in the wrong order. This
commit fixes that.

Fixes https://github.com/profanity-im/profanity/issues/1770
2023-02-13 23:40:58 +02:00
Steffen Jaeckel
e886ba0c6f fix more memory leaks
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-01-18 20:11:13 +01:00
Steffen Jaeckel
e9aaba938b minor changes
* fix typo
* less code duplication
* less `GString` usage
* more `auto_gchar` usage
* document connecting to servers supporting SASL ANONYMOUS
* ignore valgrind output

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-01-18 20:02:46 +01:00
Michael Vetter
3adc399da0 Update copyright year 2023-01-10 10:37:25 +01:00
Marouane L
2d11a35ee1 Spawn external programs asynchronously
Drawback is that we can't check the exitcode anymore.
But we were unsure why/when we need this, see:
https://github.com/profanity-im/profanity/pull/1760/files#r980868708

Fixes https://github.com/profanity-im/profanity/issues/1759
2022-10-12 12:25:00 +02:00
Steffen Jaeckel
099b443dc8 Tell user where the downloaded file is stored
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-09-07 10:04:00 +02:00
Michael Vetter
9eec0ce26e Include common.h and xmpp.h in editor.c
That was pulled in through log.h
2022-06-28 20:08:44 +02:00
Michael Vetter
99e93f6b8b Include xmpp.h in bookmark_ignore.c
That was pulled in through log.h
2022-06-28 20:08:44 +02:00
MarcoPolo-PasTonMolo
13f1b831df Improve cmd argument parser
"" used to become " now it just becomes an empty argument.
Also if quotes appeared after a token started then if the number of
quotes in the token is n the resulting one would be a token with the
n last characters cut off, now it's fixed.

Fixes https://github.com/profanity-im/profanity/issues/497
2022-06-16 21:07:15 +03:00
Michael Vetter
1330ad4e1e Update copyright year 2022-05-09 15:43:33 +02:00
Maxi Wuttke
f11ad16714 Fix a segfault when uploading or downloading files
The variable `ccount->tls_policy` was not null-tested before `strcmp`.
2022-04-02 01:15:34 +02:00