kmx git

Commit	Date	Message
61610c65	2025-05-29T10:08:00	libpkgconf: pkg: refactor pkgconf_pkg_new_from_file into pkgconf_pkg_new_from_path Previously, files would be closed by side effect, which is a somewhat bad API design that trips up various static analysis tools. Signed-off-by: Ariadne Conill <ariadne@ariadne.space>
4ed28a7a	2025-03-07T09:41:18	libpkgconf: parser: reset read buffer when bailing early to read a new line Otherwise the old line would not be removed from the buffer. Related: https://github.com/pkgconf/pkgconf/issues/384 Signed-off-by: Ariadne Conill <ariadne@ariadne.space>
c0d188fb	2025-03-07T09:23:55	libpkgconf: parser: gracefully handle pkgconf_fgetline failures With the move to dynamic buffering of pkg-config files, it is possible for pkgconf_fgetline to leave the buffer in an unwritten state, where a buffer will not be allocated. We must gracefully handle this situation, so we bail early and re-enter the loop to try reading the buffer again. If it fails again, then we finish parsing the already read pkg-config data. Related: https://github.com/pkgconf/pkgconf/issues/384 Signed-off-by: Ariadne Conill <ariadne@ariadne.space>
e8dc0e20	2025-02-04T16:57:14	libpkgconf: parser: finalize the parsing buffer when done with it Signed-off-by: Ariadne Conill <ariadne@ariadne.space>
a4de2930	2025-02-03T05:31:40	libpkgconf: fileio: use bool for fgetline return type instead of a pointer (we internally look at the raw buffer anyway) Signed-off-by: Ariadne Conill <ariadne@ariadne.space>
d0f8f3f2	2025-02-02T01:33:06	libpkgconf: fileio: rework to use pkgconf_buffer, allowing larger than 64KB lines Fixes: 130907d ("fileio: add routine for portably yanking lines out of a FILE stream") Signed-off-by: Ariadne Conill <ariadne@ariadne.space>
212c8586	2023-03-17T19:32:58	Avoid undefined behaviour with the ctype(3) functions. fix https://github.com/pkgconf/pkgconf/issues/291 As defined in the C standard: In all cases the argument is an int, the value of which shall be representable as an unsigned char or shall equal the value of the macro EOF. If the argument has any other value, the behavior is undefined. This is because they're designed to work with the int values returned by getc or fgetc; they need extra work to handle a char value. If EOF is -1 (as it almost always is), with 8-bit bytes, the allowed inputs to the ctype(3) functions are: {-1, 0, 1, 2, 3, ..., 255}. However, on platforms where char is signed, such as x86 with the usual ABI, code like char ptr = ...; ... isspace(ptr) ... may pass in values in the range: {-128, -127, -126, ..., -2, -1, 0, 1, ..., 127}. This has two problems: 1. Inputs in the set {-128, -127, -126, ..., -2} are forbidden. 2. The non-EOF byte 0xff is conflated with the value EOF = -1, so even though the input is not forbidden, it may give the wrong answer. Casting char to unsigned int first before passing the result to ctype(3) doesn't help: inputs like -128 are unchanged by this cast, because (on a two's-complement machine with 32-bit int and unsigned int), converting the signed char with integer value -128 to unsigned int gives integer value 2^32 - 128 = 0xffffff80, which is out of range, and which is converted in int back to -128, which is also out of range. It is necessary to cast char inputs to unsigned char first; you can then cast to unsigned int if you like but there's no need because the functions will always convert the argument to int by definition. So the above fragment needs to be: char ptr = ...; ... isspace((unsigned char)ptr) ... This patch changes unsigned int casts to unsigned char casts, and adds unsigned char casts where they are missing.
506ebab7	2022-09-30T15:33:47	Ignore whitespace indentation Fixes #265
92745ad9	2020-05-24T21:51:14	libpkgconf: parser: fix out of boundary access It is possible to trigger an out of boundary access with specially crafted files. If a line consist of only a key and spaces, then op will point to '\0'-ending of the buffer. Since p is iterated by one byte right past this ending '\0', the next read access to p is effectively out of bounds. Theoretically this can also lead to out of boundary writes if spaces are encountered. Proof of concept (I recommend to compile with address sanitizer): $ echo -n a > poc.pc $ dd if=/dev/zero bs=1 count=65533 \| tr '\0' ' ' >> poc.pc $ pkgconf poc.pc
db9c1e96	2019-06-07T19:19:28	fix the order of header includes config.h should be included before stdinc.h, otherwise large file support is not enabled. Downstream bug: https://bugs.gentoo.org/687548
1244f8f8	2018-05-09T21:21:39	libpkgconf: refactor out the rfc822 message parser so that the cross-personality code can share it

61610c65

2025-05-29T10:08:00

libpkgconf: pkg: refactor pkgconf_pkg_new_from_file into pkgconf_pkg_new_from_path Previously, files would be closed by side effect, which is a somewhat bad API design that trips up various static analysis tools. Signed-off-by: Ariadne Conill <ariadne@ariadne.space>

4ed28a7a

2025-03-07T09:41:18

libpkgconf: parser: reset read buffer when bailing early to read a new line Otherwise the old line would not be removed from the buffer. Related: https://github.com/pkgconf/pkgconf/issues/384 Signed-off-by: Ariadne Conill <ariadne@ariadne.space>

c0d188fb

2025-03-07T09:23:55

libpkgconf: parser: gracefully handle pkgconf_fgetline failures With the move to dynamic buffering of pkg-config files, it is possible for pkgconf_fgetline to leave the buffer in an unwritten state, where a buffer will not be allocated. We must gracefully handle this situation, so we bail early and re-enter the loop to try reading the buffer again. If it fails again, then we finish parsing the already read pkg-config data. Related: https://github.com/pkgconf/pkgconf/issues/384 Signed-off-by: Ariadne Conill <ariadne@ariadne.space>

e8dc0e20

2025-02-04T16:57:14

libpkgconf: parser: finalize the parsing buffer when done with it Signed-off-by: Ariadne Conill <ariadne@ariadne.space>

a4de2930

2025-02-03T05:31:40

libpkgconf: fileio: use bool for fgetline return type instead of a pointer (we internally look at the raw buffer anyway) Signed-off-by: Ariadne Conill <ariadne@ariadne.space>

d0f8f3f2

2025-02-02T01:33:06

libpkgconf: fileio: rework to use pkgconf_buffer, allowing larger than 64KB lines Fixes: 130907d ("fileio: add routine for portably yanking lines out of a FILE stream") Signed-off-by: Ariadne Conill <ariadne@ariadne.space>

212c8586

2023-03-17T19:32:58

Avoid undefined behaviour with the ctype(3) functions. fix https://github.com/pkgconf/pkgconf/issues/291 As defined in the C standard: In all cases the argument is an int, the value of which shall be representable as an unsigned char or shall equal the value of the macro EOF. If the argument has any other value, the behavior is undefined. This is because they're designed to work with the int values returned by getc or fgetc; they need extra work to handle a char value. If EOF is -1 (as it almost always is), with 8-bit bytes, the allowed inputs to the ctype(3) functions are: {-1, 0, 1, 2, 3, ..., 255}. However, on platforms where char is signed, such as x86 with the usual ABI, code like char *ptr = ...; ... isspace(*ptr) ... may pass in values in the range: {-128, -127, -126, ..., -2, -1, 0, 1, ..., 127}. This has two problems: 1. Inputs in the set {-128, -127, -126, ..., -2} are forbidden. 2. The non-EOF byte 0xff is conflated with the value EOF = -1, so even though the input is not forbidden, it may give the wrong answer. Casting char to unsigned int first before passing the result to ctype(3) doesn't help: inputs like -128 are unchanged by this cast, because (on a two's-complement machine with 32-bit int and unsigned int), converting the signed char with integer value -128 to unsigned int gives integer value 2^32 - 128 = 0xffffff80, which is out of range, and which is converted in int back to -128, which is also out of range. It is necessary to cast char inputs to unsigned char first; you can then cast to unsigned int if you like but there's no need because the functions will always convert the argument to int by definition. So the above fragment needs to be: char *ptr = ...; ... isspace((unsigned char)*ptr) ... This patch changes unsigned int casts to unsigned char casts, and adds unsigned char casts where they are missing.

506ebab7

2022-09-30T15:33:47

Ignore whitespace indentation Fixes #265

92745ad9

2020-05-24T21:51:14

libpkgconf: parser: fix out of boundary access It is possible to trigger an out of boundary access with specially crafted files. If a line consist of only a key and spaces, then op will point to '\0'-ending of the buffer. Since p is iterated by one byte right past this ending '\0', the next read access to p is effectively out of bounds. Theoretically this can also lead to out of boundary writes if spaces are encountered. Proof of concept (I recommend to compile with address sanitizer): $ echo -n a > poc.pc $ dd if=/dev/zero bs=1 count=65533 | tr '\0' ' ' >> poc.pc $ pkgconf poc.pc

db9c1e96

2019-06-07T19:19:28

fix the order of header includes config.h should be included before stdinc.h, otherwise large file support is not enabled. Downstream bug: https://bugs.gentoo.org/687548

1244f8f8

2018-05-09T21:21:39

libpkgconf: refactor out the rfc822 message parser so that the cross-personality code can share it

kc3-lang/pkgconf/libpkgconf/parser.c

libpkgconf/parser.c

Log