Merge tag '1.12.2' into ubuntu-ppa

oschwald · oschwald · commit 4af41f554aa7 · 2025-01-10T09:56:15.000-08:00
diff --git a/.github/workflows/clang-addresssanitizer.yml b/.github/workflows/clang-addresssanitizer.yml
@@ -19,6 +19,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           submodules: true
+          persist-credentials: false
       - run: sudo apt install clang libipc-run3-perl
       - run: ./bootstrap
       - run: ./configure
diff --git a/.github/workflows/clang-analyzer.yml b/.github/workflows/clang-analyzer.yml
@@ -10,6 +10,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - run: sudo apt install clang-tools libipc-run3-perl
       - run: ./bootstrap
       - run: scan-build ./configure
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -24,6 +24,7 @@ jobs:
         # a pull request then we can checkout the head.
         fetch-depth: 2
         submodules: true
+        persist-credentials: false
 
     # If this run was triggered by a pull request event, then checkout
     # the head of the pull request instead of the merge commit.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -20,6 +20,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           submodules: true
+          persist-credentials: false
       - run: sudo apt install libipc-run3-perl
         if: ${{ matrix.os == 'ubuntu-latest' }}
       - run: brew install autoconf automake libtool
@@ -41,6 +42,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           submodules: true
+          persist-credentials: false
       - run: cmake -DBUILD_TESTING=ON .
       - run: cmake --build .
       - run: ctest -V . -C Debug
diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
@@ -0,0 +1,32 @@
+name: GitHub Actions Security Analysis with zizmor
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["**"]
+
+jobs:
+  zizmor:
+    name: zizmor latest via PyPI
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      # required for workflows in private repositories
+      contents: read
+      actions: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Install the latest version of uv
+        uses: astral-sh/setup-uv@v5
+        with:
+          enable-cache: false
+
+      - name: Run zizmor
+        run: uvx zizmor --format plain .
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -2,7 +2,7 @@ cmake_minimum_required (VERSION 3.9...3.30)
 
 project(maxminddb
   LANGUAGES C
-  VERSION 1.12.0
+  VERSION 1.12.2
 )
 set(MAXMINDDB_SOVERSION 0.0.7)
 set(CMAKE_C_STANDARD 99)
diff --git a/Changes.md b/Changes.md
@@ -1,3 +1,21 @@
+## 1.12.2 - 2025-01-10
+
+* `MMDB_get_entry_data_list()` now always sets the passed `entry_data_list`
+  parameter to either `NULL` or valid memory. This makes it safe for
+  callers to use `MMDB_free_entry_data_list()` on it even in case of error.
+  In 1.12.0 `MMDB_get_entry_data_list()` was changed to not set this
+  parameter to valid memory in additional error cases. That change caused
+  segfaults for certain libraries that assumed it was safe to free memory
+  on error. Doing so was never safe, but worked in some cases. This change
+  makes such calls safe. Reported by Petr Pisar. GitHub
+  maxmind/MaxMind-DB-Reader-XS#39.
+
+## 1.12.1 - 2025-01-08
+
+* Added missing `cmake_uninstall.cmake.in` to the source distribution. This
+  was missing from 1.12.0, causing CMake builds to fail. Reported by Marcel
+  Raad. GitHub #367.
+
 ## 1.12.0 - 2025-01-07
 
 * Fixed memory leaks in `MMDB_open()`. These could happen with invalid
diff --git a/Makefile.am b/Makefile.am
@@ -18,7 +18,7 @@ endif
 
 EXTRA_DIST = doc Changes.md LICENSE NOTICE README.md \
 			 CMakeLists.txt t/CMakeLists.txt bin/CMakeLists.txt \
-			 include/maxminddb_config.h.cmake.in
+			 cmake_uninstall.cmake.in include/maxminddb_config.h.cmake.in
 
 dist-hook:
 	dev-bin/make-man-pages.pl $(distdir)
diff --git a/configure.ac b/configure.ac
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ([2.63])
-AC_INIT([libmaxminddb], [1.12.0], [support@maxmind.com])
+AC_INIT([libmaxminddb], [1.12.2], [support@maxmind.com])
 AC_CONFIG_SRCDIR([include/maxminddb.h])
 AC_CONFIG_HEADERS([config.h include/maxminddb_config.h])
 
diff --git a/src/data-pool.c b/src/data-pool.c
@@ -158,9 +158,13 @@ int main(void) {
 }
 
 static void test_can_multiply(void) {
-    { ok(can_multiply(SIZE_MAX, 1, SIZE_MAX), "1*SIZE_MAX is ok"); }
+    {
+        ok(can_multiply(SIZE_MAX, 1, SIZE_MAX), "1*SIZE_MAX is ok");
+    }
 
-    { ok(!can_multiply(SIZE_MAX, 2, SIZE_MAX), "2*SIZE_MAX is not ok"); }
+    {
+        ok(!can_multiply(SIZE_MAX, 2, SIZE_MAX), "2*SIZE_MAX is not ok");
+    }
 
     {
         ok(can_multiply(SIZE_MAX, 10240, sizeof(MMDB_entry_data_list_s)),
diff --git a/src/maxminddb.c b/src/maxminddb.c
@@ -1636,6 +1636,8 @@ int MMDB_get_metadata_as_entry_data_list(
 
 int MMDB_get_entry_data_list(MMDB_entry_s *start,
                              MMDB_entry_data_list_s **const entry_data_list) {
+    *entry_data_list = NULL;
+
     MMDB_data_pool_s *const pool = data_pool_new(MMDB_POOL_INIT_SIZE);
     if (!pool) {
         return MMDB_OUT_OF_MEMORY_ERROR;
diff --git a/t/bad_pointers_t.c b/t/bad_pointers_t.c
@@ -28,6 +28,11 @@ void run_tests(int mode, const char *mode_desc) {
                MMDB_INVALID_DATA_ERROR,
                "MMDB_get_entry_data_list returns MMDB_INVALID_DATA_ERROR for "
                "bad pointer in data section");
+
+        // This is not necessary as on error we should not need to free
+        // anything. However test that it is safe to do so. See change in
+        // 1.12.2.
+        MMDB_free_entry_data_list(entry_data_list);
     }
 
     {
diff --git a/t/data-pool-t.c b/t/data-pool-t.c
@@ -43,7 +43,9 @@ static void test_data_pool_new(void) {
 }
 
 static void test_data_pool_destroy(void) {
-    { data_pool_destroy(NULL); }
+    {
+        data_pool_destroy(NULL);
+    }
 
     {
         MMDB_data_pool_s *const pool = data_pool_new(512);
diff --git a/t/fuzz_mmdb.c b/t/fuzz_mmdb.c
@@ -7,13 +7,11 @@
 
 extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
 
-int
-LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
-{
-    int     status;
-    FILE    *fp;
-    MMDB_s  mmdb;
-    char    filename[256];
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    int status;
+    FILE *fp;
+    MMDB_s mmdb;
+    char filename[256];
 
     if (size < kMinInputLength || size > kMaxInputLength)
         return 0;

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@ cmake_minimum_required (VERSION 3.9...3.30)`
`2`	`2`
`3`	`3`	`project(maxminddb`
`4`	`4`	`LANGUAGES C`
`5`		`- VERSION 1.12.0`
	`5`	`+ VERSION 1.12.2`
`6`	`6`	`)`
`7`	`7`	`set(MAXMINDDB_SOVERSION 0.0.7)`
`8`	`8`	`set(CMAKE_C_STANDARD 99)`
Original file line number	Diff line number	Diff line change
`@@ -158,9 +158,13 @@ int main(void) {`
`158`	`158`	`}`
`159`	`159`
`160`	`160`	`static void test_can_multiply(void) {`
`161`		`- { ok(can_multiply(SIZE_MAX, 1, SIZE_MAX), "1*SIZE_MAX is ok"); }`
	`161`	`+ {`
	`162`	`+ ok(can_multiply(SIZE_MAX, 1, SIZE_MAX), "1*SIZE_MAX is ok");`
	`163`	`+ }`
`162`	`164`
`163`		`- { ok(!can_multiply(SIZE_MAX, 2, SIZE_MAX), "2*SIZE_MAX is not ok"); }`
	`165`	`+ {`
	`166`	`+ ok(!can_multiply(SIZE_MAX, 2, SIZE_MAX), "2*SIZE_MAX is not ok");`
	`167`	`+ }`
`164`	`168`
`165`	`169`	`{`
`166`	`170`	`ok(can_multiply(SIZE_MAX, 10240, sizeof(MMDB_entry_data_list_s)),`