From 2ad3bff8f0240f0e59995c2938ec91a7cea272ca Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Fri, 3 Apr 2026 08:32:31 +0200 Subject: [PATCH 1/7] docs: Add eval_password example And show how to escape whitespaces. Signed-off-by: Michael Vetter --- src/command/cmd_defs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/command/cmd_defs.c b/src/command/cmd_defs.c index fa76b277a..9e13450d8 100644 --- a/src/command/cmd_defs.c +++ b/src/command/cmd_defs.c @@ -2142,6 +2142,7 @@ static const struct cmd_t command_defs[] = { "/account set me status dnd", "/account set me dnd -1", "/account set me clientid \"Profanity 0.42 (Dev)\"", + "/account set me eval_password \"pass \\\"Test Accounts/my user\\\"\"", "/account rename me chattyme", "/account clear me pgpkeyid") }, From a643fd87ccc7ddc1b4f7663047eb22934c4c4d1f Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Fri, 3 Apr 2026 08:33:59 +0200 Subject: [PATCH 2/7] docs: Remove autotools leftover from CONTRIBUTING.md Signed-off-by: Michael Vetter --- CONTRIBUTING.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 70650a312..0db624a7f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -237,7 +237,6 @@ Functional tests use [stabber](https://github.com/profanity-im/stabber) to simul **Performance Note:** It is highly recommended to run functional tests **without** sanitizers (**ASan** and **UBSan**). These sanitizers add significant overhead that can cause functional tests to time out or take an excessively long time to complete. * **Meson:** Ensure `-Db_sanitize=none` is set in your build configuration. You can check your current configuration with `meson configure build_run | grep b_sanitize`. -* **Autotools:** Ensure your `CFLAGS` does not contain `-fsanitize=address` or `-fsanitize=undefined`. To run functional tests, you need the same dependencies as unit tests (`cmocka`) plus `stabber` and `libutil`. From 35bf9df0a97ebd5bfc9c5e748ad47831ec768f4a Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Fri, 3 Apr 2026 08:39:59 +0200 Subject: [PATCH 3/7] refactor: Make Launching the editor more robust Signed-off-by: Michael Vetter --- src/tools/editor.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/tools/editor.c b/src/tools/editor.c index bf9e9c4cc..f762e7584 100644 --- a/src/tools/editor.c +++ b/src/tools/editor.c @@ -128,7 +128,9 @@ launch_editor(gchar* initial_content, void (*callback)(gchar* content, void* dat return TRUE; } else if (pid == 0) { // Child process: Inherits TTY from parent - execvp(editor_argv[0], editor_argv); + if (editor_argv && editor_argv[0]) { + execvp(editor_argv[0], editor_argv); + } _exit(EXIT_FAILURE); } From 6a7262f2b06ea192907650fa29dfc8ae3ef0e88c Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Fri, 3 Apr 2026 09:03:39 +0200 Subject: [PATCH 4/7] ci: Add CodeQL Signed-off-by: Michael Vetter --- .github/workflows/codeql.yml | 64 ++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 000000000..2c9ee9f38 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,64 @@ +name: "CodeQL" + +on: + pull_request: + branches: [master] + +jobs: + analyze: + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: 'c-cpp' + + - name: Install system dependencies + run: | + sudo apt-get update + sudo apt-get install -y --no-install-recommends \ + libcmocka-dev libcurl4-openssl-dev libgcrypt20-dev libglib2.0-dev \ + libgpgme-dev libgtk-3-dev libmicrohttpd-dev libncursesw5-dev \ + libnotify-dev libotr5-dev libreadline-dev libsignal-protocol-c-dev \ + libomemo-c-dev libssl-dev libtool libxss-dev meson ninja-build \ + pkg-config python3-dev python-dev-is-python3 libsqlite3-dev \ + libgdk-pixbuf-2.0-dev libqrencode-dev libenchant-2-dev \ + autoconf autoconf-archive automake cmake expect + + - name: Install stabber and libstrophe + run: | + git clone --depth 1 https://github.com/profanity-im/stabber /tmp/stabber + cd /tmp/stabber && ./bootstrap.sh && ./configure --prefix=/usr && make -j$(nproc) && sudo make install + + git clone --depth 1 https://github.com/strophe/libstrophe /tmp/libstrophe + cd /tmp/libstrophe && ./bootstrap.sh && ./configure --prefix=/usr && make -j$(nproc) && sudo make install + + - name: Build for Analysis + run: | + meson setup build_codeql \ + -Dnotifications=enabled \ + -Dpython-plugins=enabled \ + -Dc-plugins=enabled \ + -Dotr=enabled \ + -Dpgp=enabled \ + -Domemo=enabled \ + -Domemo-qrcode=enabled \ + -Dicons-and-clipboard=enabled \ + -Dgdk-pixbuf=enabled \ + -Dxscreensaver=enabled \ + -Dspellcheck=enabled \ + -Dtests=false + meson compile -C build_codeql + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:c-cpp" From 8af80a7ad5387af3c2bdf722c352856f9c55f7e8 Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Fri, 3 Apr 2026 08:57:13 +0200 Subject: [PATCH 5/7] ci: Run functional tests in CI Signed-off-by: Michael Vetter --- .github/workflows/functional-tests.yml | 80 ++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 .github/workflows/functional-tests.yml diff --git a/.github/workflows/functional-tests.yml b/.github/workflows/functional-tests.yml new file mode 100644 index 000000000..f9cbfae09 --- /dev/null +++ b/.github/workflows/functional-tests.yml @@ -0,0 +1,80 @@ +name: Build + +on: + push: + branches: [master] + pull_request: + branches: [master] + +concurrency: + group: ${{ github.workflow }}-func-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + functional-tests: + runs-on: ubuntu-latest + name: ubuntu | func | signal + steps: + - uses: actions/checkout@v4 + + - name: Install system dependencies + run: | + sudo apt-get update + sudo apt-get install -y --no-install-recommends \ + libcmocka-dev libcurl4-openssl-dev libgcrypt20-dev libglib2.0-dev \ + libgpgme-dev libgtk-3-dev libmicrohttpd-dev libncursesw5-dev \ + libnotify-dev libotr5-dev libreadline-dev libsignal-protocol-c-dev \ + libomemo-c-dev libssl-dev libtool libxss-dev meson ninja-build \ + pkg-config python3-dev python-dev-is-python3 libsqlite3-dev \ + libgdk-pixbuf-2.0-dev libqrencode-dev libenchant-2-dev \ + autoconf autoconf-archive automake cmake expect + + - name: Install stabber + run: | + git clone --depth 1 https://github.com/profanity-im/stabber /tmp/stabber + cd /tmp/stabber + ./bootstrap.sh + ./configure --prefix=/usr + make -j$(nproc) + sudo make install + + - name: Install libstrophe (master) + run: | + git clone --depth 1 https://github.com/strophe/libstrophe /tmp/libstrophe + cd /tmp/libstrophe + ./bootstrap.sh + ./configure --prefix=/usr + make -j$(nproc) + sudo make install + + - name: Configure and Build + run: | + # Use --buildtype=debugoptimized (-O2) for fast execution. + # Explicitly disable sanitizers to avoid the performance penalty. + meson setup build_run \ + --buildtype=debugoptimized \ + -Db_sanitize=none \ + -Dnotifications=enabled \ + -Dpython-plugins=enabled \ + -Dc-plugins=enabled \ + -Dotr=enabled \ + -Dpgp=enabled \ + -Domemo=enabled \ + -Domemo-qrcode=enabled \ + -Dicons-and-clipboard=enabled \ + -Dgdk-pixbuf=enabled \ + -Dxscreensaver=enabled \ + -Dspellcheck=enabled \ + -Dtests=true + meson compile -C build_run profanity:executable functionaltests + + - name: Verify Profanity Binary + run: | + ./build_run/profanity --version + + - name: Run Functional Tests + env: + TERM: xterm + LC_ALL: C.UTF-8 + run: | + ./build_run/functionaltests From 27cb926061489b5601143aac9c052a2b004e2996 Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Fri, 3 Apr 2026 09:59:00 +0200 Subject: [PATCH 6/7] ci: remove ASan from Valgrind check ASan and Valgrind both intercept memory allocations and management at runtime. Running them simultaneously might lead to conflicts in memory tracking. This change ensures that during the Valgrind phase of the build matrix, only Valgrind is responsible for memory analysis, avoiding redundant overhead and ensuring more reliable results. Signed-off-by: Michael Vetter --- scripts/build-configuration-matrix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/build-configuration-matrix.sh b/scripts/build-configuration-matrix.sh index 06651f108..6a3c3dc96 100755 --- a/scripts/build-configuration-matrix.sh +++ b/scripts/build-configuration-matrix.sh @@ -94,7 +94,7 @@ fi if [[ "$ARCH" == linux* ]]; then echo -e "${YELLOW}--> Running Valgrind check with full features ${BACKEND_OPT} ${EXTRA_ARGS}${NC}" rm -rf build_valgrind - meson setup build_valgrind ${tests[0]} ${BACKEND_OPT} -Dtests=true -Db_sanitize=address,undefined ${EXTRA_ARGS} + meson setup build_valgrind ${tests[0]} ${BACKEND_OPT} -Dtests=true -Db_sanitize=undefined ${EXTRA_ARGS} meson compile -C build_valgrind meson test -C build_valgrind "unit tests" --print-errorlogs --wrap=valgrind || echo "Valgrind issues detected" rm -rf build_valgrind From 4be8ec47fef23e3a7529e86655eb1d901d61447b Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Fri, 3 Apr 2026 10:19:40 +0200 Subject: [PATCH 7/7] docs: Add section about sanitizers to contributing.md Signed-off-by: Michael Vetter --- CONTRIBUTING.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0db624a7f..c00466570 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -287,6 +287,20 @@ scan-build meson setup build_run scan-build meson compile -C build_run ``` +### Runtime Analysis with Sanitizers +Developers and testers should compile and run Profanity with **AddressSanitizer (ASan)** and **UndefinedBehaviorSanitizer (UBSan)** enabled. While static analysis can find potential issues in the source code, sanitizers monitor the application while it is actually running. + +By running the application and exercising specific features, you trigger real world code paths that might contain memory leaks, buffer overflows, or undefined behavior that only manifest at runtime. + +To build with sanitizers enabled and enable debug logging: +```bash +meson setup build_run -Db_sanitize=address,undefined +meson compile -C build_run +./build_run/profanity -l DEBUG +``` + +**Performance Note:** Sanitizers add significant overhead. + ### Finding typos We include a `.codespellrc` configuration file for `codespell` in the root directory. Before committing it might make sense to run `codespell` to see if you made any typos.