Use calloc instead of malloc for new message queue items

This prevents us from accidentally using uninitialized memory

.github/workflows/ci.yml

@@ -18,6 +18,7 @@ jobs:
             libalut-dev
             libconfig-dev
             libcurl4-gnutls-dev
+            libmsgpack-dev
             libnotify-dev
             libopenal-dev
             libopus-dev
@@ -72,6 +73,7 @@ jobs:
             libalut-dev
             libconfig-dev
             libcurl4-gnutls-dev
+            libmsgpack-dev
             libncurses-dev
             libnotify-dev
             libopenal-dev
@@ -103,6 +105,7 @@ jobs:
               libnotify
               libpng
               libqrencode
+              msgpack
               ncurses
               openal
               python3

script/build-minimal-static-toxic.sh

@@ -64,7 +64,6 @@ set -eu
 ARTIFACT_DIR="/artifact"
 TOXIC_SRC_DIR="/toxic"
 
-
 if [ ! -f /etc/os-release ] || ! grep -qi 'Alpine Linux' /etc/os-release
 then
   echo "Error: This script expects to be run on Alpine Linux."
@@ -115,6 +114,7 @@ apk add \
     libsodium-dev \
     libsodium-static \
     linux-headers \
+    msgpack-c-dev \
     ncurses-dev \
     ncurses-static \
     ncurses-terminfo \
@@ -137,10 +137,10 @@ mkdir -p "$BUILD_DIR"
 cd "$BUILD_DIR"
 
 # The git hash of the c-toxcore version we're using
-TOXCORE_VERSION="v0.2.13"
+TOXCORE_VERSION="v0.2.16"
 
 # The sha256sum of the c-toxcore tarball for TOXCORE_VERSION
-TOXCORE_HASH="67114fa57504c58b695f5dce8ef85124d555f2c3c353d0d2615e6d4845114ab8"
+TOXCORE_HASH="653aa42654b607f0940cecfac873e9ce55605119a90d1dc454d1090ff6ca29c0"
 
 TOXCORE_FILENAME="c-toxcore-$TOXCORE_VERSION.tar.gz"
 
@@ -169,8 +169,8 @@ cmake --build _build --target install
 # location with SSL_CERT_FILE env variable.
 cd "$BUILD_DIR"
 
-CURL_VERSION="7.80.0"
-CURL_HASH="dab997c9b08cb4a636a03f2f7f985eaba33279c1c52692430018fae4a4878dc7"
+CURL_VERSION="7.81.0"
+CURL_HASH="ac8e1087711084548d788ef18b9b732c8de887457b81f616fc681d1044b32f98"
 CURL_FILENAME="curl-$CURL_VERSION.tar.gz"
 
 wget --timeout=10 -O "$CURL_FILENAME" "https://curl.haxx.se/download/$CURL_FILENAME"
@@ -307,4 +307,3 @@ mv "$PREPARE_ARTIFACT_DIR" "$PREPARE_ARTIFACT_DIR/../$ARTIFACT_NAME"
 tar -cJf "$ARTIFACT_NAME.tar.xz" "$ARTIFACT_NAME"
 mv "$ARTIFACT_NAME.tar.xz" "$ARTIFACT_DIR"
 chmod 777 -R "$ARTIFACT_DIR"
-

src/chat.c

@@ -130,7 +130,7 @@ static void set_self_typingstatus(ToxWindow *self, Tox *m, bool is_typing)
 
     ChatContext *ctx = self->chatwin;
 
-    TOX_ERR_SET_TYPING err;
+    Tox_Err_Set_Typing err;
     tox_self_set_typing(m, self->num, is_typing, &err);
 
     if (err != TOX_ERR_SET_TYPING_OK) {

src/game_base.c

@@ -1129,7 +1129,7 @@ int game_packet_send(const GameData *game, const uint8_t *data, size_t length, G
     memcpy(packet + 1 + GAME_PACKET_HEADER_SIZE, data, length);
     packet_length += length;
 
-    TOX_ERR_FRIEND_CUSTOM_PACKET err;
+    Tox_Err_Friend_Custom_Packet err;
 
     if (!tox_friend_send_lossless_packet(game->tox, game->friend_number, packet, packet_length, &err)) {
         fprintf(stderr, "failed to send game packet: error %d\n", err);

src/line_info.c

@@ -143,11 +143,14 @@ static struct line_info *line_info_ret_queue(struct history *hst)
  */
 static int print_n_chars(WINDOW *win, const wchar_t *s, size_t n, int max_y)
 {
+    // we use an array to represent a single wchar in order to get around an ncurses
+    // bug with waddnwstr() that overreads the memory address by one byte when
+    // supplied with a single wchar.
+    wchar_t ch[2] = {0};
     bool newline = false;
-    wchar_t ch;
 
-    for (size_t i = 0; i < n && (ch = s[i]); ++i) {
-        if (ch == L'\n') {
+    for (size_t i = 0; i < n && (ch[0] = s[i]); ++i) {
+        if (ch[0] == L'\n') {
             newline = true;
 
             int x;
@@ -164,11 +167,11 @@ static int print_n_chars(WINDOW *win, const wchar_t *s, size_t n, int max_y)
 
         if (win) {
 #ifdef HAVE_WIDECHAR
-            waddnwstr(win, &ch, 1);
+            waddnwstr(win, ch, 1);
 #else
             char b;
 
-            if (wcstombs(&b, &ch, sizeof(char)) != 1) {
+            if (wcstombs(&b, ch, sizeof(char)) != 1) {
                 continue;
             }
 
@@ -345,23 +348,26 @@ static uint16_t line_info_add_msg(wchar_t *buf, size_t buf_size, const char *msg
         return 0;
     }
 
-    uint16_t width = 0;
-
     const wint_t wc_msg_len = mbs_to_wcs_buf(buf, msg, buf_size);
 
     if (wc_msg_len > 0 && wc_msg_len < buf_size) {
         buf[wc_msg_len] = L'\0';
-        width = (uint16_t) wcswidth(buf, wc_msg_len);
+        int width = wcswidth(buf, wc_msg_len);
+
+        if (width == -1) {  // the best we can do on failure is to fall back to strlen
+            width = strlen(msg);
+        }
+
+        return (uint16_t)width;
     } else {
         fprintf(stderr, "Failed to convert string '%s' to widechar\n", msg);
         const wchar_t *err = L"Failed to parse message";
-        width = wcslen(err);
+        uint16_t width = (uint16_t)wcslen(err);
         wmemcpy(buf, err, width);
         buf[width] = L'\0';
-    }
-
         return width;
     }
+}
 
 static void line_info_init_line(ToxWindow *self, struct line_info *line)
 {

src/message_queue.c

@@ -48,7 +48,7 @@ void cqueue_add(struct chat_queue *q, const char *msg, size_t len, uint8_t type,
         return;
     }
 
-    struct cqueue_msg *new_m = malloc(sizeof(struct cqueue_msg));
+    struct cqueue_msg *new_m = calloc(1, sizeof(struct cqueue_msg));
 
     if (new_m == NULL) {
         exit_toxic_err("failed in cqueue_message", FATALERR_MEMORY);
@@ -62,6 +62,7 @@ void cqueue_add(struct chat_queue *q, const char *msg, size_t len, uint8_t type,
     new_m->time_added = get_unix_time();
     new_m->receipt = -1;
     new_m->next = NULL;
+    new_m->noread_flag = false;
 
     if (q->root == NULL) {
         new_m->prev = NULL;
@@ -203,7 +204,7 @@ void cqueue_try_send(ToxWindow *self, Tox *m)
             return;
         }
 
-        TOX_ERR_FRIEND_SEND_MESSAGE err;
+        Tox_Err_Friend_Send_Message err;
         Tox_Message_Type type = msg->type == OUT_MSG ? TOX_MESSAGE_TYPE_NORMAL : TOX_MESSAGE_TYPE_ACTION;
         uint32_t receipt = tox_friend_send_message(m, self->num, type, (uint8_t *) msg->message, msg->len, &err);
 

src/misc_tools.c

@@ -477,10 +477,9 @@ on_error:
    returns length of msg, which will be no larger than size-1 */
 size_t copy_tox_str(char *msg, size_t size, const char *data, size_t length)
 {
-    size_t i;
     size_t j = 0;
 
-    for (i = 0; (i < length) && (j < size - 1); ++i) {
+    for (size_t i = 0; (i < length) && (j < size - 1); ++i) {
         if (data[i] != '\r') {
             msg[j++] = data[i];
         }

src/python_api.c

@@ -20,9 +20,10 @@
  *
  */
 
+#include "api.h"
+
 #ifdef PYTHON
 #include <Python.h>
-#include "api.h"
 
 #include "execute.h"
 

src/toxic.c

@@ -229,7 +229,7 @@ void exit_toxic_err(const char *errmsg, int errcode)
     exit(EXIT_FAILURE);
 }
 
-void cb_toxcore_logger(Tox *m, TOX_LOG_LEVEL level, const char *file, uint32_t line, const char *func,
+void cb_toxcore_logger(Tox *m, Tox_Log_Level level, const char *file, uint32_t line, const char *func,
                        const char *message, void *user_data)
 {
     UNUSED_VAR(user_data);