Agreguesi i feed

If you work with patches and git am, then you’re probably used to seeing patches fail to apply. For example:

$ git am CVE-2025-14512.patch Applying: gfileattribute: Fix integer overflow calculating escaping for byte strings error: patch failed: gio/gfileattribute.c:166 error: gio/gfileattribute.c: patch does not apply Patch failed at 0001 gfileattribute: Fix integer overflow calculating escaping for byte strings hint: Use 'git am --show-current-patch=diff' to see the failed patch hint: When you have resolved this problem, run "git am --continue". hint: If you prefer to skip this patch, run "git am --skip" instead. hint: To restore the original branch and stop patching, run "git am --abort". hint: Disable this message with "git config set advice.mergeConflict false"

This is sad and frustrating because the entire patch has failed, and now you have to apply the entire thing manually. That is no good.

Here is the solution, which I wish I had learned long ago:

$ git config --global am.threeWay true

This enables three-way merge conflict resolution, same as if you were using git cherry-pick or git merge. For example:

$ git am CVE-2025-14512.patch Applying: gfileattribute: Fix integer overflow calculating escaping for byte strings Using index info to reconstruct a base tree... M gio/gfileattribute.c Falling back to patching base and 3-way merge... Auto-merging gio/gfileattribute.c CONFLICT (content): Merge conflict in gio/gfileattribute.c error: Failed to merge in the changes. Patch failed at 0001 gfileattribute: Fix integer overflow calculating escaping for byte strings hint: Use 'git am --show-current-patch=diff' to see the failed patch hint: When you have resolved this problem, run "git am --continue". hint: If you prefer to skip this patch, run "git am --skip" instead. hint: To restore the original branch and stop patching, run "git am --abort". hint: Disable this message with "git config set advice.mergeConflict false"

Now you have merge conflicts, which you can handle as usual. This seems like a better default for pretty much everybody, so if you use git am, you should probably enable it.

I’ve no doubt that many readers will have known about this already, but it’s new to me, and it makes me happy, so I wanted to share. You’re welcome, Internet!

I was excited to see Bilal’s announcement of goblint, and I’ve spent the past week getting Crosswords to work with it. This is a tool I’ve always wanted and I’m pretty convinced it will be a great boon for the GNOME ecosystem. I’m posting my notes in hope that more people try it out:

• First and most importantly, Bilal has been so great to work with. I have filed ~20 issues and feature requests and he fixed them all very quickly. In some cases, he fixed the underlying issue before I completed adding annotations to the code.
• Most of the issues flagged were idiomatic and stylistic, but it did find real bugs. It found a half-dozen leaks, a missing g_timeout removal, and five missing class function chain ups. One was a long-standing crasher. There’s a definite improvement in quality from adopting this tool.
• I’m also excited about pairing this with new GSoC interns. The types of things goblint flags are the things that students hit in particular (when they don’t write it all their code with AI). I think goblint will be even more important to our ecosystem as a teaching tool to our C codebase. It’s already effectively replaced my styleguide.
• In a few instances, the use_g_autoptr rule outstripped static-scan’s ability to track leaks. Ultimately, I ended up annotating and removing the g_autoptr() calls as I couldn’t get the two to play nicely together.
• Along the same lines, cairo, pango, and librsvg all lack G_DEFINE_AUTOPTR_CLEANUP_FUNC. It would be really great if we could fix these core libraries. In the meantime, you can add the following to your project’s goblint.toml file:

[rules.use_g_autoptr_inline_cleanup] level = "error" ignore_types = ["cairo_*", "Pango*", "RsvgHandle"]

• I had some trouble getting the pipeline integrated with GNOME’s gitlab. The gitlab recipe on his page uses premium features unavailable in the self hosted version. If it’s helpful for others, here’s what I ended up using:

goblint: stage: analysis extends: - "opensuse-container@x86_64.stable" - ".fdo.distribution-image@opensuse" needs: - job: opensuse-container@x86_64.stable artifacts: false before_script: - source ci/env.sh - cargo install --git https://github.com/bilelmoussaoui/goblint goblint script: # Goblint is fast. We run it twice: Once to generate the report, # and a second time to display the output and triger an error - /root/.cargo/bin/goblint . --format sarif > goblint.sarif || true - /root/.cargo/bin/goblint . --format text artifacts: reports: sast: goblint.sarif when: always

YMMV