This was a footgun waiting to happen. The StringView encoder is only
used internally within IPC::Encoder to encode DeprecatedString. It does
not encode its null state nor its length. If someone were to innocently
use the StringView encoder as it is, and then decode a DeprecatedString
on the remote end, the decoding would be corrupt.
This changes the StringView encoder to do the work the DeprecatedString
encoder is currently doing, and the latter now just forwards to it.
While refactoring the IPC encoders and decoders for fallibility, the
inconsistency in which we transfer container sizes was a frequent thing
to trip over. We currently transfer sizes as any of i32, u32, and u64.
This adds a helper to transfer sizes in one consistent way.
Two special cases here are DeprecatedString and Vector, whose encoding
is depended upon by netdb, so that is also updated here.
In doing so, this removes all uses of the Encoder's stream operator,
except for where it is currently still used in the generated IPC code.
So the stream operator currently discards any errors, which is the
existing behavior. A subsequent commit will propagate the errors.
Currently, the stream operator overload hides most encoding errors. In
an effort to make IPC encoding fallible, this first replaces the Encoder
overloads with IPC::encode specializations. The return type is still a
boolean, a future commit will change it to ErrorOr.
Note that just like in the analogous decoder commit (9b48362), these
specializations must be defined at the namespace scope. Further, all
arithmetic specializations are now in one method.
The format is quite simply the type index followed by the type in its
own native encoding; just implementing the receive side with static
typing is a bit convoluted. The only limitation of this implementation
is that the variant type has to contain an Empty somewhere as it is not
default constructible otherwise.
Co-authored-by: Ali Mohammad Pur <mpfard@serenityos.org>
This will make it easier to support both string types at the same time
while we convert code, and tracking down remaining uses.
One big exception is Value::to_string() in LibJS, where the name is
dictated by the ToString AO.
We have a new, improved string type coming up in AK (OOM aware, no null
state), and while it's going to use UTF-8, the name UTF8String is a
mouthful - so let's free up the String name by renaming the existing
class.
Making the old one have an annoying name will hopefully also help with
quick adoption :^)
In order to avoid the base encode/decode methods from being used (and
failing a static assertion), we must be sure to declare/define the
custom type implementations as template specializations.
After this, LibIPC is no longer sensitive to include order.
This commit moves the length calculations out to be directly on the
StringView users. This is an important step towards the goal of removing
StringView(char const*), as it moves the responsibility of calculating
the size of the string to the user of the StringView (which will prevent
naive uses causing OOB access).
SPDX License Identifiers are a more compact / standardized
way of representing file license information.
See: https://spdx.dev/resources/use/#identifiers
This was done with the `ambr` search and replace tool.
ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
