The JS tests pointed out that the implementation in DateTime
had an off-by-one in the month when doing the leap year check,
so this change fixes that bug.
Set member variables after calling mktime(), which canonicalizes
out-of-range values.
With this, DateTime::create(2020, 13, ...) will return a DateTime
on Jan 2021 (assuming the other parameters are in range).
A malicious caller can create a SocketAddress for a local unix socket with an
over-long name that does not fit into struct sock_addr_un.
- Socket::connet: This caused the 'sun_path' field to
overflow, probably overwriting the return pointer of the call frame, and thus
crashing the process (in the best case).
- SocketAddress::to_sockaddr_un: This triggered a RELEASE_ASSERT, and thus
crashing the process.
Both have been fixed to return a nice error code instead of crashing.
Code is pretty trivial. If someone needs "float" support, a copy-paste
will be in place.
Build system was confused between math.h from rootfs, and toolchain. I
fixed the problem caused by `math.h` by locally using the builtin
`isnan()` from the compiler. It's ugly - but works. I am looking for
other alternatives.
I noticed on boot, WindowServer was getting an veil error:
[WindowServer(13:13)]: Rejecting path '/res/themes/Default.ini' since it hasn't been unveiled with 'c' permission.
[WindowServer(13:13)]: 0xc014367f _ZN6Kernel3VFS34validate_path_against_process_veilEN2AK10StringViewEi +681
[WindowServer(13:13)]: 0xc01439d7 _ZN6Kernel3VFS12resolve_pathEN2AK10StringViewERNS_7CustodyEPNS1_6RefPtrIS3_EEii +163
[WindowServer(13:13)]: 0xc0143d03 _ZN6Kernel3VFS4openEN2AK10StringViewEitRNS_7CustodyENS1_8OptionalINS_9UidAndGidEEE +121
[WindowServer(13:13)]: 0xc016fbc4 _ZN6Kernel7Process8sys$openEPKNS_7Syscall14SC_open_paramsE +854
[WindowServer(13:13)]: 0xc0164af8 syscall_handler +1320
[WindowServer(13:13)]: 0xc0164541 syscall_asm_entry +49
[WindowServer(13:13)]: 0x08097ca0 open_with_path_length +24
[WindowServer(13:13)]: 0x08097cf8 open +63
[WindowServer(13:13)]: 0x080a3c59 fopen +31
[WindowServer(13:13)]: 0x0806abf0 _ZN4Core10ConfigFile4syncEv +48
[WindowServer(13:13)]: 0x0806af6a _ZN4Core10ConfigFileD2Ev +16
[WindowServer(13:13)]: 0x08093e2a _ZN3Gfx17load_system_themeERKN2AK6StringE +1869
[WindowServer(13:13)]: 0x08048633 main +491
[WindowServer(13:13)]: 0x08048dae _start +94
With some digging I found out that the ConfigFile class was causing
trying to flush writes of default values, not present in the .ini
file back to disk on destruction of the object.
This sneaky behavior from ConfigFile seems to violate the public facing
semantics of the function (it's const). It also makes it very hard to reason
about the system with technologies like unveil where we are trying to
explicitly state what is exposed to apps, how those exposed items can be
used.
The functionality also doesn't seem to be all that useful, as we'll just
return the default value from the API's anyway.
This change removes the write back of default values.
Now that we don't keep a C compiler around in the toolchain (to save
space) we can't have .c files in the build.
This reminds me that #362 exists and we should fix that at some point.
This is a bit of a pickle and I'm unsure what's the best behavior here.
Since notifiers fire asynchronously via the event loop, we may end up
firing a notifier for a socket fd, but then reading/writing that socket
fd before ending up in the notifier callback.
In that situation, the socket is no longer in the same state as it was
when the event loop generated the notifier event.
This patch stops Socket from firing one hook in this situation but this
probably needs a global rethink.
With this change, Browser starts reliably in multi-process mode. :^)
Core::LocalSocket::take_over_accepted_socket_from_system_server() now
allows you to construct a Core::LocalSocket for a pre-accepted socket
when using SystemServer's new AcceptSocketConnections mode.
This is a convenient wrapper around readlink() that hides away the details
of buffers and buffer sizes, and simply returns a String. The best part is it
doesn't rely on PATH_MAX :D
It comes in two versions, for Serenity, where we can pass non-null-terminated
strings to syscalls, and where sys$readlink() returns the total link size, and
for other systems, where we have to copy out the string, and always have to do
two syscalls.
- Parsing invalid JSON no longer asserts
Instead of asserting when coming across malformed JSON,
JsonParser::parse now returns an Optional<JsonValue>.
- Disallow trailing commas in JSON objects and arrays
- No longer parse 'undefined', as that is a purely JS thing
- No longer allow non-whitespace after anything consumed by the initial
parse() call. Examples of things that were valid and no longer are:
- undefineddfz
- {"foo": 1}abcd
- [1,2,3]4
- JsonObject.for_each_member now iterates in original insertion order
Get rid of the weird old signature:
- int StringType::to_int(bool& ok) const
And replace it with sensible new signature:
- Optional<int> StringType::to_int() const
RefPtr<Notifier> doesn't work quite like it appears to, since the notifier
is also a "child" of the socket, in Core::Object sense. Thus we have to both
remove it from the parent (socket) and drop the additional RefPtr<Notifier> for
it to actually go away.
A proper fix for this would be to untangle parent-child relashionship from
refcounting and inspectability.
This fixes use-after-close of client file descriptors in IPC servers.
.. and make travis run it.
I renamed check-license-headers.sh to check-style.sh and expanded it so
that it now also checks for the presence of "#pragma once" in .h files.
It also checks the presence of a (single) blank line above and below the
"#pragma once" line.
I also added "#pragma once" to all the files that need it: even the ones
we are not check.
I also added/removed blank lines in order to make the script not fail.
I also ran clang-format on the files I modified.
And move canonicalized_path() to a static method on LexicalPath.
This is to make it clear that FileSystemPath/canonicalized_path() only
perform *lexical* canonicalization.
Lagom now builds under macOS. Only two minor adjustments were required:
* LibCore TCP/UDP code can't use `SOCK_{NONBLOCK,CLOEXEC}` on macOS,
use ioctl() and fcntl() instead
* LibJS `Heap` code pthread usage ported to MacOS
The "ready to write" notifier we set up in generic socket connection is
really only meant to detect a successful connection. Once we have a TCP
connection, for example, it will fire on every event loop iteration.
This was causing IRC Client to max out the CPU by getting this no-op
notifier callback over and over.
Since this was only used by TLSv12, I changed that code to create its
own notifier instead. It might be possible to improve TLS performance
by only processing writes when actually needed, but I didn't look very
closely at that for this patch. :^)
This fixes an issue where continuously posting new events to the queue
would keep the event loop saturated, causing it to ignore notifiers.
Since notifiers are part of the big select(), we always have to call
wait_for_events() even if there are pending events. We're already smart
enough to select() without a timeout if we already have pending events.
Moves DirectoryServices out of LibCore (because we need to link with
LibIPC), renames it Desktop::Launcher (because Desktop::DesktopServices
doesn't scan right) and ports it to use the LaunchServer which is now
responsible for starting programs for a file.
Prior to this commit, we would (re-)allocate the output buffer aligned
to 1024 bytes, but never trim it down to size, which caused
Gzip::decompress to return uninitialised data.
`read_bool_entry()` can now interpret both integers (1 or 0) and
Boolean strings ("true" or "false") in configuration files.
All values other than "1" or "true" are considered false.
It was impractical to return a RefPtr<File> since that left us no way
to extract the error string. This is usually needed for the UI, so the
old static open() got basically no use.
The event that triggered the exit from an inner event loop would always
get re-delivered in the outer event loop due to a silly off-by-one
mistake when transferring pending events between loops.
This helper opens a file with a given name, mode and permissions and
returns it in a RefPtr<File>. I think this will be a bit nicer to use
than having to go through Core::File::construct() every time.
The kernel was already using the UDP prefix, and the TCP LibCore classes
are also uppercased. Let's rename for consistency.
Also order the LibCore Makefile alphabetically, because everywhere else
seems to be doing that :)
Add a SetInspectedObject call that tells us which Core::Object a remote
client is currently looking it. Objects get notified when they gain
their first inspector, and when they lose their last one.
Since the returned object is now owned by the callee object, we can
simply vend a ChildType&. This allows us to use "." instead of "->"
at the call site, which is quite nice. :^)
Previously, this function was using `AK::String::to_uint()`, which is
wrong considering the function returns type `int`. This also means that
configuration files would revert to the default value on negative
values.
Consider the old pattern for creating a Core::Object parent and child:
auto parent = Core::Object::construct(...);
auto child = Core::Object::construct(..., parent);
The above was an artifact of the pre-reference-counting Object era.
Now that objects have less esoteric lifetime management, we can replace
the old pattern with something more expressive:
auto parent = Core::Object::construct(...);
auto child = parent->add<Core::Object>(...);
This reads a lot more naturally, and it also means we can get rid of
all the parent pointer arguments to Core::Object subclass constructors.
This is just to have a pleasant way to print the current time for now:
dbg() << Core::DateTime::now();
Or if you want it as a string:
Core::DateTime::now().to_string();
This was only used by HashTable::dump() which I used when doing the
first HashTable implementation. Removing this allows us to also remove
most includes of <AK/kstdio.h>.
I've been wanting to do this for a long time. It's time we start being
consistent about how this stuff works.
The new convention is:
- "LibFoo" is a userspace library that provides the "Foo" namespace.
That's it :^) This was pretty tedious to convert and I didn't even
start on LibGUI yet. But it's coming up next.
Unparented GActions are still parented to the application like before,
making them globally available.
This makes it possible to have actions that work whenever a specific
window is active, no matter which widget is currently focused. :^)
This is a complete reimplementation of CArgsParser with a different API.
Now, CArgsParser properly supports and distinguishes between:
* Positional arguments (required or not)
* Options
Options can be short and/or long.
The API allows you to add custom option and argument types. A few types are
pre-implemented for convenience:
* Boolean options (take no value)
* String and integer options (take a required value)
* String and integer arguments
* Vector-of-string arguments
This commit doesn't include changes for all the users of CArgsParser (see next
commit for that).
The "stay_within" parameter to CObject::dispatch_event() optionally
specifies a node in the CObject parent chain where event dispatch
should stop bubbling upwards.
Since event dispatch is done recursively, this was not working right,
as we would simply return from the innermost dispatch loop, leaving
the event un-accepted, which meant that the penultimately inner
dispatch loop would pick up the event and keep bubbling it anyway.
This made it possible for events to jump across window boundaries
within an application, in cases where one window was a CObject ancestor
of another window. This is typically the case with dialog windows.
Fix#1078.
A process has one of three veil states:
- None: unveil() has never been called.
- Dropped: unveil() has been called, and can be called again.
- Locked: unveil() has been called, and cannot be called again.
As suggested by Joshua, this commit adds the 2-clause BSD license as a
comment block to the top of every source file.
For the first pass, I've just added myself for simplicity. I encourage
everyone to add themselves as copyright holders of any file they've
added or modified in some significant way. If I've added myself in
error somewhere, feel free to replace it with the appropriate copyright
holder instead.
Going forward, all new source files should include a license header.
It used to only read the data it could get without blocking. Andreas says this
was intentional, but it's counterintuitive and no code that uses read_all()
actually expects it to return only a part of the data. So change it to always
read data until an EOF (or an error) is received.
CArgsParser::parse_next_param did not properly ensure that, when
a param required a following argument, there were enough parameters left to
complete the parse. This meant that params_left could become negative,
avoiding parse_next_param's termination condition, and cause a segfault
when reading from argv with an out of bounds index.
This fixes the check to ensure that we do in fact have the right amount
of parameters and also adds an assertion to ensure that params_left does
not become negative.
Threads now have numeric priorities with a base priority in the 1-99
range.
Whenever a runnable thread is *not* scheduled, its effective priority
is incremented by 1. This is tracked in Thread::m_extra_priority.
The effective priority of a thread is m_priority + m_extra_priority.
When a runnable thread *is* scheduled, its m_extra_priority is reset to
zero and the effective priority returns to base.
This means that lower-priority threads will always eventually get
scheduled to run, once its effective priority becomes high enough to
exceed the base priority of threads "above" it.
The previous values for ThreadPriority (Low, Normal and High) are now
replaced as follows:
Low -> 10
Normal -> 30
High -> 50
In other words, it will take 20 ticks for a "Low" priority thread to
get to "Normal" effective priority, and another 20 to reach "High".
This is not perfect, and I've used some quite naive data structures,
but I think the mechanism will allow us to build various new and
interesting optimizations, and we can figure out better data structures
later on. :^)
This removes a bunch of JsonValue copying from the hot path in thread
statistics fetching.
Also pre-size the thread statistics vector since we know the final size
up front. :^)
LibCore timers now have a TimerShouldFireWhenNotVisible flag which is
set to "No" by default.
If "No", the timer will not be fired by the event loop if it's within
a CObject tree whose nearest GWindow ancestor is currently not visible
for timer purposes. (Specificially, this means that the window is
either minimized or fully occluded, and so does not want to fire timers
just to update the UI.)
This is another nice step towards a calm and serene operating system.
