The adobe specification doesn't even consider JPEG images with a single
component. So let's not consider the content of the App14 segment for
grayscale images.
Apart from the class used audio fuzzers have identical behavior: Create
a memory stream from the fuzzer input and pass this to the loader, then
try to load audio until an error occurs. Since the loader plugins need
to have the same static create() function anyways for LibAudio itself,
we can unify the fuzzer implementations and reduce code duplication.
By golly, this is a lot more spec comments than I originally thought
I would need to do! This has exposed some bugs in the implementation,
as well as a whole lot of things which we are yet to implement.
No functional changes intended in this commit (already pretty large
as is!).
When we moved from NonnullRefPtrVector<T> to Vector<NonnullRefPtr<T>>
in commit 8a48246ed1, the `at()` function
started returning a NonnullRefPtr<T>& instead of T&.
The code calling create_index() was not then updated and ended up taking
a pointer to a temporary NonnullRefPtr<>, instead of an actual object,
leading to a crash after logging in.
Describe how to use the two new context and unified format options in
the diff utility. Also change the example comparison of two files so
they contain more lines as that is much more interesting (and useful).
Add the options '-C','--context' and '-U','--unified', which can be used
to ask diff to write a diff in that format with a given number of
context lines surrounding the diff.
This resolves the various "implicit truncation from int to a one-bit
wide bit-field changes value from 1 to -1" warnings produced by Clang
16+ when assigning to single-bit bitfields.
Prior to this commit if you tried to access section 0 of the man page
(`man 0 ls`) the application would just crash with an array out of
bounds style error.
This commit just ensures that we return an explicit and helpful error
message when you try to request the 0th section, instead of crashing.
This small utility is something we probably needed for a very long
time - a way to print memory statistics in an elegant manner.
This utility opens /sys/kernel/memstat, reads it and decode the values
into human readable entries, possibly even into human-readable sizes.
Use LibCore ArgsParser to parse the parameters instead of using the raw
strings from the argv (Main::Arguments) array.
Also, use indicative names for variables in the code so the utility code
is more understandable.
The flag indicating the presence of an await expression should be
passed up to the parent scope until the nearest function scope is
reached. This resolves several problems related to identifying
top-level awaits, which are currently not recognized correctly
when used within a nested scope.
It's no longer needed now that this code uses ErrorOr instead of Result.
Ran:
rg -lw LOADER_TRY Userland/Libraries/LibAudio \
| xargs sed -i '' 's/LOADER_TRY/TRY/g'
...and then manually fixed up Userland/Libraries/LibAudio/LoaderError.h
to not redefine TRY but instead remove the now-unused LOADER_TRY,
and ran clang-format.
All of the following properties in the font shorthand can be `normal`:
- font-style
- font-variant
- font-weight
- font-stretch
This means that we must allow up to four consecutive `normal` at the
start of a font shorthand value.
The driver would crash if it was unable to find an output route, and
subsequently the destruction of controller did not invoke
`GenericInterruptHandler::will_be_destroyed()` because on the level of
`AudioController`, that method is unavailable.
By decoupling the interrupt handling from the controller, we get a new
refcounted class that correctly cleans up after itself :^)
Print the correct error from Core::System::chdir() instead of errno, and
display the error in the DirectoryView instead of continuing to show the
previous location's contents.
This regressed in 1dc3ba6ed5.
For very large seekpoint indices, the casts necessary for the "simple"
subtraction comparison will yield wrong and overflowing results.
Therefore, we perform the seekpoint comparison manually instead.
This specialized UTF-8 decoder is more powerful than a normal UTF-8
decoder anyways, but it couldn't account for the never spec-compliant
0xff start byte. This commit makes that byte behave as expected if
taking UTF-8 to its extreme, even if it is a little silly and likely not
relevant for real applications.
The bit magic for two's complement sign extension was only sign
extending to 32-bit signed. This issue was exposed by the last commit,
where now we actually use the 64-bit return value.
Since we can have up to 32 bits of input data, multiplications may need
up to 63 bits. This was accounted for in some places, but by far not in
all, and oss-fuzz found multiple integer overflows. We now use i64 in
all of the decoding, since we need to rescale samples to float later on
anyways. If a final sample value ends up out of range (and the range can
be a maximum of 32 bits), we may get samples past 1, but that then is a
non-compliant input file, and using over-range samples (and most likely
clipping audio) is considerably less weird than overflowing and
glitching audio.
The fuzzer found one heap buffer overflow here due to confusion between
u32* and u8* (the given size is for bytes, but we used it for 32-bit
elements, quadrupling it), and it looks like there's an opportunity for
several more. This commit modernizes the picture loader by using
String's built-in stream loader, and also adds several spec-compliance
checks: The MIME type must be ASCII in a specific range, and the picture
description must be UTF-8.
An LPC predictor (fixed or not) contains as many warm-up samples as its
order. Therefore, the corresponding subframe must have at least this
many samples.
This turns this fuzzer-found crash into a handleable format error.
