Before, we had about these occurrence counts:
COPY: 13 without, 33 with
MOVE: 12 without, 28 with
Clearly, 'with' was the preferred way. However, this introduced double-semicolons
all over the place, and caused some warnings to trigger.
This patch *forces* the usage of a semi-colon when calling the macro,
by removing the semi-colon within the macro. (And thus also gets rid
of the double-semicolon.)
It wasn't used anywhere.
Also, if it were used, then it should have been marked AK_NONCOPYABLE().
Or even more cleanly, it should use a RefPtr<> or OwnPtr<> instead of
a 'naked' pointer. And because I didn't want to impose any such decision
on a possible future use case that we don't even know, I just removed
that unused feature.
The implementation in LibC did a timestamp->day-of-week conversion
which looks like a valuable thing to have. But we only need it in
time_to_tm, where we already computed year/month/day -- so let's
consolidate on the day_of_week function in DateTime (which is
getting extracted to AK).
The JS tests pointed out that the implementation in DateTime
had an off-by-one in the month when doing the leap year check,
so this change fixes that bug.
Set member variables after calling mktime(), which canonicalizes
out-of-range values.
With this, DateTime::create(2020, 13, ...) will return a DateTime
on Jan 2021 (assuming the other parameters are in range).
A malicious caller can create a SocketAddress for a local unix socket with an
over-long name that does not fit into struct sock_addr_un.
- Socket::connet: This caused the 'sun_path' field to
overflow, probably overwriting the return pointer of the call frame, and thus
crashing the process (in the best case).
- SocketAddress::to_sockaddr_un: This triggered a RELEASE_ASSERT, and thus
crashing the process.
Both have been fixed to return a nice error code instead of crashing.
Code is pretty trivial. If someone needs "float" support, a copy-paste
will be in place.
Build system was confused between math.h from rootfs, and toolchain. I
fixed the problem caused by `math.h` by locally using the builtin
`isnan()` from the compiler. It's ugly - but works. I am looking for
other alternatives.
I noticed on boot, WindowServer was getting an veil error:
[WindowServer(13:13)]: Rejecting path '/res/themes/Default.ini' since it hasn't been unveiled with 'c' permission.
[WindowServer(13:13)]: 0xc014367f _ZN6Kernel3VFS34validate_path_against_process_veilEN2AK10StringViewEi +681
[WindowServer(13:13)]: 0xc01439d7 _ZN6Kernel3VFS12resolve_pathEN2AK10StringViewERNS_7CustodyEPNS1_6RefPtrIS3_EEii +163
[WindowServer(13:13)]: 0xc0143d03 _ZN6Kernel3VFS4openEN2AK10StringViewEitRNS_7CustodyENS1_8OptionalINS_9UidAndGidEEE +121
[WindowServer(13:13)]: 0xc016fbc4 _ZN6Kernel7Process8sys$openEPKNS_7Syscall14SC_open_paramsE +854
[WindowServer(13:13)]: 0xc0164af8 syscall_handler +1320
[WindowServer(13:13)]: 0xc0164541 syscall_asm_entry +49
[WindowServer(13:13)]: 0x08097ca0 open_with_path_length +24
[WindowServer(13:13)]: 0x08097cf8 open +63
[WindowServer(13:13)]: 0x080a3c59 fopen +31
[WindowServer(13:13)]: 0x0806abf0 _ZN4Core10ConfigFile4syncEv +48
[WindowServer(13:13)]: 0x0806af6a _ZN4Core10ConfigFileD2Ev +16
[WindowServer(13:13)]: 0x08093e2a _ZN3Gfx17load_system_themeERKN2AK6StringE +1869
[WindowServer(13:13)]: 0x08048633 main +491
[WindowServer(13:13)]: 0x08048dae _start +94
With some digging I found out that the ConfigFile class was causing
trying to flush writes of default values, not present in the .ini
file back to disk on destruction of the object.
This sneaky behavior from ConfigFile seems to violate the public facing
semantics of the function (it's const). It also makes it very hard to reason
about the system with technologies like unveil where we are trying to
explicitly state what is exposed to apps, how those exposed items can be
used.
The functionality also doesn't seem to be all that useful, as we'll just
return the default value from the API's anyway.
This change removes the write back of default values.
Now that we don't keep a C compiler around in the toolchain (to save
space) we can't have .c files in the build.
This reminds me that #362 exists and we should fix that at some point.
This is a bit of a pickle and I'm unsure what's the best behavior here.
Since notifiers fire asynchronously via the event loop, we may end up
firing a notifier for a socket fd, but then reading/writing that socket
fd before ending up in the notifier callback.
In that situation, the socket is no longer in the same state as it was
when the event loop generated the notifier event.
This patch stops Socket from firing one hook in this situation but this
probably needs a global rethink.
With this change, Browser starts reliably in multi-process mode. :^)
Core::LocalSocket::take_over_accepted_socket_from_system_server() now
allows you to construct a Core::LocalSocket for a pre-accepted socket
when using SystemServer's new AcceptSocketConnections mode.
This is a convenient wrapper around readlink() that hides away the details
of buffers and buffer sizes, and simply returns a String. The best part is it
doesn't rely on PATH_MAX :D
It comes in two versions, for Serenity, where we can pass non-null-terminated
strings to syscalls, and where sys$readlink() returns the total link size, and
for other systems, where we have to copy out the string, and always have to do
two syscalls.
- Parsing invalid JSON no longer asserts
Instead of asserting when coming across malformed JSON,
JsonParser::parse now returns an Optional<JsonValue>.
- Disallow trailing commas in JSON objects and arrays
- No longer parse 'undefined', as that is a purely JS thing
- No longer allow non-whitespace after anything consumed by the initial
parse() call. Examples of things that were valid and no longer are:
- undefineddfz
- {"foo": 1}abcd
- [1,2,3]4
- JsonObject.for_each_member now iterates in original insertion order
Get rid of the weird old signature:
- int StringType::to_int(bool& ok) const
And replace it with sensible new signature:
- Optional<int> StringType::to_int() const
RefPtr<Notifier> doesn't work quite like it appears to, since the notifier
is also a "child" of the socket, in Core::Object sense. Thus we have to both
remove it from the parent (socket) and drop the additional RefPtr<Notifier> for
it to actually go away.
A proper fix for this would be to untangle parent-child relashionship from
refcounting and inspectability.
This fixes use-after-close of client file descriptors in IPC servers.
