Instead of parsing untrusted and potentially malicious image files in
the ImageViewer GUI process, take advantage of the ImageDecoder service
that we already have on the system to sandbox the decode.
This prevents bugs in our image decoding libraries from being used as
an exploitation vector when viewing files in ImageViewer.
Previously you could pass anything (e.g a text file) to ImageDecoder and
it would "succeed" in decoding it and give you back a 0-frame result.
Let's consider that state a failure instead.
Single-process Browser forces a connection to these services early on,
to avoid having to unveil their paths. I'm suspicious of the benefits
of this (and the comment about it wasn't even accurate) but let's keep
it for now.
In multi-process mode, there's no need to do this, and in fact it was
causing us to spawn two extra totally unused processes.
Previously we didn't retransmit lost TCP packets which would cause
connections to hang if packets were lost. Also we now time out
TCP connections after a number of retransmission attempts.
This wakes up NetworkTask every 500 milliseconds so that it can send
pending delayed TCP ACKs and isn't forced to send all of them early
when it goes to sleep like it did before.
When establishing the connection we should send ACKs right away so
as to not delay the connection process. This didn't previously
matter because we'd flush all delayed ACKs when NetworkTask waits
for incoming packets.
Ideally we would never allocate under a spinlock, as it has many
performance and potentially functionality (deadlock) pitfalls.
We violate that rule in many places today, but we need a tool to track
them all down and fix them. This change introduces a new macro option
named `KMALLOC_VERIFY_NO_SPINLOCK_HELD` which can catch these
situations at runtime via an assert.
The Cpp LanguageServer tests can be run with: CppLanguageServer -t
The tests now only cover some very simple autocomplete and
"find declaration" use cases, but it's a start :)
Creating a ByteBuffer involves two allocations:
-One for the ByteBufferImpl object
-Another one for the actual byte buffer
This changes the ByteBuffer and ByteBufferImpl classes
so only one allocation is necessary.
Avoid holding the sockets_by_tuple lock while allocating the TCPSocket.
While checking if the list contains the item we can also hold the lock
in shared mode, as we are only reading the hash table.
In addition the call to from_tuple appears to be superfluous, as we
created the socket, so we should be able to just return it directly.
This avoids the recursive lock acquisition, as well as the unnecessary
hash table lookups.
When computing row & column sizes in AbstractTableView, it iterates
across both axes starting from 0.
This caused us to grow the corresponding HeaderView's internal section
vector by 1 entry for each step, leading to Vector::resize() thrashing.
Since we already know the final size, just resize to that immediately,
and the thrashing goes away.
This gives a huge speedup when loading large files into Profiler. :^)
This adds an `AK::ByteReader` to help with that so we don't duplicate
the logic all over the place.
No more `*(const u16*)` and `*(const u32*)` for anyone.
This should help a little with #7060.
The TestRunner objects at the end of test-js are destroyed after the
if/else that chooses whether to run the 262 parser tests or the standard
tests. Accessing TestRunner::the() after the lifetime of the TestRunners
ends is UB, so return the Test::Counts from run() instead. Also, fix the
destructor of TestRunner to set s_the to nullptr so that if anyone tries
this type of shenanigains again, they'll get a crash :^).
Absolutely massive allocations > 1024 bytes would go into the size
class which was 3172 bytes. 3172 happens to not be 8 byte aligned, and
so made UBSAN very sad on x86_64. Change the largest allocator to be
3072 bytes, which is in fact a multiple of 8 :^)
The should_not_destroy test case intentionally performs an invalid stack
access on a NeverDestroyed to confirm that the destructor for the held
type was not called.
The C interface (posix interface?) for regexes has no "initialize"
function, only a free function. The comment in regcomp in
LibRegex/C/Regex.cpp notes that calling regcomp without a regfree is an
error, and will leak memory. Every single time regcomp is called on a
regex_t*, it will allocate new memory.
Make sure that all the regcomp calls are paired with a regfree in the
tests program
We can't unref an object to destruction while there's still a live
RefPtr to the object, otherwise the RefPtr destructor will try to
destroy it again, accessing the refcount of a destroyed object (before
realizing that oops! the object is already dead)
