This reverts my previous commit in WebServer and fixes the whole issue
in a much better way. Instead of having the MIME type guesser take a
URL (which we don't actually have in the WebServer at that point),
just take a path as a StringView.
Also, make use of the case-insensitive StringView::ends_with() :^)
If a file descriptor is being closed, we need to permanently disable
any Notifier and remove it from the event loop. This method removes
the notifier and disables it so that the EventLoop does not use a
invalid file descriptor.
Instead of everyone overriding save_to() and set_property() and doing
a pretty asymmetric job of implementing the various properties, let's
add a bit of structure here.
Object properties are now represented by a Core::Property. Properties
are registered with a getter and setter (optional) in constructors.
I've added some convenience macros for creating and registering
properties, but this does still feel a bit bulky. We'll have to
iterate on this and see where it goes.
Consider the following snippet:
void foo(InputStream& stream) {
if(!stream.eof()) {
u8 byte;
stream >> byte;
}
}
There is a very subtle bug in this snippet, for some input streams eof()
might return false even if no more data can be read. In this case an
error flag would be set on the stream.
Until now I've always ensured that this is not the case, but this made
the implementation of eof() unnecessarily complicated.
InputFileStream::eof had to keep a ByteBuffer around just to make this
possible. That meant a ton of unnecessary copies just to get a reliable
eof().
In most cases it isn't actually necessary to have a reliable eof()
implementation.
In most other cases a reliable eof() is avaliable anyways because in
some cases like InputMemoryStream it is very easy to implement.
The streaming operator doesn't short-circuit, consider the following
snippet:
void foo(InputStream& stream) {
int a, b;
stream >> a >> b;
}
If the first read fails, the second is called regardless. It should be
well defined what happens in this case: nothing.
DateTime::create() takes a date/time in local time, but it set
tm_isdst to 0, which meant it was in local winter time always.
Set tm_isdst to -1 so that times during summer time are treated
in summer time, and times in winter time are treated as winter
time (when appropriate). When the time is adjusted backward by
one hour, the same time can be in winter time or summer time,
so this isn't 100% reliable, but for most of the year it should
work fine.
Since LibJS uses DateTime, this means that the Date tuple
ctor (which creates a timestamp from year/month/day/hours/etc
in local time) and getTime() should now have consistent (and
correct) output, which should fix#3327.
In Serenity itself, dst handling (and timezones) are unimplemented
and this doens't have any effect yet, but in Lagom this has an effect.
Before, we had about these occurrence counts:
COPY: 13 without, 33 with
MOVE: 12 without, 28 with
Clearly, 'with' was the preferred way. However, this introduced double-semicolons
all over the place, and caused some warnings to trigger.
This patch *forces* the usage of a semi-colon when calling the macro,
by removing the semi-colon within the macro. (And thus also gets rid
of the double-semicolon.)
It wasn't used anywhere.
Also, if it were used, then it should have been marked AK_NONCOPYABLE().
Or even more cleanly, it should use a RefPtr<> or OwnPtr<> instead of
a 'naked' pointer. And because I didn't want to impose any such decision
on a possible future use case that we don't even know, I just removed
that unused feature.
The implementation in LibC did a timestamp->day-of-week conversion
which looks like a valuable thing to have. But we only need it in
time_to_tm, where we already computed year/month/day -- so let's
consolidate on the day_of_week function in DateTime (which is
getting extracted to AK).
The JS tests pointed out that the implementation in DateTime
had an off-by-one in the month when doing the leap year check,
so this change fixes that bug.
Set member variables after calling mktime(), which canonicalizes
out-of-range values.
With this, DateTime::create(2020, 13, ...) will return a DateTime
on Jan 2021 (assuming the other parameters are in range).
A malicious caller can create a SocketAddress for a local unix socket with an
over-long name that does not fit into struct sock_addr_un.
- Socket::connet: This caused the 'sun_path' field to
overflow, probably overwriting the return pointer of the call frame, and thus
crashing the process (in the best case).
- SocketAddress::to_sockaddr_un: This triggered a RELEASE_ASSERT, and thus
crashing the process.
Both have been fixed to return a nice error code instead of crashing.
Code is pretty trivial. If someone needs "float" support, a copy-paste
will be in place.
Build system was confused between math.h from rootfs, and toolchain. I
fixed the problem caused by `math.h` by locally using the builtin
`isnan()` from the compiler. It's ugly - but works. I am looking for
other alternatives.
I noticed on boot, WindowServer was getting an veil error:
[WindowServer(13:13)]: Rejecting path '/res/themes/Default.ini' since it hasn't been unveiled with 'c' permission.
[WindowServer(13:13)]: 0xc014367f _ZN6Kernel3VFS34validate_path_against_process_veilEN2AK10StringViewEi +681
[WindowServer(13:13)]: 0xc01439d7 _ZN6Kernel3VFS12resolve_pathEN2AK10StringViewERNS_7CustodyEPNS1_6RefPtrIS3_EEii +163
[WindowServer(13:13)]: 0xc0143d03 _ZN6Kernel3VFS4openEN2AK10StringViewEitRNS_7CustodyENS1_8OptionalINS_9UidAndGidEEE +121
[WindowServer(13:13)]: 0xc016fbc4 _ZN6Kernel7Process8sys$openEPKNS_7Syscall14SC_open_paramsE +854
[WindowServer(13:13)]: 0xc0164af8 syscall_handler +1320
[WindowServer(13:13)]: 0xc0164541 syscall_asm_entry +49
[WindowServer(13:13)]: 0x08097ca0 open_with_path_length +24
[WindowServer(13:13)]: 0x08097cf8 open +63
[WindowServer(13:13)]: 0x080a3c59 fopen +31
[WindowServer(13:13)]: 0x0806abf0 _ZN4Core10ConfigFile4syncEv +48
[WindowServer(13:13)]: 0x0806af6a _ZN4Core10ConfigFileD2Ev +16
[WindowServer(13:13)]: 0x08093e2a _ZN3Gfx17load_system_themeERKN2AK6StringE +1869
[WindowServer(13:13)]: 0x08048633 main +491
[WindowServer(13:13)]: 0x08048dae _start +94
With some digging I found out that the ConfigFile class was causing
trying to flush writes of default values, not present in the .ini
file back to disk on destruction of the object.
This sneaky behavior from ConfigFile seems to violate the public facing
semantics of the function (it's const). It also makes it very hard to reason
about the system with technologies like unveil where we are trying to
explicitly state what is exposed to apps, how those exposed items can be
used.
The functionality also doesn't seem to be all that useful, as we'll just
return the default value from the API's anyway.
This change removes the write back of default values.
Now that we don't keep a C compiler around in the toolchain (to save
space) we can't have .c files in the build.
This reminds me that #362 exists and we should fix that at some point.
This is a bit of a pickle and I'm unsure what's the best behavior here.
Since notifiers fire asynchronously via the event loop, we may end up
firing a notifier for a socket fd, but then reading/writing that socket
fd before ending up in the notifier callback.
In that situation, the socket is no longer in the same state as it was
when the event loop generated the notifier event.
This patch stops Socket from firing one hook in this situation but this
probably needs a global rethink.
With this change, Browser starts reliably in multi-process mode. :^)
Core::LocalSocket::take_over_accepted_socket_from_system_server() now
allows you to construct a Core::LocalSocket for a pre-accepted socket
when using SystemServer's new AcceptSocketConnections mode.
This is a convenient wrapper around readlink() that hides away the details
of buffers and buffer sizes, and simply returns a String. The best part is it
doesn't rely on PATH_MAX :D
It comes in two versions, for Serenity, where we can pass non-null-terminated
strings to syscalls, and where sys$readlink() returns the total link size, and
for other systems, where we have to copy out the string, and always have to do
two syscalls.
- Parsing invalid JSON no longer asserts
Instead of asserting when coming across malformed JSON,
JsonParser::parse now returns an Optional<JsonValue>.
- Disallow trailing commas in JSON objects and arrays
- No longer parse 'undefined', as that is a purely JS thing
- No longer allow non-whitespace after anything consumed by the initial
parse() call. Examples of things that were valid and no longer are:
- undefineddfz
- {"foo": 1}abcd
- [1,2,3]4
- JsonObject.for_each_member now iterates in original insertion order
Get rid of the weird old signature:
- int StringType::to_int(bool& ok) const
And replace it with sensible new signature:
- Optional<int> StringType::to_int() const
RefPtr<Notifier> doesn't work quite like it appears to, since the notifier
is also a "child" of the socket, in Core::Object sense. Thus we have to both
remove it from the parent (socket) and drop the additional RefPtr<Notifier> for
it to actually go away.
A proper fix for this would be to untangle parent-child relashionship from
refcounting and inspectability.
This fixes use-after-close of client file descriptors in IPC servers.
.. and make travis run it.
I renamed check-license-headers.sh to check-style.sh and expanded it so
that it now also checks for the presence of "#pragma once" in .h files.
It also checks the presence of a (single) blank line above and below the
"#pragma once" line.
I also added "#pragma once" to all the files that need it: even the ones
we are not check.
I also added/removed blank lines in order to make the script not fail.
I also ran clang-format on the files I modified.
And move canonicalized_path() to a static method on LexicalPath.
This is to make it clear that FileSystemPath/canonicalized_path() only
perform *lexical* canonicalization.
Lagom now builds under macOS. Only two minor adjustments were required:
* LibCore TCP/UDP code can't use `SOCK_{NONBLOCK,CLOEXEC}` on macOS,
use ioctl() and fcntl() instead
* LibJS `Heap` code pthread usage ported to MacOS
The "ready to write" notifier we set up in generic socket connection is
really only meant to detect a successful connection. Once we have a TCP
connection, for example, it will fire on every event loop iteration.
This was causing IRC Client to max out the CPU by getting this no-op
notifier callback over and over.
Since this was only used by TLSv12, I changed that code to create its
own notifier instead. It might be possible to improve TLS performance
by only processing writes when actually needed, but I didn't look very
closely at that for this patch. :^)
This fixes an issue where continuously posting new events to the queue
would keep the event loop saturated, causing it to ignore notifiers.
Since notifiers are part of the big select(), we always have to call
wait_for_events() even if there are pending events. We're already smart
enough to select() without a timeout if we already have pending events.
Moves DirectoryServices out of LibCore (because we need to link with
LibIPC), renames it Desktop::Launcher (because Desktop::DesktopServices
doesn't scan right) and ports it to use the LaunchServer which is now
responsible for starting programs for a file.
