| Age | Commit message (Collapse) | Author |
|---|
|
|
|
While refactoring the IPC encoders and decoders for fallibility, the
inconsistency in which we transfer container sizes was a frequent thing
to trip over. We currently transfer sizes as any of i32, u32, and u64.
This adds a helper to transfer sizes in one consistent way.
Two special cases here are DeprecatedString and Vector, whose encoding
is depended upon by netdb, so that is also updated here.
|
|
These instances were detected by searching for files that include
stdlib.h, but don't match the regex:
\\b(_abort|abort|abs|aligned_alloc|arc4random|arc4random_buf|arc4random_
uniform|atexit|atof|atoi|atol|atoll|bsearch|calloc|clearenv|div|div_t|ex
it|_Exit|EXIT_FAILURE|EXIT_SUCCESS|free|getenv|getprogname|grantpt|labs|
ldiv|ldiv_t|llabs|lldiv|lldiv_t|malloc|malloc_good_size|malloc_size|mble
n|mbstowcs|mbtowc|mkdtemp|mkstemp|mkstemps|mktemp|posix_memalign|posix_o
penpt|ptsname|ptsname_r|putenv|qsort|qsort_r|rand|RAND_MAX|random|reallo
c|realpath|secure_getenv|serenity_dump_malloc_stats|serenity_setenv|sete
nv|setprogname|srand|srandom|strtod|strtof|strtol|strtold|strtoll|strtou
l|strtoull|system|unlockpt|unsetenv|wcstombs|wctomb)\\b
(Without the linebreaks.)
This regex is pessimistic, so there might be more files that don't
actually use anything from the stdlib.
In theory, one might use LibCPP to detect things like this
automatically, but let's do this one step after another.
|
|
These instances were detected by searching for files that include
AK/StdLibExtras.h, but don't match the regex:
\\b(abs|AK_REPLACED_STD_NAMESPACE|array_size|ceil_div|clamp|exchange|for
ward|is_constant_evaluated|is_power_of_two|max|min|mix|move|_RawPtr|RawP
tr|round_up_to_power_of_two|swap|to_underlying)\\b
(Without the linebreaks.)
This regex is pessimistic, so there might be more files that don't
actually use any "extra stdlib" functions.
In theory, one might use LibCPP to detect things like this
automatically, but let's do this one step after another.
|
|
These instances were detected by searching for files that include
AK/Format.h, but don't match the regex:
\\b(CheckedFormatString|critical_dmesgln|dbgln|dbgln_if|dmesgln|FormatBu
ilder|__FormatIfSupported|FormatIfSupported|FormatParser|FormatString|Fo
rmattable|Formatter|__format_value|HasFormatter|max_format_arguments|out
|outln|set_debug_enabled|StandardFormatter|TypeErasedFormatParams|TypeEr
asedParameter|VariadicFormatParams|v_critical_dmesgln|vdbgln|vdmesgln|vf
ormat|vout|warn|warnln|warnln_if)\\b
(Without the linebreaks.)
This regex is pessimistic, so there might be more files that don't
actually use any formatting functions.
Observe that this revealed that Userland/Libraries/LibC/signal.cpp is
missing an include.
In theory, one might use LibCPP to detect things like this
automatically, but let's do this one step after another.
|
|
Looks like this got mangled in the i686 removal.
|
|
This makes LibC build under aarch64 Clang.
|
|
|
|
|
|
|
|
|
|
UTC is not affected by summer time, and the BSD manpage for timegm()
says "The tm_isdst [...] members are forced to zero by timegm()."
|
|
Some programs explicitly ask for a different initial stack size than
what the OS provides. This is implemented in ELF by having a
PT_GNU_STACK header which has its p_memsz set to the amount that the
program requires. This commit implements this policy by reading the
p_memsz of the header and setting the main thread stack size to that.
ELF::Image::validate_program_headers ensures that the size attribute is
a reasonable value.
|
|
While this isn't really POSIX, it's needed by the Zig port and was
simple enough to implement.
|
|
This copies and adapts the setresgid syscall, following in the footsteps
of setreuid and setresuid.
|
|
Co-Authored-By: Daniel Bertalan <dani@danielbertalan.dev>
|
|
Now with the ability to specify different bases for the old and new
paths.
|
|
|
|
Co-Authored-By: Daniel Bertalan <dani@danielbertalan.dev>
|
|
Co-Authored-By: Daniel Bertalan <dani@danielbertalan.dev>
|
|
This will make it easier to support both string types at the same time
while we convert code, and tracking down remaining uses.
One big exception is Value::to_string() in LibJS, where the name is
dictated by the ToString AO.
|
|
We have a new, improved string type coming up in AK (OOM aware, no null
state), and while it's going to use UTF-8, the name UTF8String is a
mouthful - so let's free up the String name by renaming the existing
class.
Making the old one have an annoying name will hopefully also help with
quick adoption :^)
|
|
|
|
Qt 6.4.0 relies on the definitions of ELFOSABI_GNU, ELFOSABI_AIX, and
EM_S390 existing.
|
|
The hostent struct's h_aliases field conventionally contains a pointer
to an array of alternate hostnames, where the final entry in this array
is a nullptr (signifying the end of the list).
At least one POSIX application (Pine email client) does not expect
`h_aliases` itself to be nullptr.
|
|
This causes `echo -` to output "-" instead of crashing
|
|
Since posix_fallocate() doesn't set errno, it has to make sure to
manually "unwrap" any error from the kernel.
|
|
Employ the same hardening that glibc and the Linux kernel use for
generating stack guards: zero the first byte of the guard such that
if C-style string functions read out of bounds on the stack, we do
not overwrite or potentially leak the stack guard.
|
|
We used size_t, which is a type that is guarenteed to be large
enough to hold an array index, but uintptr_t is designed to be used
to hold pointer values, which is the case of stack guards.
|
|
To accomplish this, we add another VeilState which is called
LockedInherited. The idea is to apply exec unveil data, similar to
execpromises of the pledge syscall, on the current exec'ed program
during the execve sequence. When applying the forced unveil data, the
veil state is set to be locked but the special state of LockedInherited
ensures that if the new program tries to unveil paths, the request will
silently be ignored, so the program will continue running without
receiving an error, but is still can only use the paths that were
unveiled before the exec syscall. This in turn, allows us to use the
unveil syscall with a special utility to sandbox other userland programs
in terms of what is visible to them on the filesystem, and is usable on
both programs that use or don't use the unveil syscall in their code.
|
|
|
|
These functions are now implemented in terms of getpwent_r() which
allows us to remove two FIXMEs about global variable shenanigans.
I'm also adding tests for both APIs. :^)
|
|
Two things:
- We now fail with ENOENT when we reach the end of the database.
- Errors are returned directly instead of via errno.
|
|
This function is a deprecated POSIX function which prints a prompt and
receives a password from the user, not echoing back to the terminal.
|
|
Refs #15965.
|
|
|
|
|
|
Otherwise, we end up propagating those dependencies into targets that
link against that library, which creates unnecessary link-time
dependencies.
Also included are changes to readd now missing dependencies to tools
that actually need them.
|
|
The shared parts are now firmly compiled into LibC instead of being
defined as a static library and then being copied over manually.
The non-shared ("local") parts are kept as a static library that is
linked into each binary on demand.
This finally allows us to support linking with the -fstack-protector
flag, which now replaces the `ssp` target being linked into each binary
accidentally via CMake.
|
|
I'm not sure why this wasn't done to begin with, but let's see if this
resolves our "can't find libsystem.so while double-checking undefined
symbols" issues.
|
|
The priority range was changed several years ago, but the
userland-reported limits were just forgotten :skeleyak:. Move the thread
priority constants into an API header so that userland can use it
properly.
|
|
|
|
The syscalls are renamed as they no longer reflect the exact POSIX
functionality. They can now handle setting/getting scheduler parameters
for both threads and processes.
|
|
We were lucky until now that nobody included both headers that have a
definition for this (identical) struct.
|
|
|
|
|
|
Because strtod need to set ERANGE and track the last character we have
to check the resulting value. We also have to check for nan and inf in
strtod itself as the new double parser doesn't accept that as floating
points.
|
|
In the fgetc function, a fix was already in place but was clunky. A real
proper solution is to use an unsigned char instead of a char when
returning the value, so an implicit cast is happening based on the
assumption that the value is unsigned, so if the variable contained 0xff
it won't be treated as -1, but as unsigned 0xff, so the result int will
be 0xff and not -1.
The same solution is applied to the fgetc_unlocked function as well.
|
|
This ensures we have just one location for determining the time zone, so
that LibC and LibTimeZone will behave the same.
(Note the FIXME removed here is also in TimeZone::current_time_zone.)
|
|
We assumed that by returning a char in the fgetc function that an
implicit cast is sufficient, but apparently if that char contains 0xff,
the result int will be -1 (0xFFFFFFFF). To ensure this does not happen,
let's do an explicit casting.
|
