| Age | Commit message (Collapse) | Author |
|---|
|
No functional changes.
|
|
|
|
Same as NonnullRefPtrVector: weird semantics, questionable benefits.
|
|
Nobody made use of the ErrorOr return value and it just added more
chance of confusion, since it was not clear if failing to sniff an
image should return an error or false. The answer was false, if you
returned Error you'd crash the ImageDecoder.
|
|
|
|
|
|
|
|
|
|
`Stream` will be qualified as `AK::Stream` until we remove the
`Core::Stream` namespace. `IODevice` now reuses the `SeekMode` that is
defined by `SeekableStream`, since defining its own would require us to
qualify it with `AK::SeekMode` everywhere.
|
|
This also removes a few cases where the respective header wasn't
actually required to be included.
|
|
This probably won't be the final API for getting color spaces
from images, since some formats just store an "is sRGB?" flag
instead of a full profile. Instead, once everything works,
we probably want to give every Bitmap a pointer to some
color space abstraction.
But we can always change this later, once things are further along
and better understood.
|
|
Those don't have any non-try counterpart, so we might as well just omit
it.
|
|
|
|
When trying to figure out the correct implementation, we now have a very
strong distinction on plugins that are well suited for sniffing, and
plugins that need a MIME type to be chosen.
Instead of having multiple calls to non-static virtual sniff methods for
each Image decoding plugin, we have 2 static methods for each
implementation:
1. The sniff method, which in contrast to the old method, gets a
ReadonlyBytes parameter and ensures we can figure out the result
with zero heap allocations for most implementations.
2. The create method, which just creates a new instance so we don't
expose the constructor to everyone anymore.
In addition to that, we have a new virtual method called initialize,
which has a per-implementation initialization pattern to actually ensure
each implementation can construct a decoder object, and then have a
correct context being applied to it for the actual decoding.
|
|
Migrate bool and Optional<> result types
to ErrorOr<>
|
|
Use our normal error propagation mechanism instead of returning booleans
|
|
Error::from_string_literal now takes direct char const*s, while
Error::from_string_view does what Error::from_string_literal used to do:
taking StringViews. This change will remove the need to insert `sv`
after error strings when returning string literal errors once
StringView(char const*) is removed.
No functional changes.
|
|
|
|
`static const` variables can be computed and initialized at run-time
during initialization or the first time a function is called. Change
them to `static constexpr` to ensure they are computed at
compile-time.
This allows some removal of `strlen` because the length of the
`StringView` can be used which is pre-computed at compile-time.
|
|
https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#cother-other-default-operation-rules
"The compiler is more likely to get the default semantics right and
you cannot implement these functions better than the compiler."
|
|
The ARGB32 typedef is used for 32-bit #AARRGGBB quadruplets. As such,
the name RGBA32 was misleading, so let's call it ARGB32 instead.
Since endianness is a thing, let's not encode any assumptions about byte
order in the name of this type. ARGB32 is basically a "machine word"
of color.
|
|
|
|
|
|
This is a first step towards better error propagation from image codecs.
|
|
To encourage proper support for multi-frame images throughout the
system, get rid of the single-frame convenience bitmap() API.
|
|
|
|
We had a bunch of old unused wrapper functions for each image codec that
would load a supported image with a given path. Nobody actually used
them, so let's just get rid of load_png(), load_gif(), etc.
|
|
Another one that was used in a fajillion places.
|
|
|
|
Found by OSS Fuzz, long-standing issue
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34824
The discovered testcase attempts to clear the framebuffer of size
1056x32 from the previous image, which has size 16416x32.
|
|
This will share functionality between the load from path and load from
memory functions.
|
|
This also prevents exploitation by malicious GIFs.
Found by OSS Fuzz, long-standing issue
(since 259f8541fcd6bc147c9fb4c57b16cd840700af59)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29034
|
|
|
|
|
|
Making a bitmap non-volatile after being volatile may fail to allocate
physical pages after the kernel stole the old pages in a purge.
This is different from the pages being purged, but reallocated. In that
case, they are simply replaced with zero-fill-on-demand pages as if
they were freshly allocated.
|
|
This was a really weird thing to begin with, purgeable bitmaps were
basically regular bitmaps without a physical memory reservation.
Since all the clients of this code ended up populating the bitmaps
with pixels immediately after allocating them anyway, there was no
need to avoid the reservation.
Instead, all Gfx::Bitmaps are now purgeable, in the sense that they
can be marked as volatile or non-volatile.
The only difference here is that allocation failure is surfaced when
we try to create the bitmap instead of during the handling of a
subsequent page fault.
|
|
Also mark them as [[nodiscard]].
|
|
AK's version should see better inlining behaviors, than the LibM one.
We avoid mixed usage for now though.
Also clean up some stale math includes and improper floatingpoint usage.
|
|
Let's make it a bit more clear when we're appending the elements from
one vector to the end of another vector.
|
|
The wrong shift effectively set the upper byte to 0, meaning that
durations longer than 255 centiseconds (2.55 seconds) were wrapped
around. See serenity-fuzz-corpora for an example.
|
|
Previously there were different definitions for classes with the
same name. This is a violation of the C++ ODR.
|
|
This results in unaligned reads sometimes, depending on the layout of
the underlying buffer. Caught by UBSAN.
|
|
This reverts commit 800ea8ea969835297dc7e7da345a45b9dc5e751a.
Booting the system no longer worked after these changes.
|
|
Problem:
- `static` variables consume memory and sometimes are less
optimizable.
- `static const` variables can be `constexpr`, usually.
- `static` function-local variables require an initialization check
every time the function is run.
Solution:
- If a global `static` variable is only used in a single function then
move it into the function and make it non-`static` and `constexpr`.
- Make all global `static` variables `constexpr` instead of `const`.
- Change function-local `static const[expr]` variables to be just
`constexpr`.
|
|
|
|
SPDX License Identifiers are a more compact / standardized
way of representing file license information.
See: https://spdx.dev/resources/use/#identifiers
This was done with the `ambr` search and replace tool.
ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
|
|
These were all getting converted into String internally anyway.
|
|
The previous names (RGBA32 and RGB32) were misleading since that's not
the actual byte order in memory. The new names reflect exactly how the
color values get laid out in bitmap data.
|
|
Unfortunately 10420dee7e48c818a7b1c5386b8fcebc587825f0 didn't quite fix it,
as the buffer overflow was actually happening here:
https://github.com/SerenityOS/serenity/blob/af2220448834fb0bff5132bf68104719819862ce/Userland/Libraries/LibGfx/GIFLoader.cpp#L402
Found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30507
|
|
(...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED)
Since all of these checks are done in release builds as well,
let's rename them to VERIFY to prevent confusion, as everyone is
used to assertions being compiled out in release.
We can introduce a new ASSERT macro that is specifically for debug
checks, but I'm doing this wholesale conversion first since we've
accumulated thousands of these already, and it's not immediately
obvious which ones are suitable for ASSERT.
|
