Previously we had a static stack check cookie value for LibC.
Now we randomize the cookie value on LibC initialization, this should
help make the stack check more difficult to attack (still possible just
a bigger pain). This should also help to catch more bugs.
This aims to be a "smart" autocomplete that tries to present the user
with useful suggestions without being in the way (too much).
Here is its current configuration:
- Show suggestions 800ms after something is inserted in the editor
- if something else is inserted in that period, reset it back to 800ms
to allow the user to type uninterrupted
- cancel any shown autocomplete (and the timer) on external changes
(paste, cut, etc)
Modify the user mode runtime to insert stack canaries to find stack corruptions.
The `-fstack-protector-strong` variant was chosen because it catches more
issues than vanilla `-fstack-protector`, but doesn't have substantial
performance impact like `-fstack-protector-all`.
Details:
-fstack-protector enables stack protection for vulnerable functions that contain:
* A character array larger than 8 bytes.
* An 8-bit integer array larger than 8 bytes.
* A call to alloca() with either a variable size or a constant size bigger than 8 bytes.
-fstack-protector-strong enables stack protection for vulnerable functions that contain:
* An array of any size and type.
* A call to alloca().
* A local variable that has its address taken.
Example of it catching corrupting in the `stack-smash` test:
```
courage ~ $ ./user/Tests/LibC/stack-smash
[+] Starting the stack smash ...
Error: Stack protector failure, stack smashing detected!
Shell: Job 1 (/usr/Tests/LibC/stack-smash) Aborted
```
Empty boxes should be fully collapsed, but a box with border and/or
padding is not empty.
This fixes an issue where <hr> elements were getting weirdly collapsed
since they have zero content height (but some border height.)
There's no spatial navigation here, Left/Up moves to the previous
sibling in the tab order, while Right/Down moves to the next.
The arrow keys keep focus within the same parent widget, unlike the tab
key which cycles through all focusable widgets in the window.
This makes GUI::MessageBox feel a bit nicer since you can now arrow
between the Yes/No/Cancel buttons. :^)
This brings mmap more in line with other operating systems. Prior to
this, it was impossible to request memory that was definitely committed,
instead MAP_PURGEABLE would provide a region that was not actually
purgeable, but also not fully committed, which meant that using such memory
still could cause crashes when the underlying pages could no longer be
allocated.
This fixes some random crashes in low-memory situations where non-volatile
memory is mapped (e.g. malloc, tls, Gfx::Bitmap, etc) but when a page in
these regions is first accessed, there is insufficient physical memory
available to commit a new page.
Thread::quit was created before the pthread_create_helper in pthread.cpp
that automagically calls pthread_exit from all pthreads after the user's
thread function exits. It is unused, and unecessary now.
Cleanup some logging, and make join return a Result<T, ThreadError>.
This also adds a new type, LibThread::ThreadError as an
AK::DistinctNumeric. Hopefully, this will make it possible to have a
Result<int, ThreadError> and have it compile? It also makes it clear
that the int there is an error at the call site.
By default, the T on join is void, meaning the caller doesn't care about
the return value from the thread.
As Result is a [[nodiscard]] type, also change the current caller of
join to explicitly ignore it.
Move the logging out of join as well, as it's the user's
responsibility whether to log or not.
Add a function to destroy any keys that were set on the current thread
using the algorithm from Dr. POSIX's pthread_key_create. Add some
defines to pthread.h for pthread key use, and implement
pthread_key_delete. It has a prototype in pthread.h, but any program
trying to actually use it would be in for a link-time surprise.
Currently, keys are destroyed either via global destructors, with the
s_key_destroyer object, or in exit_thread. exit_thread is invoked by
pthread_exit, and transitively by pthread_create, via the
pthread_create_helper that ensures all threads created with the pthread
API properly clean up for themselves when they exit gracefully.
A future patch might make s_key_destroyer a C++11 thread_local instead,
assuming we get thread_local and thread_local destructors working.
Now that we have RTTI in userspace, we can do away with all this manual
hackery and use dynamic_cast.
We keep the is<T> and downcast<T> helpers since they still provide good
readability improvements. Note that unlike dynamic_cast<T>, downcast<T>
does not fail in a recoverable way, but will assert if the object being
casted is not a T.
When calling set_checked(true) on an exclusive button, we will now
transfer focus to the newly checked button if one of its now-unchecked
siblings had focus before.
This makes windows that place initial focus somewhere in a group of
radio buttons look nicer when they show up, since focus will be on
whichever radio button was pre-checked, which may not be the first one
in the group.
Making an AbstractButton exclusive means that we enforce that only one
of the exclusive buttons within the same parent widget can be checked
at a time.
RadioButton was doing exactly the same thing, except in a custom way.
So just remove the custom code and make it exclusive. :^)
Old font functionality has been moved into BitmapFont
and an abstract Font interface has been introduced to
faciliate further development of TTF font integration.
WavWriter::finalize didn't check that m_file was actually valid before
trying to seek and close it. The file is only set by set_file, so it's
not an invariant. Just add a null guard to finalize().
Because pthread_create will always call pthread_exit internally before
exiting the thread function, we can remove the odd requirement that the
user's thread function must call Thread::quit internally.
Make Thread::join clear m_tid on success, and print to stderr on
failure. Call join from ~Thread(). Now if you write an infinite loop in
your thread in an application and don't have an exit condition, you will
block in the thread's destructor forever. Time for stop_token? :)
Just constructing one of these guys on the stack willy nilly will leak
the first reference to them. There might be other C_OBJECTs that have
public constructors, seems like a good place for some static analysis
checks :).
Force users to call the construct() method for it.
