A malicious caller can create a SocketAddress for a local unix socket with an
over-long name that does not fit into struct sock_addr_un.
- Socket::connet: This caused the 'sun_path' field to
overflow, probably overwriting the return pointer of the call frame, and thus
crashing the process (in the best case).
- SocketAddress::to_sockaddr_un: This triggered a RELEASE_ASSERT, and thus
crashing the process.
Both have been fixed to return a nice error code instead of crashing.
An overlong group name in /etc/groups would have caused getgrent() to overflow
the global __grdb_entry. Curiously, overflow *within* __grdb_entry seems to have
no detrimental effects.
However, it was possible for a malicious sysadmin(?!) to craft an /etc/group
that overflows outside of the page allocated for __grdb_entry thus crash the
calling process. This affected at least SystemServer and su.
Now, the group name will be simply truncated. For display purposes, this is
fine. In case there is an exceptionally long group, it will not be properly
recognized. Also, a malicious /etc/groups might cause the caller of getgrent()
to become confused, but that is unavoidable.
Before, strftime unintentionally interpreted 0 as 'unlimited'. The specification
of strftime says no such thing.
Now, it properly returns 0 in that case (because the NUL byte doesn't fit).
strdup: Because the length is already known at the time of copying, there is
no need to use strcpy (which has to check every single byte, and thus tends
to be slower than memcpy).
strndup: If 'str' is not NUL-terminated, strndup used to run off into the
adjacent memory region. This can be fixed by using the proper strlen variant:
strnlen.
GUI::TabWidget has long has a TabPosition::Bottom option, but we still
rendered the tab buttons the same as TabPosition::Top.
This patch implements a custom look for bottom-side tabs. I've done my
best to match the look of the top-side ones, but there might be some
improvements we can make here. :^)
Test files created with:
$ for f in Libraries/LibJS/Tests/builtins/Date/Date.prototype.get*js; do
cp $f $(echo $f | sed -e 's/get/getUTC/') ;
done
$ rm Libraries/LibJS/Tests/builtins/Date/Date.prototype.getUTCTime.js
$ git add Libraries/LibJS/Tests/builtins/Date/Date.prototype.getUTC*.js
$ ls Libraries/LibJS/Tests/builtins/Date/Date.prototype.getUTC*.js | \
xargs sed -i -e 's/get/getUTC/g'
Year computation has to be based on seconds, not days, in case
t is < 0 but t / __seconds_per_day is 0.
Year computation also has to consider negative timestamps.
With this, days is always positive and <= the number of days in the
year, so base the tm_wday computation directly on the timestamp,
and do it first, before t is modified in the year computation.
In C, % can return a negative number if the left operand is negative,
compensate for that.
Tested via test-js. (Except for tm_wday, since we don't implement
Date.prototype.getUTCDate() yet.)
When a resize_aspect_ratio is specified, and window will only be resized
to a multiple of that ratio. When resize_aspect_ratio is set, windows
cannot be tiled.
Any (future) program that includes this header would fail to compile, because the
private symbol 'kind_name' is defined, along with a bunch of code, but unused.
A good way to see this is by #include'ing LibCrypto/ASN1/ASN1.h in an unrelated
.cpp-file, for example Userland/md.cpp.
No other headers seem to have this problem.
snprintf is supposed to *always* NUL-terminate its output, so it has to write one
output byte fewer.
And yes, I *did* check all existing usages; this shouldn't break anything.
We can't rely on a plain global WeakPtr during application teardown
since destruction order is not defined. Instead, use a NeverDestroyed
to hold the GUI::Application weak pointer. This way it will always
be reliable.
Fixes#3251.
Refactors the Calendar widget into LibGUI and updates the Calendar
app interface. Calendar widget lets layout engine manage most of
its geometry now and has a few new features like tile click
navigation, hover highlighting and a togglable year/month mode.
LibJS doesn't store stacks for exception objects, so this
only amends test-common.js's __expect() with an optional
`details` function that can produce a more detailed error
message, and it lets test-js.cpp read and print that
error message. I added the optional details parameter to
a few matchers, most notably toBe() where it now prints
expected and actual value.
It'd be nice to have line numbers of failures, but that
seems hard to do with the current design, and this is already
much better than the current state.
The "Step Out" action continues execution until the current function
returns.
Also, LibDebug/StackFrameUtils was introduced to eliminate the
duplication of stack frame inspection logic between the "Step Out"
action and the BacktraceModel.
Instead of computing it on the fly while painting each layout node,
they now remember their selection state. This avoids a whole bunch
of tree traversal while painting with anything selected.
Makes C-c print "^C" and continue prompting on a new line.
Also fixes a problem where an interrupted get_line() would need more
read()'s than required to update the display.
