Previously gradient painting was dominated by the clipping checks in
Painter::set_pixel(). This commit changes gradient painting to use the
new Painter::fill_pixels() function (which does all these checks outside
the hot loop).
With this change gradient painting drops from 96% of the profile to 51%
when scrolling around on gradients.html. A nice 45% reduction :^)
This function fills a region of pixels with the result of a callback
function. This is an alternative to a for loop that repeatedly calls
Painter::set_pixel(), which can get very expensive due to the clipping
checks set_pixel() does each call.
This is fixed by making the "about to be notified rejected promises
list" use JS::Handle instead of JS::NonnullGCPtr. This UAF happens
because notify_about_rejected_promises makes a local copy of this list,
empties the member variable list and then moves the local copy into a
JS::SafeFunction lambda. JS::SafeFunction can only see GC pointers that
are in its storage, not external storage.
Example exploit (requires fixed microtask timing by removing the dummy
execution context):
```html
<script>
Promise.reject(new Error);
// Exit the script block, causing a microtask checkpoint and thus
// queuing of a task to fire the unhandled rejection event for the
// above promise.
// During the time after being queued but before being ran, these
// promises are not kept alive. This is because JS::SafeFunction cannot
// see into a Vector, meaning it can't visit the stored NonnullGCPtrs.
</script>
<script defer>
// Cause a garbage collection, destroying the above promise.
const b = [];
for (var i = 0; i < 200000; i++)
b.push({});
// Some time after this script block, the queued unhandled rejection
// event task will fire, with the event object containing the dead
// promise.
window.onunhandledrejection = (event) => {
let value = event.promise;
console.log(value);
}
</script>
```
Previously we were doing this at the painting stage, which meant that
layout potentially used the wrong glyphs when measuring text.
This would lead to incorrect layout metrics and was visible on the
HTML5Test score display, for example. :^)
About half of the usages were not using `force` anyways, and the other
half presumably just got confused about what "force" really means in
this context (which is "ignore nonexistent files").
The only 'legitimate' user, which is `rm`, instead now handles this
completely internally instead.
Instead of fidgeting with offsets and manually reading out big-endian
values, we now declare the "head" table as a C++ struct and use the
BigEndian<T> template to deal with byte order.
This file is not needed here, and causes a compile issue on musl-libc
based distributions. We should only be including this file in LibC, for
the most part anyway.
This was wrong twice making it right... But let's fix that.
The center was being passed as a DevicePixelPoint, but was in fact in
CSS pixels, the size was passed as a Gfx::FloatSize but was in
CSS pixels again. Then we were scaling from device pixels to CSS pixels
when painting which does not need to be done if everything is passed
which the correct scale factors already applied.
This is a first step towards handling OOM errors instead of just
crashing the program.
Now UDPServer's method `receive()` return memory allocation
errors explicitly with help of ErrorOr.
This removes one FIXME and make a bunch of new ones. :(
We now generate all LibGL API wrappers from a single API method
definition list stored in `GLAPI.json`. Since a significant portion of
the OpenGL API methods are relatively consistent variants, we take
advantage of this to generate a lot of these variants at once.
The autogenerated methods check for the non-nullness of the current
`GLContext`, and only perform an action if a `GLContext` is present.
This prevents a crash in ports like GLTron, who assume you can still
call the OpenGL API without an active context.
This increases our API wrapper method count from 211 to 356.
Fixes#15814.
For the ambient light model, integers need to be remapped to a range of
`-1.` through `1.`. Add the `+` and `-` operators to `VectorN` to make
it a bit easier to normalize 4 values at once.
We now dereference the pointer given to us before adding the arguments
to an active list. This also factors out the switching logic from the
API wrappers, which helps us with a future commit where we autogenerate
all API wrapper functions.
We do not need to templatize the output type - it's always `float`.
Also, the input type can be inferred. Finally, use template
specialization instead of a conditional to deal with same type input and
output matrices.
Before this patch, when having the initial spinbox color value
(Color::White), if you changed the color value in the vertical color
picker it didn't update the spinbox's colors.
This is fixed by manually calling update() in the color picker's
onchange() handler if the new color is equal to the previous color,
which is the case in the initial spinbox's case as it will always be
white unless it is changed (and won't be affected by the vertical
color picker).
I added a NOTE in the source to explain this "opaque" update() call :))
When an attempt is made to provide the user password to a
SecurityHandler a user gets back a boolean result indicating success or
failure on the attempt. However, the SecurityHandler is left in a state
where it thinks it has a user password, regardless of the outcome of the
attempt. This confuses the rest of the system, which continues as if the
provided password is correct, resulting in garbled content.
This commit fixes the situation by resetting the internal fields holding
the encryption key (which is used to determine whether a user password
has been successfully provided) in case of a failed attempt.
With the StandardSecurityHandler the Length item in the Encryption
dictionary is optional, and needs to be given only if the encryption
algorithm (V) is other than 1; otherwise we can assume a length of 40
bits for the encryption key.
Adapt BMPImageDecoderPlugin to support BMP images included in ICOns.
ICOImageDecoderPlugin now uses BMPImageDecoderPlugin to decode all
BMP images instead of it's own ad-hoc decoder which only supported
32 bpp BMPs.
Selections are always normalized when saving undo commands.
The restore_selection() function reverses this process so
negatively sized selections (created right-to-left) continue
to resize correctly with the keyboard when restored.