These IPCs are different than other IPCs in that we can't just set up a
callback function to be invoked when WebContent sends us the screenshot
data. There are multiple places that would set that callback, and they
would step on each other's toes.
Instead, the screenshot APIs on ViewImplementation now return a Promise
which callers can interact with to receive the screenshot (or an error).
This overload is currently unused. When used, it doesn't compile due to
mismatched return types in the handler provided to the function and the
type of `on_resolution`.
Some servers decide to add newlines (and not \r\n) into that field, this
commit makes us tolerate that and not crash in cases like in #22463.
Fixes#22463.
Instead of returning HeapBlock memory to the kernel (or a non-type
specific shared cache), we now keep a BlockAllocator per CellAllocator
and implement "deallocation" by basically informing the kernel that we
don't need the physical memory right now.
This is done with MADV_FREE or MADV_DONTNEED if available, but for other
platforms (including SerenityOS) we munmap and then re-mmap the memory
to achieve the same effect. It's definitely clunky, so I've added a
FIXME about implementing the madvise options on SerenityOS too.
The important outcome of this change is that GC types that use a
type-specific allocator become immune to use-after-free type confusion
attacks, since their virtual addresses will only ever be re-used for
the same exact type again and again.
Fixes#22274
In XYZ space, gray doesn't have three equal values. Instead, it is
a line through the whitepoint.
(Multiplying by the whitepoint has the same effect as multiplying
the sRGB matrix with a (g, g, g) vector, since the numbers on
the matrix's rows add up to the whitepoint.)
Fixes the very slight red tint on all the figures in chapter 4
of the PDF 1.7 spec.
RISC-V uses a different convention for storing stack frame information
described here: https://github.com/riscv-non-isa/riscv-elf-psabi-doc/blob/master/riscv-cc.adoc#frame-pointer-convention
This part of the psABI is not yet in a ratified version, but both GCC
and Clang seem to use this convention.
Note that the backtrace dumping code still won't work for the initial
stack, as it is located before `kernel_mapping_base`.
We were previously only checking the first value, this is wrong for tags
that accept multiple values (e.g. ExtraSamples) and can lead to crashes
on malformed images containing tags with a count of 0.
The TIFF spec is constructed in a way that many tags are defined in
multiple places but some of these definitions are partial. If we look
into "Section 8: Baseline Field Reference Guide", we can see that these
tags indeed have an enforced length of 1.
To allow for easy mapping between the kernel virtual addresses and
KASAN shadow memory, we map shadow memory at the very end of the
virtual range, so that we can index into it using just an offset.
To ensure this range is free when needed, we restrict the possible
KASLR range when KASAN is enabled to make sure we don't use the end of
the virtual range.
This fixes the random kernel panics that could occur when KASAN is
enabled, if the kernel was randomly placed at the very end of the
virtual range.
Using a vector to represent a list of painting commands results in many
reallocations, especially on pages with a lot of content.
This change addresses it by introducing a SegmentedVector, which allows
fast appending by representing a list as a sequence of fixed-size
vectors. Currently, this new data structure supports only the
operations used in RecordingPainter, which are appending and iterating.
This is quite niche, but lets us convert parsing methods to accepting
TokenStream, while still being able to call them when we just have a
lone token. Specifically we'll use this in the next commit, but it's
likely to also be useful as a stop-gap measure when converting more
parsing methods.
Frequently we want to parse "anything that's a `<length-percentage>`" or
similar, which could be a constant value or a calculation, but didn't
have a nice way of doing so. That meant repeating the same "try and
parse a dimension, see if it's the right type, then maybe try and parse
a calculation and see if that's the right type" boilerplate code. Or
more often, forgetting about calculations entirely.
These helpers should make that a lot more convenient to do. And they
also use TokenStream, so we can eventually drop the old `parse_length()`
method.
All DOM node mutation IPCs now invoke an async completion IPC after the
DOM is mutated. This allows consolidating where the Inspector updates
its view and the selected DOM node.
This also allows improving the response to removing a DOM node. We would
previously just select the <body> tag after removing a DOM node because
the Inspector client had no idea what node preceded the removed node.
Now the WebContent process can just indicate what that node is. So now
after removing a DOM node, we inspect either its previous sibling (if it
had one) or its parent.
Rename them from "did_get_*" to "did_inspect_*", to correspond to the
request methods "inspect_dom_tree" and "inspect_accessibility_tree". No
functional change, but this makes it a bit easier to stare at IPC files
side-by-side and know which response method corresponds to a request
method at a quick glance.
With this change, we create substantially fewer border painting
commands, which means fewer reallocations of the vector that stores
commands.
This makes the rendering of
https://html.spec.whatwg.org/multipage/browsing-the-web.html visibly
faster, where we allocated ~10 of such commands now vs ~8000 before.
This commit adds minimal support for compiler-instrumentation based
memory access sanitization.
Currently we only support detection of kmalloc redzone accesses, and
kmalloc use-after-free accesses.
Support for inline checks (for improved performance), and for stack
use-after-return and use-after-return detection is left for future PRs.
We already have the src attribute stored as a String, so it's completely
wasteful to convert it to a ByteString. We were even doing it twice when
loading each image.
