Since this program is setuid-root, it should be as simple as possible.
To that end, remove `/etc/plsusers` and use filesystem permissions to
achieve the same thing. `/bin/pls` is now only executable by `root` or
members of the `wheel` group.
Also remove all the logic that went to great lengths to `unveil()` a
minimal set of filesystem paths that may be used for the command.
The complexity-to-benefit ratio did not seem justified, and I think
we're better off keeping this simple.
Finally, remove pledge promises the moment they are no longer needed.
This only affects malformed RSA keys. Instead of accepting and
continuing with potentially broken pointers (and in ASAN, crashing), we
now consider bitmaps malformed, and stop parsing.
Found by OSS Fuzz: #31698, long-standing-bug:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31698
Fun fact: The "if" only exists because of OSS Fuzz.
8cc279ed74
printf didn't check whether the additional integer variable belongs to
the field width specifier or to the precision specifier, and always
applied it to the field width instead.
Implement the case distinction that we already use in literal width
and precision specifiers for the variable version as well so that
they are correctly attributed.
POSIX (`errno(3p)`) states that errno should not be set to zero.
This helps with applications that don't expect errno to get updated
unless an intermediate syscall also fails.
There were a few cases where we could end up logging profiling events
before or after the associated process or thread exists in the profile:
After enabling profiling we might end up with CPU samples before we
had a chance to synthesize process/thread creation events.
After a thread exits we would still log associated kmalloc/kfree
events. Instead we now just ignore those events.
Previously there was no way to output an empty value into the shadow
file entries when the spwd members were disabled. This would cause new
user entries to the shadow file to be cluttered with disabled values.
This commit checks if the spwd member value is diabled (-1) and will
output as appropriate.
These dbgln's caused excessive load in the WebServer process,
accounting for ~67% of the processing time when serving a webpage
with a bunch of resources like serenityos.org/happy/2nd/.
wint_t is also not supposed to be defined by sys/types.h, but should
be defined in wchar.h instead. Since we require it for our definition of
btowc, let's move it to the correct place.
The wrong shift effectively set the upper byte to 0, meaning that
durations longer than 255 centiseconds (2.55 seconds) were wrapped
around. See serenity-fuzz-corpora for an example.
Rather than having the toolchain build fail half-way through we should
check whether the user has installed all the required tools and
libraries early on.
Our "frame" concept very closely matches what the web specs call a
"browsing context", so let's rename it to that. :^)
The "main frame" becomes the "top-level browsing context",
and "sub-frames" are now "nested browsing contexts".
The index of the tree column will not change while painting.
Neither will the number of columsn. So avoid a whole bunch of virtual
function calls by caching these two values at the start of painting.
Textures are now initialized with a nullptr upon generation.
They are only actually created once they are bound to a target.
Currently only the GL_TEXTURE_2D target is supported.
The software rasterizer now allows rendering with or without
a bound TEXTURE_2D.
