Kevin Day [Tue, 6 Aug 2024 03:12:48 +0000 (22:12 -0500)]
Security: Missing range checks on comment processing.
The fss_payload_read such as the runtime test is wrong:
# fss_payload_read -ocn payload level_3/fss_read/tests/runtime/fss_000e/source/test-0002-mixed.fss -t
The output is 1 but should instead be 4.
# fss_payload_read -ocn payload level_3/fss_read/tests/runtime/fss_000e/source/test-0002-mixed.fss | wc -l
Investigating this problem revealed that the comment handling code is failing to perform a range check.
The overflow is causing the stop range to point to some random memory address which is almost always larger than the file.
This results in the count being wrong.
This bug is a security concern.
Add the range check in all places where this range check is missing for the comments.
Add additional runtime tests to reflect the condition that exposed this issue.
There is now a "payload" test for all runtime tests.
Update the testfile to make manually generating and verifying the runtime tests easier.
The "generate" and "verify" fakefile operations could not be directly called due needing additional data setup.
Also expose the "test-" setting as a parameter to make changing it easier.
I also overlooked some cases where I could perform the same optimization used for the referenced commit in some places.
Also use the literal ASCII characters rather than the strings.
The ASCII codes are required and expected and substitution of the characters for the algorithm do not make sense here.
These are characters rather than strings.
Kevin Day [Mon, 5 Aug 2024 01:14:19 +0000 (20:14 -0500)]
Bugfix: Incorrect settings in the fss_read runtime tests.
Several of the tests are "object" tests but use "content" data.
Some tests are both "object" and "content" tests but do not use both.
This is now updated, however there are too many tests to update and fix.
The output is simply re-generated, which to forces a success (even if they should fail).
I need to come back at a later time and review the output.
There are some known problems such as:
# fss_basic_list_read -oc -n hi -t level_3/fss_read/tests/runtime/fss_000e/source/test-0002-mixed.fss
Which results in a wrong count.
# fss_basic_list_read -c -n hi -t level_3/fss_read/tests/runtime/fss_000e/source/test-0002-mixed.fss
vs
# fss_basic_list_read -c -n hi level_3/fss_read/tests/runtime/fss_000e/source/test-0002-mixed.fss | wc -l
Historically the step was always 3.
I found, over time, that increasing the step greatly to something like 128 could greatly reduce memory consumption and performance in many cases.
In the situation where a large number of small objects are allocated then this number like 128 becomes highly abusive.
The simple low allocation step will only allocate a single unit on the very first allocation.
If the next allocation is on an array that has a size greater than one and less than four (via the tiny define), then the step size is set to four during allocation.
If the next allocation is on an array that has a size greater than four and less than eight (via the small define), then the step size is set to eight during allocation.
If the next allocation is on an array that has a size greater than eight and less than sixty-four (via the large define), then the step size is set to sixty-four during allocation.
In all cases, if the request step is less than the calculated step, then the requested step is used.
For example, if the requested step is twelve, then after eight is allocation, then the next generated step size is twelve rather than sixty-four.
Using some test files, shows the following reduction:
- Old: ~8GB of RAM -> New: ~200MB of RAM.
- Old: ~500MB of RAM -> New: ~20MB of RAM.
Update the unit tests accordingly and fix any problems exposed.
Kevin Day [Sun, 4 Aug 2024 00:40:49 +0000 (19:40 -0500)]
Update: Optimize away the isdigit(), isalpha(), isalnum(), and isxdigit().
I did some research and learned that the "is*()" functions can greatly affect performance due to locale and other manners.
I originally used these to allow for well established optimization to take place.
Replace these with some mathematical operations that should increase performance.
This also means no function call on the stack.
This project is already function stack heavy by design and so reducing functions when easy is a great thing.
Start using literal characters rather than the standard strings for the UTF related functions.
In these cases the ASCII expectation is guaranteed.
The ability to override these is also not practical as the meaning should not change.
I have not looked at all of the "is*()" functions and I may address any remaining ones at a later time.
I potentially may also investigate mapping tables to further improve performance.
These math calculations can be used in a lot of the non-ASCII UTF ranges as well.
I opted to not do these just yet given that such work will take a large amount of time.
I have not done any performance analysis yet but I plan to do so.
Kevin Day [Sat, 3 Aug 2024 00:43:04 +0000 (19:43 -0500)]
Bugfix: The private_f_abstruses_delete_switch() and private_f_abstruses_destroy_switch() both need wrapping defines.
The previous commit a2e1999a3e5c02a980fcbe9977b059c4639ea741 has a wrong define wrapper added.
The _di_f_abstruses_delete_ was added when it should instead be _di_f_abstruse_map_delete_.
The private_f_abstruses_destroy_switch() is also overlooked by that commit.
This adds the _di_f_abstruse_map_destroy_ to the private_f_abstruses_destroy_switch().
Kevin Day [Thu, 1 Aug 2024 02:33:32 +0000 (21:33 -0500)]
Bugfix: Add stage setting to standards to prevent build state file conflicts.
The build state stage files are conflicting in some cases.
The old solution to this problem has been observed as insufficient.
The different build settings might have the same exact file name.
I have tossed around the idea of a settings Object such as "stage" in the past but I had previously opted against it.
I now believe that skipping over this was a mistake.
Add a new feature to the standards to fix this bug.
The "stage" value may now be specified.
The fakefile files accept the "stage" setting and passes the result along to any build settings.
The settings files accept the "stage" setting and uses the value by appending it to the stage files.
Only a single value is supported.
The forward and backward slashes are explicitly prohibited.
Other special characters are recommended to be avoided given the possibility of local file system problems.
Rather than erroring out, this slashes are stripped out.
The bootstrap.sh script is updated to support this.
The support for "stage" in the boostrap.sh script is very limited.
Kevin Day [Wed, 31 Jul 2024 02:45:20 +0000 (21:45 -0500)]
Refactor: Change bit-wise enumerations into defines.
I did some reviewing of how the enumerations used for flags are used.
These generally are not being used as a type.
An enumeration slightly increases the resulting binary size.
Enumeration values might be limited to just type of int.
This seems like an easy (small) optimization to just use defines rather than enumerations for flags and other bit-wise numbers.
Kevin Day [Sun, 28 Jul 2024 22:18:07 +0000 (17:18 -0500)]
Update: The format sentence end strings, making their usage more clear.
The sentence ends, unlike the other similar global static strings, does not have the "_single" in the name.
Add the "_single" in the name and then for consistency addthe case where there should be no "_single".
These cases are as a result now handled:
- ".%r".
- "'.%r".
- "%[.%]%r"
- "%['.%]%r"
- "%[%[.%]%]%r"
- "%[%['.%]%]%r"
Kevin Day [Sun, 7 Jul 2024 03:05:54 +0000 (22:05 -0500)]
Bugfix: The f_memory array append and append all need to allow for sources to be NULL.
A valid array that is not allocated will have a size of 0.
Passing these to the function should not result in an error.
If the size is 0, then there is nothing to copy even though array is NULL
This is all fine.
Update the documentation comments to be more explicit on NULL in the parameters.
Kevin Day [Fri, 14 Jun 2024 02:52:11 +0000 (21:52 -0500)]
Security: Console parameter single short values array is too small.
The short parameters "needs" variable now increases the array size before assignment.
The following command line calls are used to expose the problem and its resolution:
# fss_basic_list_read specifications/fss.txt +Q -cn "Featureless Settings Specifications" | iki_read +Q -w -rrrrrrrr anti-KISS 'anti-<abbr title="Keep It Simple Stupid">KISS</abbr>' ASCII '<abbr title="American Standard Code for Information Interchange">ASCII</abbr>' BOM '<abbr title="Byte Order Mark">BOM</abbr>' FSS '<abbr title="Featureless Settings Specifications">FSS</abbr>' KISS '<abbr title="Keep It Simple Stupid">KISS</abbr>' UTF-8 '<abbr title="Unicode Transformation Format 8-bit">UTF-8</abbr>' URL '<abbr title="Byte Order Mark">URL</abbr>' XML '<abbr title="Extensible Markup Language">XML</abbr>' -WWW character '<code class="code">' "</code>" code '<code class="code">' '</code>' italic '<em class="em">' '</em>'
Kevin Day [Tue, 11 Jun 2024 00:12:18 +0000 (19:12 -0500)]
Bugfix: The fl_directory_create() needs to also handle F_file_found_not.
Creating an entire directory tree is not working as expected when creating non-existent directories that are two levels or greater deep.
For example take "a/b/c", if "a" exists but neither "a/b" nor "a/b/c" then the create fails.
For example take "a/b", if "a exists but not "a/b" then the create succeeds (or appears to because I never noticed the bug before).
The ENOENT (aka: F_file_found_not) is sometimes returned rather than ENOTDIR (aka: F_false) from f_directory_exists().
Process the ENOENT F_file_found_not.
I noticed some problems in the logic of the fl_directory_create() function as well.
The memcpy() needs to start from the same offset as the source copy offset.
Otherwise, the copy is overwriting the string.
Make sure to place the NULL at the "at_path" rather at "at_path - at_tree".
The initial assignment of "tree.used" is not necessary.
Kevin Day [Mon, 10 Jun 2024 00:00:24 +0000 (19:00 -0500)]
Update: Add all of the fl_print_format() replacement sequences as a static string.
I probably should create a single and double context for every sequence as well.
That is rather time consuming so I will do this some time in the future.
Kevin Day [Thu, 6 Jun 2024 01:11:37 +0000 (20:11 -0500)]
Feature: Add "Magic Bit" to the FSS-000F (Simple Packet) format.
Make the FSS-000F (Simple Packet) format more generalized and flexible by allowing other payload formats than only formally supporting FSS-000E (Payload).
This adds a new optional "Magic Block" that is designated via the "Magic Bit", which is the third bit from the left.
This should make it easy to store the Simple Packet as a local file.
This should make it easier for routing to optimize processing of the packet by quickly identifying the packet.
The "Control Block" and the "Size Block" have static sizes and positions, which should make it easy to identify the "Magic Block".
The third bit should be checked and then the "Magic Block" should be checked when trying to quickly identify the packet type via the "Magic Block".
Kevin Day [Sun, 2 Jun 2024 15:44:32 +0000 (10:44 -0500)]
Cleanup: Add newline before NULL comment and add dash to de-allocate.
The "Must not be NULL." documentation comments are not consistently structured.
I don't remember which decision I made and so now I am just forcibly setting the same structure with a new line before it.
Kevin Day [Thu, 23 May 2024 03:23:23 +0000 (22:23 -0500)]
Update: Remove the ++first and ++last parameters and relating logic.
I have used this for a while and have decided these are not worth the effort.
The addition is very nice but the additional code and logic is just extra maintenance and complexity for very little gain.
Kevin Day [Sat, 20 Apr 2024 04:29:22 +0000 (23:29 -0500)]
Update: Add additional time types, refactor f_time_spec and similar, and rebuild stand alone build configs.
The f_time_spec_t is not the same as "struct timespec".
Avoid confusion by renaming it to f_time_simple_t.
rename f_date_spec_t to f_date_simple_t for the same reason.
Add additional types and now that f_time_spec_t is available, create f_time_spec_t as a typedef of "struct timespec".
Update the stand alone build scripts with all of these changes and some changes from previous commits.
Kevin Day [Mon, 15 Apr 2024 04:02:08 +0000 (23:02 -0500)]
Update: Add experimental ctags generation and ctags file.
This is used by projects like geany.
Unfortunately, the code is terrible and the documentation is like rotten eggs.
They seem to somehow put hard-coded paths in the ctag files which makes absolute no sense.
Then, the geany project provides completely different ctag files that do not have this path nonsense.
The geany documentation does not relate to their actual ctag files and the ones provided by their example.
The Universal-ctags documentation, while having a lot of words, is misleading, awkward, and doesn't even describe how to get rid of these paths nor how to omit the paths.
Following the parts that does seem to read as if it means removing the path does absolutely not this.
The geany does not even import this file properly, despite the command coming directly from geany's documentation.
Using geany to generate this produces better results but also includes a lot of other junk that is unwanted.
It also includes the file paths.
Having the file paths makes these generated ctag files completely useless as it requires some other person to have the exact same absolute file path structure.
For now, attempt to strip out the absolute path using a sed command.
Add use of this in the unit test.
Remove seemingly duplicate unit tests.
Maybe I was trying to do a case of "bind()" returning "false", but the code does not do that in the duplicate unit tests.
Remove the duplicate unit tests as I can always add the "false" case in the future if I so choose to.
Kevin Day [Wed, 10 Apr 2024 02:48:15 +0000 (21:48 -0500)]
Update: Have fll_program_print_copyright() use year and author as a parameter.
The year and author may be more subject to change.
Relocate this into a global static string and provide this is a parameter to fll_program_print_copyright().
The fll_program_print_copyright() is only intended for FLL projects.
Additional programs that I write, like controller, may also depend on this.
These may be operated on at a different time and thus may require the year or author to be updated.
Any more changes than this and it is probably a better idea to just implement ones own copyright print function.
Kevin Day [Wed, 10 Apr 2024 02:29:03 +0000 (21:29 -0500)]
Cleanup: The OSLv1 license usage, fixing license reference.
The license should read "open-standard-license-1.0-or-later" rather than "open-standard-license-1.0".
The license file itself is already labelled this.
These files simply were not correctly updated.
Kevin Day [Mon, 8 Apr 2024 01:53:03 +0000 (20:53 -0500)]
Update: Add support for disable pthread mutex prioceiling for systems that do not support it.
The pthread mutex prioceiling functions are not supported on PostmarketOS for Pinephone.
The PostmarketOS for Pinephone is an A64 Arm system based on the Alpine Linux distribution.
Kevin Day [Fri, 29 Mar 2024 21:44:04 +0000 (16:44 -0500)]
Cleanup: Incorrect example in IKI specification.
The example in the iki.txt specification has several errors.
Of particular note is the first code is incorrectly escaped and the terminating single quote discludes the example block.
The Objects and Contents example results is entirely incorrect.
There is no change to the specification rules itself and I do not technically need to change the version.
However, given how long it has been incorrect I have decided to up the version date to make the correct file easier to identify.
Kevin Day [Fri, 29 Mar 2024 03:50:21 +0000 (22:50 -0500)]
Bugfix: Problematic handling of object files.
The object files are not being compiled correctly when performing a static build.
There may now be multiple object sources files which are now built individually.
The build object sources must be built without source code files.
The logic is relocated into a fake_build_library_static_object() function to build the object files.
These files are then included when static linking.
A new build stage is also added to accommodate this.
Building the objects should not include libraries linked.
Remove the logic that auto-adds the library linkage when building objects.
Break out the "path_sources" Object into multiple sub-parts:
- "path_sources_headers".
- "path_sources_library".
- "path_sources_object".
- "path_sources_program".
- "path_sources_script".
Update the documentation and specification files accordingly.
Add missing version dates to the specifications.
Update the bootstrap.sh script with these changes.
Fix incidental problems discovered in the bootstrap.sh script:
- Remove already compiled warning as it is not needed and is not exhaustive.
- Improve handling of directory detection and simplify the relating code.
- The built setting files are now being properly checked (a regression caused them to not be properly checked).
The "path_sources_object" setting designates that this can handle multiple files but the implementation fails to handle this.
Rewrite the implementation to handle multiple object files by creating each object file separately.
The specification also designates that the "build_name" is used, which makes no sense for multiple object files.
Remove this such that the object files are created based on the original source file name (without the extension).
Clarify the documentation, updating the specification.
Break out the individual settings that are related that should be updated for consistency.
These are path_sources_headers, path_sources_library, path_sources_program, and path_sources_script.
Kevin Day [Sat, 16 Mar 2024 04:10:49 +0000 (23:10 -0500)]
Progress: Controller program migration from 0.6 to 0.7.
This gets most things compiling.
This should not work.
The changes made are just to reduce the compilation errors and to get the code into a near good enough state to start really migrating.
I am going to rewrite this side-by-side to this code now that I have seen what I need to do.
I may likely use this as a starting point for porting this over into its own separate project.
That project has already been created but is pretty much empty.
This will be long and rather painful migration process but it will be worth it.
Kevin Day [Thu, 14 Mar 2024 03:26:28 +0000 (22:26 -0500)]
Progress: Controller program migration from 0.6 to 0.7.
There are way too many changes needed.
Start doing some initial structure updates and directly relating code.
Move a lot of the structures to common.h, temporarily.
This will eventually be moved out.
Kevin Day [Wed, 13 Mar 2024 02:09:36 +0000 (21:09 -0500)]
Update: FSS-000E specification, adding "salt" and "time" as suggested headers.
I intend to keep the recommended and now suggested headers to a bare minimum.
I have decided that "salt" and "time" should be common enough and important enough to add to this small list.
Kevin Day [Mon, 11 Mar 2024 00:00:41 +0000 (19:00 -0500)]
Update: Wrap up unit tests for fl_fss_payload_header_map() and fix observed problems.
The unit tests for fl_fss_payload_header_map() are lacking significant combinations and permutations.
This, however, is being considered good enough for a first pass.
More complex and broader cases will hopefully be handled in some likely relatively distant future.
The null_quantity flag does not make any sense as the variable "total" can be 0 and that should not logically be considered NULL.
Make sure strings are NULL terminated for the cases where the code adds an extra space and then unassigned the used length of that space.
Handle cases where range.start > range.stop, aka NULL range.
Various other fixes.
Kevin Day [Sat, 9 Mar 2024 06:47:12 +0000 (00:47 -0600)]
Progress: Add more unit tests for fl_fss_payload_header_map() and fix observed problems.
There needs to be f_abstruse_t and f_abstruse_map_t delete and destroy methods.
Update the builld disable headers (which shows that I haven't updated that in a while).
The private_f_abstruses_delete_switch() is not correctly deallocating data.
The f_fss_payload_header_state_t and f_fss_payload_header_internal_t should instead be fl_fss_payload_header_state_t and fl_fss_payload_header_internal_t.
Kevin Day [Wed, 6 Mar 2024 03:57:35 +0000 (21:57 -0600)]
Progress: Add dynamic, dynamics, and map unit tests for fl_fss_payload_header_map() and fix several problems.
Switch character width loops with memcpy().
Add cases where trailing string should be removed.
Make sure private_fl_fss_basic_write() is only called when the cache is not empty.
Make sue the internal.range is properly set when calling private_fl_fss_basic_write().
Ensure that when any quote is used that they get quoted where appropriate.
Ensure that when key has used of 0, the start range is greater than the stop range to designate a NULL range.
Add dynamic, dynamics, and map unit tests.
Make the tests test the string first rather than the used so that when there is an error it is easier to debug.
Remove unused/stale commented out code.
Switch fss_write flag from 16-bit into 32-bit.
This is necessary because more bits than 16 are in use.
Kevin Day [Sun, 3 Mar 2024 05:13:02 +0000 (23:13 -0600)]
Bugfix: FSS Extended Write is incorrectly adding a delimit slash for the first quote character.
If the first character in the string is a quote, then a delimit slash only needs to be added when there is a space after the quote.
If there is a graph character after the quote, then the delimit slash is not needed.
projects / fll / log