Kevin Day [Tue, 29 Mar 2022 03:38:43 +0000 (22:38 -0500)]
Update: Finish writing tests, fix endianness, simplify some code.
Now that f_char_t exists and is in use, rename f_utf_character_t to f_utf_char_t to be consistent (and simpler).
The endianness detection is incorrect.
The BIG_ENDIAN is not represented as expected.
Change the detection to use GCC's __BYTE_ORDER__ macros.
Fallback to little endian if those macros are not available.
It took a while to figure out this was the problem and I got rather confused going back and forth between byte orders.
I think the changes I made are correct, but I need additional better testing on the byte orders.
Kevin Day [Mon, 28 Mar 2022 04:30:30 +0000 (23:30 -0500)]
Update: Bring f_utf project in sync with f_string.
I have been explicitly avoiding making change to f_utf until I finished updating and successfully vetted the f_string project.
Now that the f_string has tests that pass, mass update the f_utf project.
This changes the functions and structure to be inline with how f_string works.
Many of the fixes are brought over.
I have observed that several of the bugs that were recently in f_string is also present in f_utf.
These bugs in f_utf should now be fixed as well.
This tests are brought over.
Only the tests for functions that are shared between f_string and f_utf are implemented.
And then those tests currently cannot be compiled.
The reason is that normal quoted strings cannot be used with the special UTF dynamic strings.
I simply did not have the time to get to this to finish writing these tests for f_utf.
There are some parts of f_string that make no sense in f_utf, such as f_string_range_t and f_string_quantity_t (both of which can be used on f_string and f_utf strings).
These have been omitted when copying the relevant f_string into f_utf code.
Kevin Day [Mon, 28 Mar 2022 00:56:35 +0000 (19:56 -0500)]
Update: Restructure parts of f_utf project, and use f_utf_t, and add 'u' to hexdigits in common.h.
Move the relevant functions into utf/convert.h, utf/is.h, and utf/is_character.h.
Implement f_utf_t as a type of uint32_t.
This should allow more customizability on that type if need be.
It also provides a more explicit context.
Add 'u' to designate the hexdigits are unsigned (This likely more specifically means it is an unsigned int).
This might be removed if it becomes a problem with architectures where "u" represents 16-bits or less.
Due to the size of the work, I am avoiding making this change in all of the Unicode comparison functions.
There are quite a lot of hexdigits in use.
Kevin Day [Sun, 27 Mar 2022 22:22:18 +0000 (17:22 -0500)]
Bugfix: Partial string functions are incorrect.
The tests exposed these problems.
The *_assure() functions are operating as if they are *_assure_nulless().
Remove the NULL checks that should not be there and fix the documentation comments.
The *_assure() functions are not considering the following:
1) The case where range.stop is >= source.used.
2) The fact that range.stop is inclusive and should not be directly used in the same way that *.used is used.
In the case of (1), if the stop range result in it overflowing past the actual length, the previous code results in invalid reads.
In the case of (2), the stop.range needs to instead be stop.range + 1.
Kevin Day [Sun, 27 Mar 2022 16:00:28 +0000 (11:00 -0500)]
Update: Add additional tests for f_string project.
This adds tests for the f_string functions for functions defined in string.h.
This adds tests for the f_string functions for functions defined in dynamic.h that functionally mirror functions defined in string.h.
There are still more functions in dynamic.h that need to have tests written for them.
Kevin Day [Sun, 27 Mar 2022 15:19:04 +0000 (10:19 -0500)]
Bugfix: Incorrectly performing nulless string appends and prepends.
These problems are exposed by the tests that I am writing.
The destination->used < length check cannot be performed because of the presence of NULL characters.
The nulless versions of the strings may be identical even if their sizes do not match.
The only case where this check should still happen is when destination.used is 0.
The comparison operator is using the wrong variable in some cases ('j' should be used with 'destination').
Kevin Day [Sun, 27 Mar 2022 01:41:37 +0000 (20:41 -0500)]
Bugfix: Print functions are not always printing the entire string.
I observed this when working with printing binary data in '%Q'.
The fwrite_unlocked() might prematurely return but not on an error.
If it does, first check to see if it is an error and then keep trying until everything is printed.
This is more of a band-aid fix.
This requires an additional variable and an additional loop.
I would rather avoid all of this and so a re-design is likely necessary for greater efficiency.
As this is not my focus at the time I am going to tolerate this less than desirable design.
Kevin Day [Sat, 26 Mar 2022 16:22:39 +0000 (11:22 -0500)]
Bugfix: Increasing strings by too much.
The *_increase_by() methods already include the ".used" length.
The previous code is also adding the ".used" length resulting in an increase of ".used" * 2.
Kevin Day [Sat, 26 Mar 2022 02:38:08 +0000 (21:38 -0500)]
Bugfix: When using --at with --total for --content, the returned number is always 1 and should not be.
The code need to count all newlines rather than always returning 1.
This is likely a bug from copying the code from fss_basic_read where the non-zero count would indeed always be 1.
Kevin Day [Sat, 26 Mar 2022 02:34:34 +0000 (21:34 -0500)]
Bugfix: Invalid content count in FSS Basic List.
When F_none_eos or F_none_stop is returned, the content ends up having an additional size than the actual size.
This is happening because found->used++ is incremented immediately before returning.
When either F_none_eos or F_none_stop is returned, the content is not to be incremented.
Only the caller should know when to assume this is a proper ending representing the content end.
The macro private_macro_fl_fss_content_return_on_overflow_delimited() is only used in one place so remove it.
Make sure to initialize the content for all content read functions to ensure the content count is consistent.
Kevin Day [Mon, 14 Mar 2022 03:10:17 +0000 (22:10 -0500)]
Update: Consistency improvements with *_append() and *_append_all(), add tests, and other clean ups.
The array functions for managing structures needs to be consistent with the *_append() functions.
This introduces the *_append() all across the board.
The previous *_append() behavior is essentially refactored into *_append_all().
The *_append() now accepts a single type for a given structure rather than a set.
(The single type can still be representative of a set itself.)
Add a lot of tests.
Add missing f_iki tests.
The f_string tests are not fully implemented, the f_dynamic_* functions are only partially tested.
All of the other f_string structures should be fully tested now.
Make the macro_f_string_range_t_initialize() macro consistency with all other macros.
That is, the macro initialize that does not have a digit initializes using all of the structures members.
This effectively refactors macro_f_string_range_t_initialize() into macro_f_string_range_t_initialize2() and macro_f_string_range_t_initialize2() into macro_f_string_range_t_initialize().
Change the behavior of the *_resize() and *_adjust() functions to return F_none rather than a direct f_memory status code.
Update some of the string functions to return F_data_not_eos.
Restructure some of the code to be a bit more organized.
Specifically, the f_iki_data_t is moved into its own source and header files.
Reduce the clutter in some of the private source and header files by moving some of their content into separate individual files as appropriate.
Kevin Day [Thu, 10 Mar 2022 04:51:29 +0000 (22:51 -0600)]
Progress: Controller and Control sockets.
This also adds a new FSS: FSS-000F (Simple Packet).
I decided that this needs its own specific specification to represent it.
This further helps make it clear that a Packet is not the same as a Payload.
There can still be some confusion because the FSS-000F (Simple Packet) has a Payload Block.
That Payload Block contains the FSS-000E (Payload).
That FSS-000E (Payload) has a Payload section within itself.
This means that there are three different, but very similar (and also related), contexts used for a "payload".
To try and avoid this, I refer to the payload in FSS-000F (Simple Packet) as the Payload Block.
I refer to the payload in the specifications as the FSS Payload or the FSS-000E (Payload).
I refer to the payload within the FSS-000F (Simple Packet) as the Payload Object, the Payload Content, or the payload section.
Kevin Day [Wed, 9 Mar 2022 05:10:08 +0000 (23:10 -0600)]
Update: Revert back to 'char' rather than 'unsigned char'.
There are a lot more changes that I realized.
changing 'char' to 'unsigned char' will be for the next development release after the upcoming stable release.
Introduce the f_char_t type to allow for easier switching from 'char' to 'unsigned char'.
In all places that us 'unsigned char', just switch to 'char'.
Move the directory '..' and '.' into static strings.
Kevin Day [Tue, 8 Mar 2022 03:46:17 +0000 (21:46 -0600)]
Update: Switch to explicitly using sizeof() for char memset() and memcpy().
Different architectures might not actually have a 1-byte size.
Rather than assuming the common behavior, always call sizeof(unsigned char) to determine size of memset() and mempcy() functions.
Kevin Day [Tue, 8 Mar 2022 03:12:18 +0000 (21:12 -0600)]
Update: Avoid the generic 'char' and switch to the explicit 'unsigned char'.
Operations against unsigned are generally safer than the signed equivalents.
Using the generic 'char' may be different between compilers and expecations cannot be guaranteed.
This could result in obscure security issues.
Changing this to 'unsigned char' guarantees consistent behavior.
There are problems with some standard libc functions that expect char.
Explicitly cast to 'char' in these cases.
Kevin Day [Sun, 6 Mar 2022 22:56:52 +0000 (16:56 -0600)]
Progress: Implement controller to/from control networking.
Continue implementing the contoller to control communication.
I thought I described the packet structures in addition to the payload structure.
It seems I have not.
This begins adding the packet structure documentation.
Kevin Day [Sat, 5 Mar 2022 19:00:13 +0000 (13:00 -0600)]
Update: Provide open-standard-license-1.0.
The Open Standard License is a more formal definition of my original intents and license behind my Standards and Specifications provided in this project.
This standard is still considered an Informal Draft because I have yet to perform legal review and as such it is considered incomplete.
This standard will be formalized pending legal advice and even the name is subject to change.
I thought that there might be confusion between the LGPL license in this project (which focuses on Source Code) and the Standards and Specifications provided within this project.
To make this difference explicitly clear, I am in the process of formalizing the license.
One big important part of this is this license focuses on Implementations of the Standard or Specification.
This is a substantially different concept to what is used in the LGPL and similar licenses.
Kevin Day [Wed, 2 Mar 2022 05:51:29 +0000 (23:51 -0600)]
Update: Add test mode and provide -fstack-protector flag.
The recently added Github action for running tests is failing due to a stack overflow bug.
Compile with ssp explicitly enabled during testing to help better identify these cases.
The problem has not yet been identified and does not reproduce locally.
More investigation on that is be required.
This overflow happens while executing the cmocka based test.
There is the possibility that the overflow is in cmocka or as a result of how I am using cmocka.
Kevin Day [Tue, 1 Mar 2022 04:24:16 +0000 (22:24 -0600)]
Cleanup: Scripts syntax and styles.
The primary focus is on fixing the uppercase letters for the error and warning statements to follow proper sentence structure.
Other clean ups are incidental.
Kevin Day [Tue, 1 Mar 2022 02:49:52 +0000 (20:49 -0600)]
Regression: Some IKI vocabularies are missing their first character.
The previous bugfix (4f0c01eb) failed to check for additional problems introduced by the changes.
I should focus on writing unit tests for fl_read() shortly.
Kevin Day [Tue, 1 Mar 2022 00:49:51 +0000 (18:49 -0600)]
Update: Socket parameters, rename f_socket_bind_file() to f_socket_bind_local(), and return F_local_not when UNIX socket is required.
Make the f_socket_t passed to the f_socket_bind() and f_socket_bind_file() a pointer constant.
Use the f_socket_bind_local() rather than f_socket_bind_file() to better communicate that this is a local (UNIX) socket.
The f_socket_bind_local() requires the socket to be a local (UNIX) socket, so return F_local_not (with error bit) if it is not a local (UNIX) socket.
Kevin Day [Sun, 27 Feb 2022 01:33:59 +0000 (19:33 -0600)]
Bugfix: A Rule's "define" settings are not being exported.
The exporting of the define is never performed and needs to be.
This is a quick implementation.
I've added a TODO describing what I really want to do.
The improved implementation is to be addressed after the FLL-0.5.8 release.
Kevin Day [Sun, 27 Feb 2022 01:31:19 +0000 (19:31 -0600)]
Feature: Maps and Multi-Maps should support appending a single map rather than just an entire set.
This is really an oversight on my part.
The append should by default append a single item.
To append an entire set, a new function should be used (an append all function).
This should be done for all of the string types that are applicable.
Such changes are left for the next release and are not planed for the 0.5.8 release.
This functionality is necessary for bug fixes in the controller program.
Kevin Day [Sun, 27 Feb 2022 00:31:48 +0000 (18:31 -0600)]
Feature: Implement IKI support in controller program.
The functionality is designed to mimic some of the design used in Featureless Make in regards to IKI variables.
There are now "define", "parameter", and "program" IKI vocabularies available.
The "program" should probably have some sort of security property in an Entry to restrict its use.
There is a likelyhood of some design not wanting to expose the program parameters to the Rule.
I may also want to implement a "time" vocabulary in the future (likely to happen no sooner than FLL-0.5.0).
It appears that the define environment variables are not being exported as expected.
This is either an existing bug or a problem in the new feature.
Having reviewed this, I suspect that the problem is in the existing design.
A follow up commit will address this issue.
The --simulate and --test displays any loaded IKI variables.
Kevin Day [Sat, 26 Feb 2022 22:21:04 +0000 (16:21 -0600)]
Update: Delete socket rather than resize when array is over large.
I realized that this might be more performant.
If I have to resize the array because it is over large, then a resize could result in a copy of memory.
At this point in the program, the data is irrelevant.
I suspect deleting the array will perform better than resizing the array to a smaller size.
Kevin Day [Sat, 26 Feb 2022 17:20:01 +0000 (11:20 -0600)]
Security: Invalid va_arg() call resulting in overflow.
This overflow doesn't seem to cause crashes, which is even scarier as has gotten away with unnoticed.
The else condition inside of the formatted print functions are accidentally declaring va_arg() when it shouldn't.
The except_at and except_in are also being unnecessarily declared.
Kevin Day [Sat, 26 Feb 2022 16:50:26 +0000 (10:50 -0600)]
Security: The va_list has undefined behavior when passed into functions.
When the va_list is started using va_start(), the va_arg() must be called within the same function.
This is a design problem with how va_list and its respective functions are implemented.
The man pages directly document that passing an already started va_list to a function and then calling va_arg() is undefined.
The va_list, being a macro, might also be a pointer.
This makes passing it as a pointer (or with "const") risky.
Due to the mentioned undefined states and risks, this is considered and treated as a security issue.
Move the va_XXX() logic into a single function.
This unfortunately means some functions have to be expanded out into the code and deleted.
The code now, unfortunately, has more nested as a result of having to add more loops within the same function.
The va_copy() macro is used and so the ap list state is no longer changed outside of the function.
Kevin Day [Sat, 26 Feb 2022 05:04:47 +0000 (23:04 -0600)]
Bugfix: Improper IKI vocabulary position for when a quote is immediately to the left of the vocabulary name.
I distantly remember attempting to shorthand and optimize the logic to reduce the while loop usage.
This appears to have backfired in that I missed one of the possible conditions.
An example of this is the following bash command utilizing IKI substitution:
echo "IKI Path is 'define:"PATH"'"
In the aboce string, the bug is claining the IKI variable is "'define".
The quote is not a word charcter, not a dash, and not a plus.
The IKI vocabulary is supposed to be "define".
Redesign this back to have the multiple loops.
While this is messier, it should be harder to make a logic mistake.
Cleanup some of the logic to not need the private_f_iki_seek_special() function.
Make sure the width is always calculated prior to calling the UTF aware string functions.
Update wording in iki.txt specification to make a little more sense.
Kevin Day [Sat, 26 Feb 2022 04:58:24 +0000 (22:58 -0600)]
Bugfix: private_fl_print_convert_number() problems and do some cleanup.
The private_fl_print_convert_number() function stops either on non-diit, asterisk, or NULL.
The code is subtracting 1 from the string position.
This allows for the subsequent continue and resulting string increment to not overflow the buffer.
The problem happens when the stop position is a non-digit.
This non-digit is effectivly being skipped by this logic.
Change the logic to always return a position that will allow the subsequent increment without modification.
The position at function exit must never be pointing at NULL.
The position at function exit must never be pointing at a non-digit.
Use "++string" instead of "string += 1".
Change the structure to order from 8, 16, 32, 64, and 128.
Kevin Day [Sat, 26 Feb 2022 03:45:37 +0000 (21:45 -0600)]
Bugfix: Improper if condition range check.
This is supposed to check the start and stop range, but accidentally checks the start range on both side.
This mistake appears to have been copy pasted quite a few times.
Kevin Day [Fri, 25 Feb 2022 04:10:04 +0000 (22:10 -0600)]
Update: Return F_data_not when amount or size is 0 in memory allocation functions and add missing F_string_tripless_t.
Return F_data_not rather than return F_parameter (with error bit set).
This allows for more possibilities where a set of data may be calculated without worrying about an error that is not really an error.
If you want to allocate nothing, then nothing is allocated (and the same for deallocated).
The resize and adjust functions still use a length of 0 as synonymous to deleting the data.
The array of an array of F_triple_t is no longer missing.
All appropriate allocation functions are defined.
Kevin Day [Wed, 23 Feb 2022 04:04:15 +0000 (22:04 -0600)]
Update: IKI Improvements and some cleanups.
The _di_X_t_ where "X" is something like f_fss_object, is missing the leading "f_" in several cases.
Make the *_increase() step variable an f_array_length_t.
Rather than trying to optimize, just guarantee whatever step size is desired is available.
Move the iki_read programs practice of defining an iki_data_t structure into the level_0 iki project.
This then allows simplifying the arguments passed to the iki read functions.
Kevin Day [Mon, 21 Feb 2022 01:52:21 +0000 (19:52 -0600)]
Update: Controller and control.
Fix bug in control where parameter should be "settings" and not "socket".
The controller can now detect the current path and provide a canonical relative path only for paths whose actual canonical path is within the current working directory that the controller program started in.
Fix printing of the help in the controller program (missing slashes).
Don't create socket and pid files when running validate and simulate.
When running simulate, still create the pid and socket files as appropriate.
Add new entry setting to allow explicitly setting the pid file path.
Remove no longer necessary functions that ensure terminating NULL.
The recent changes in the string functions now guarantee this.
Remove a lot of todo comments.
I will either get to them or not.
I plan on getting to writing IKI support.
It needs to happen and I can use the Fake program as an example.
Kevin Day [Sun, 20 Feb 2022 06:48:32 +0000 (00:48 -0600)]
Update: Make sure constant pointers that are intended to be read-only are just that.
I often read "const char *name" as a constant pointer.
This is strictly incorrect.
This actual means that this is a pointer to a constant character.
Mass change the pointers to constants that are intended to be themselves constant.
This is changed via a regex and test to compile and run.
I'm not sure if there are any problems with this change but everything seems fine.
This new code looks more awkward but is strictly correct.
Now "const char * const name" represents a constant pointer to a constant string.
This makes the parameter a constant and still allows for the pointer to point to a constant variable.
Kevin Day [Sun, 20 Feb 2022 00:36:52 +0000 (18:36 -0600)]
Progress: Continue mass converting to f_string_static_t and use const more.
In particular this separates the fl_conversion functions into two forms:
1) That accepts only the f_string_static_t and uses dynamic.used as the length.
2) That accepts both f_string_static_t and f_string_range_t and uses the range to determine the length.
This makes the conversion functions more consistent with the rest of the project's practices.
Kevin Day [Sat, 19 Feb 2022 13:45:44 +0000 (07:45 -0600)]
Update: Fakefile inner Objects should load the last Object from settings Section.
Use the last found Object for each name for Objects that support only a single value.
That is to say if there is:
load_build yes
load_build maybe
load_build no
Then the last load (whose value is "no") will be used.
No warnings will be thrown.
Objects that support multiple values will continue to append Content for each Object as they are found.
This does not change the "settings" and "main" Objects to match this behavior.
Those will remain as first specified is the first and only one processed and used.
This makes the behavior with the fakefile more consistent with the build settings.
Kevin Day [Sat, 19 Feb 2022 04:49:48 +0000 (22:49 -0600)]
Feature: Enable support for modes on (almost) all Fake build settings Objects.
The only ones that are now not supposed to support this are the "modes" and "modes_default" Objects.
It should now be possible to build against clang with a command like the following:
fake clean build -m monolithic -m clang
This is possible because of the "build_compiler-clang clang" and similar settings added to the build settings file in addition to the functionality added by this commit.
Kevin Day [Sat, 19 Feb 2022 02:10:16 +0000 (20:10 -0600)]
Security: Invalid reads, always add NULL for compatibility.
After switching from f_string_t to f_string_static_t, the NULL terminated string problem has become apparent.
If at any point in time these strings are passed to a standard function that expects NULL terminated strings, then an invalid read (or write) can occur.
Manually appending a NULL termination every time its needed has made the code messier than I would like.
This commit changes the behavior to instead always append a NULL termination after the string.used when appending strings.
I accept the additional resource cost of 1-byte per string to guarantee this.
This should make the program more easily more secure by catering to the NULL terminated string code out there.
This project still doesn't need the or care about NULL termination for most (but not all) of its functions.
Kevin Day [Fri, 18 Feb 2022 04:11:06 +0000 (22:11 -0600)]
Security: Executed program string is not NULL terminated.
While the FLL code doesn't need NULL termination, the C/POSIX execute functions are.
The lack of a NULL terminated results in an invalid read on execute.