1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00
Commit graph

202 commits

Author SHA1 Message Date
Andy Green
70dc6783e0 coverity 472859: jpeg restart_interval 2025-01-22 08:43:45 +00:00
Andy Green
04707231d2 coverity 472862: cookiejar overflow 2025-01-22 08:43:36 +00:00
Albert Ribes
1fccae47ed lejp: E implies float
Since eg, 1e-3 is a float without needing a decimal point, let's just
generally take it that anything with the exponent token is a float, ie, 1e3
is also a float despite it can be expressed as an integer.

This seems right also because E is itself not valid in an integer.

https://github.com/warmcat/libwebsockets/issues/3308
2025-01-10 13:59:09 +00:00
Andy Green
4393edf1a5 esp-idf-update 2024-11-03 07:59:12 +00:00
Andy Green
d026f6d1b6 idf: cleanups 2024-11-03 07:59:12 +00:00
iwashiira
a7e21153b0 upng: implement stricter integer overflow check
https://github.com/warmcat/libwebsockets/pull/3156
2024-09-25 09:08:30 +01:00
iwashiira
090ec8ef6b lepc: added bound check for collect_tgt 2024-05-30 05:46:25 +01:00
Andy Green
d1d622d3b9 upng: fuzz: handle 0 width 2024-05-16 08:44:14 +01:00
Andy Green
1e0953ffb8 dlo-lhp: take care margin and padding atr may be NULL
iwashiira on github https://github.com/warmcat/libwebsockets/issues/3140
found the html / css calculation could end up with NULL margin sizes.
2024-05-12 05:55:18 +01:00
Andy Green
bcde9a5b49 lhp: assert if NULL css stack coming to lws_csp_px
iwashiira on github https://github.com/warmcat/libwebsockets/issues/3140
found the html / css calculation could end up with NULL margin sizes.

This causes an assert if we get this unacceptable situation as far as
lws_csp_px()
2024-05-12 05:55:18 +01:00
iwashiira
8e84473e3c jpeg: extend mcu_buf_len so that pDst does not cause OOB 2024-05-12 05:17:50 +01:00
iwashiira
7218743472 upng: check ims limits 2024-05-09 14:43:33 +01:00
DomB
f88792df37 lecp: fix format_scan function for numeric longer than 2 digits and negative numbers 2024-01-08 08:25:59 +00:00
Philippe Ombredanne
b391e1141a License: Fix typo in MIT text in fsmount.c
Somehow, a string replacement of ns by fsm had damaged
the license text and introduced garbage.

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
2023-11-27 09:44:13 +00:00
Daren Hayward
22621f30be b64: lws_b64_decode_stateful truncates response
Addresses issue #2855 by allowing the parsing of the final byte when there are at least 3 bytes remaining in the buffer.

For every 4 bytes of input, a maximum of 3 bytes of output are generated when decoding the base64 string. The buffer space, therefore, only requires an additional 3 bytes of space. The code checks for space in the buffer before adding null termination.
2023-11-23 09:45:11 +00:00
Andy Green
e8eb7d6bd6 dlo: add render_to_rgba 2023-02-10 06:03:43 +00:00
Arenoros
e3ed2ba690 From a966322704 Mon Sep 17 00:00:00 2001
Subject: [PATCH] fix build on QNX 6.5.0
2022-07-13 06:24:12 +01:00
Andy Green
608688b308 upng-gzip: fuzz: size temp arrays to worst huff size
https://oss-fuzz.com/testcase-detail/5964400971874304

The original upng code this is based on just sizes the temp buffers for 15,
but the trees can come in 19, 32, or 288 lengths.  Set the buffer sizes for
the worst case.

Add some asserts to help catch any further problems more directly.
2022-07-11 17:54:02 +01:00
Andy Green
6fb072d5c9 upng-gzip: fuzz: fix unsigned overflow
https://github.com/warmcat/libwebsockets/issues/2687
2022-07-05 07:12:32 +01:00
Andy Green
31ff36e09d minimal: embedded lhp examples
Implements a carousel rendering and displaying remote HTML + JPEG + PNGs
on a variety of display devices, including several EPDs.
2022-05-04 08:43:26 +01:00
Andy Green
4a443c3e2e lhp: add DLO layout support
Add a dlo-based layout callback for use with lhp.

If lhp_dl_render() is used as the Lws Html/CSS parser callback, it
produces a display_list representation of the Html as DLOs, referencing the
appropriate CSS to drive the layout as best it can.

The display list can be rasterized on to an lws_display using the display's
state object

  lds->disp->blit(lds, (uint8_t *)&dl, &box);
2022-05-04 08:43:26 +01:00
Andy Green
63d2f844db lhp: Lightweight HTML Parser
Introduce a very lightweight html5 + css2.1+ stateful stream parser, along
the same lines as the lws json and cbor ones.

This is interesting primarily because of just how low-resource it is for
modest css + html, it uses an lwsac to hold the entirity of the css in
memory at once but the html is parsed in chunks without any need to keep
previous chunks around (chunks may be as small as 1 byte).

A user callback receives element entry and exit callbacks with payload and
all attributes parsed out, CSS related to the active element stack is
parsed to provide a list of active css attributes, which takes heap for the
duration of the parsing.

In effect this provides rich information about the html and css state to
the callback, which has the job of producing the layout in a user-defined
way.

As such, there is no DOM in memory at one time, there is only a stack of
active elements like <html><body><div>xxx with their associated attributes
(like class).  So as it is, it does not support DOM modification such as
JS changing elements after parsing, although elements with interesting IDs
could be kept around by the callback.  There is a corresponding tiny and
relatively flat heap usage regardless of html size.

Default CSS is specified as recommended in the CSS 2.1 standard.

Inline <style></style> elements are supported, but not pre-html5 style= in
element attributes, since these are incompatible with strict CSP.

What the attributes should mean on your system, eg, font-size, font-family
etc is left for the user callback to decide, along with how to lay out the
items using the CSS attributes, and render them.

Fixed point 32.32 constants are used (fraction expressed at parts in 100M)
instead of floating point.

If you have presentation needs, even on a constrained display on a
constrained microcontroller, this makes it feasible to use standardized
markup and styling instead of roll your own.
2022-05-04 08:43:26 +01:00
Andy Green
76d8840c5f coverity: fixes 2022-04-10 06:56:12 +01:00
Andy Green
24fdd1f225 base64: improve sanity checking
Improve rejection of invalid chars
2022-03-25 08:18:30 +00:00
Andy Green
a3a4253ba9 dlo: lws_dlo_fops file_ops
This adds an optional lws VFS layer that exposes the named dlo object
registry.  So you can register a blob like a JPG named "my.jpg", and
access it on the vfs as, eg,  /dlofs/my.jpg (or file:///dlofs/my.jpg
if using the SS file:// support for VFS namespace).
2022-03-25 08:18:29 +00:00
Andy Green
e3dca87f23 lws_display: add display list / DLO support
This adds optional display list support to lws_display, using DLOs (Display
List Objects).  DLOs for rectangle / rounded rectangle (with circle as the
degenerate case), PNGs, JPEG and compressed, antialiased bitmapped fonts
and text primitives are provided.

Logical DLOs are instantiated on heap and listed into an lws_display_list
owner, DLOs handle attributes like position, bounding box, colour +
opacity, and local error diffusion backing buffer.

When the display list is complete, it can be rasterized a line at a time,
with scoped error diffusion resolved, such that no allocation for the
framebuffer is required at any point.  DLOs are freed as the rasterization
moves beyond their bounding box.

Adds a platform registry binding names and other metadata to lws_display
fonts / PNGs / JPEGs.  Provides registration, destruction and best match
selection apis.
2022-03-25 08:18:29 +00:00
Andy Green
1d3ec6a3a1 lws-jpeg
Introduce a rewritten picojpeg that is able to operate statefully and
rasterize into an internal line ringbuffer, emitting a line of pixels
at a time to the caller.  This is the JPEG equivalent of the lws
PNG decoder.

JPEG is based around 8- or 16- line height MCU blocks, depending on
the chroma coding, mandating a corresponding internal line buffer
requirement.

Example total heap requirement for various kinds of 600px width jpeg
decoding:

  Grayscale:    6.5KB
  RGB 4:4:4:   16.4KB
  RGB 4:2:2v:  16.4KB
  RGB 4:4:2h:  31KB
  RGB 4:4:0:   31KB

No other allocations occur during decode.

Stateful stream parsing means decode can be paused for lack of input
at any time and resumed seamlessly when more input becomes available.
2022-03-25 08:13:48 +00:00
Andy Green
a74fe5d760 upng: split out gzip
The adapted upng has a very compact fully-stateful lws-aligned
implementation already.

Adapt it to also be buildable and operable standalone, and to
understand gzip headers.

Provide some apis to inflate gzip simply reusing opaque inflator
contexts from upng.

Provide an api test that inflates gzip files from stdin -> stdout
2022-03-25 08:13:48 +00:00
Andy Green
48907fca0a upng: rewrite for stateful stream decode
Add a rewritten version of upng that decodes statefully line by line, and so
does not require a bitmap buffer for the output.  This compares to original
upng approach that needs heap allocations for the input, the whole output
and intermediate allocations.

Instead of buffers for input, decompression and output, it only allocates
2 x lines of RGBA pixels (ie, a few KB), and 32KB of decompressed data for
backward references in the decoder, and decodes as needed into the 2-line
buffer to produce line rasterized results.  For a 600px width PNG, this is
just 40KB heap for the duration.
2022-03-16 12:59:48 +00:00
Andy Green
67931757f8 alloc: compressed backtrace instrumentation support
This adds apis that enable usage of compressed backtraces in heap
instrumentation.

A decompressor tool is also provided that emits a textual
call stack suitable for use with addr2line.
2022-03-15 10:28:09 +00:00
Andy Green
32698a2f4b lejp-conf: provide matches for block start paths
Also valgrind shows we should zero down the lejp context to avoid problems
with the wildcard stack
2022-03-15 10:28:09 +00:00
Michael Drake
781c6f3227 base64: prevent writing null char into zero length output buffer
This allows handling of the unusal but foreseeable situation were
the client provides a zero length output buffer, for example, if
the input buffer was also zero length.
2022-01-10 14:21:33 +00:00
Andy Green
fdef0a2dd0 threadpool: adjust sync wait budget up 2022-01-10 04:37:15 +00:00
Andy Green
8b16aa18c8 minilex: add improved generic version in misc
Leave the http minilex as it is, and add an improved version in lib/misc

 - get a list of strings from stdin and emit C header to stdout

 - support ambiguous terminals (xxx and xxx-something) correctly regardless
   of introduction order

 - add generic parser in lib/misc

minilex doesn't build as part of lws since it's only needed by developers,
there's a one-line build documented at a comment at the top of
lib/misc/minilex.c
2022-01-04 16:08:44 +00:00
chenzhongaaron
27f8affcd0 qnx: toolchain file and adaptations
https://github.com/warmcat/libwebsockets/issues/2527
2021-12-15 13:28:23 +00:00
PW Hu
fe31dcd8ac docs: audit api return information
https://github.com/warmcat/libwebsockets/issues/2481
2021-11-07 10:08:00 +00:00
Andy Green
7c9f1ca0a6 plugins: iterate builtin plugins as if loaded
For plugins that handle PROTOCOL_INIT, we have to iterate any PLUGINS_BUILTIN
plugins as if we had just discovered and loaded them from plugin files, so
they bind to vhosts appropriately.

Add some private helpers to keep the guts from duplication in plat.
2021-11-07 07:04:09 +00:00
Andy Green
555503b202 lejp: allow leading wildcard
This lets us have path matches like "*[]"
2021-11-07 05:33:44 +00:00
Andy Green
c935df1e7e lejp: object indexes
This adds an optional feature LEJP_FLAG_FEAT_OBJECT_INDEXES that changes
lejp to treat { } items as indexable in ctx->i[] / ctx->ipos, since they
also can take commas.

This may break existing uses so it requires the default-off feature flag to
enable it.  The flags context field is zeroed by lejp_construct(), so any
flags should be set on ctx->flags after alling that.

There's also a flag LEJP_FLAG_LATEST available as an alias to enable any
desirable but not-backwards-compatible behaviour, including this.

Add the info to the README and adapt the unit test to do it both with and
without the FEAT_OBJECT_INDEXES flag.
2021-11-07 05:33:43 +00:00
Andy Green
057d03997f jrpc: add support 2021-10-11 09:10:15 +01:00
Andy Green
2cfa260e62 sspc: refactor to allow different transports
This is a NOP for existing usecases.

At the moment the only implemented transport for serialized SS is wsi, it's
typically used with Unix Domain Sockets, but it also works over tcp the
same.

It generalizes the interface between serialized chunks and the
transport, separately for client and proxy.  The wsi transport is migrated
to use the new transport ops structs.

It will then be possible to "bring your own transport", so long as it is
reliable, and in-order, both for proxy and client / sspc.

We also adapt minimal-secure-streams-binance to build the -client variant
via SS proxy as well.

LWS_ONLY_SSPC is added so libwebsockets can be produced with just sspc
client support even for tiny targets.

A new embedded minimal example for rpi pico is also provided that
demonstrates using Serialized SS over a UART to an SS proxy, to implement
the SS Binance example on the pico, even though it has no networking itself.
2021-10-08 09:48:41 +01:00
Andy Green
135234bd39 plat: baremetal and rpi pico support 2021-10-08 09:48:41 +01:00
Andy Green
ad990a61a0 ss: policy: unwind after policy syntax errors cleanly 2021-10-05 07:40:17 +01:00
Andy Green
8c7d541011 threadpool: SYNC timeout on netbsdBE
NetBSD Big-Endian on an RPi 3 + uSD is very slow, increase the threadpool
SYNC timeout a bit and normalize the task stop flow if it is exceeded.
2021-10-05 07:40:16 +01:00
Andy Green
dcaa0013b4 lecp: add CBOR stream parser LECP like JSON LEJP
This provides very memory-efficient CBOR stream parsing
and writing.

The parser  converts pieces of CBOR into callbacks that define
the structure and collate string and blobs into buffer chunks
for extensible and easy access.

It is fragementation-safe and does not need all the CBOR in
the same place at one time, chunks of CBOR are parsed and
discarded as provided.

It does not allocate and just needs a few hundred bytes of
stack for even huge CBOR objects.  Huge strings and blobs
are handled without needing memory to hold them atomically.

Includes ./minimal-examples/api-tests/api-test-lecp that
unit tests it against 82 official example CBORs and
26 additional test vectors from COSE (just checking the CBOR
parsing).

The writing apis allow printf style semantics with a variety
of CBOR-aware %-formats.  The apis write into a context that
manages output buffer usage, if the output buffer fills,
then the apis return with an AGAIN code that lets you issue
and reset the output buffer and repeat the api all to issue
more output.  The subsequent calls can occur much later or
from a different function context, so this is perfect for
WRITEABLE-mediated output from the network parts of lws.

See ./READMEs/README.cbor-lecp.md
2021-08-21 17:44:40 +01:00
Yichen Gu
b31c5d6ffe http: cookies: support cookie jar in and out 2021-08-21 17:44:40 +01:00
Andy Green
568fa014ce lws_struct: add CHILD_PTR setting 2021-08-19 05:31:15 +01:00
Hassan Sahibzada
630d768419 b64: add downcasts for gcc 4.4
gcc 4.4 complains with the following:
warning: conversion to 'char' from 'int' may alter its value

After the explicit cast the warning is gone.
2021-07-23 04:22:15 +01:00
Andy Green
8e76634ed3 logs: introduce log_cx 2021-07-01 05:20:53 +01:00
Andy Green
b25079c4b4 lws_cache_ttl 2021-06-22 15:55:29 +01:00