replace applicable calls to strlcpy with calls to strmemccpy
which null terminates on truncation
in theory the strmemccpy calls should be slightly faster since they
don't traverse the rest of the source string on truncation
but I seriously doubt there is too much of that going on in the code base
Change-Id: Ia0251514e36a6242bbf3f03c5e0df123aba60ed2
Not sure if this is worth the added bin size yet but I will
see where I can use it to try and make it worth it
Change-Id: Icc299d3986172ff224a14be48da3bf065d728a66
splits on spaces also considers \r\n\f\v\t as mandatory breaks
I'm still working on the strptokspn function
my goal is to use it directly rather than storing the matched char
and modifying the source string with \0 in order to tokenize the output
--Done
Change-Id: I7f378b5b9c4df8f10899b9a55a98950afb3931dc
The bootloader backup is intentionally simple, but it's a little
*too* simple. Add a sanity check to make sure what we're backing
up or restoring contains the first 8 bytes of the SPL header.
This isn't going to catch all possible problems, but it'll stop
obviously non-functional backups from being restored.
Change-Id: I6e80351aeb96c467f0514bd0ecd77d94ff72a8f8
Merge the x1000 and jz47xx exception handling code since they use
the same exception vectors and handlers. The interrupt handler is
now called from the common exception vector, but remains separate
for each board since they have different IRQ layouts.
The new exception handler can provide a stack traceback from the
interrupted code, rather than the (uninteresting) caller traceback
displayed by panicf. This allows you to see what led up to a null
pointer deref or division by zero, which makes it _much_ easier to
track down errors that occur in common leaf functions like strcmp.
Change-Id: I59a0ebb5e40fcb36505c3bfdb47f8cac2f9936b1
The original drawmode change was "x = (~x & INVERSEVID) | SOLID"
which is essentially XOR'ing the INVERSEVID bit, but I changed it
to mask out INVERSEVID by mistake.
Fixes 44b9785465.
Change-Id: I87b059b89aea9c31a8ff408016264285e67ca80c
Several places in the codebase implemented an ad-hoc form of pinning;
they can be converted to use buflib pinning instead.
Change-Id: I4450be007e80f6c9cc9f56c2929fa4b9b85ebff3
When I converted all the clipping checks in 4b8fe8acd1 I messed
up the hline and vline checks. This produced some weird panics on
the Shanling Q1, probably memory corruption -- but somehow it got
past AddressSanitizer. Go figure.
Change-Id: I84820c23a491d422218c72d2d5e199e2fc7def0f
allow buflib_free to check for invalid or already freed handles
within the function -- remove all the invalid handle guards thru core_free
Change-Id: Ibdcbc82760fc93b674c42283fca420d94907df8e
Simplify update_viewport() by calling update_viewport_rect().
The resulting LCD driver calls are the same either way and
for some reason, update_viewport() didn't handle non-default
stride viewports correctly.
Change-Id: Ic34d3d40e4f758db897cb3944d9d7475bbdb4d2c
clear_display() on grayscale LCDs sets the number of scrolling
lines to 0 but that's wrong, the scollers need to be shut down
first. Call scroll_stop() for that, as is done on color LCDs.
Change-Id: I75fb6839ed04f6fe1eb8e2855c8db820fcedddb8
There's no need to generate separate copies of these functions
for main and remote LCDs; we can just pass the viewport directly.
Change-Id: I20aa04a58d327b479a942708e161068bd6a3357b
Only the scroll engine calls this, but it's easily replaced
by the return value of set_viewport_ex().
Change-Id: I2e2c8234f969bc07c9ff7d864e58551115175e26
All three functions are nearly identical regardless of the
LCD pixel format. Consolidate them into a generic version in
lcd-bitmap-common.c.
Change-Id: Iab13429ea27ea2b0150b9004535bd27d4a4121a0
In-viewport clipping code is duplicated across 8 files, making
it a chore to change anything related to clipping; refactor the
clipping logic into dedicated functions.
Change-Id: I4ab20bb3c59b0406098d0c7d23833025f17a320a
The get_address_fn implementations for some remote LCDs were
checking LCD_STRIDEFORMAT unconditionally, but that macro is
only valid for the main LCD. The remote LCD code only supports
horizontal strides, so when compiling for a remote LCD, force
the use of horizontal stride addressing.
This fixes a buffer overflow and out of bounds write that occurs
with the M:Robe 500 remote LCD. (Tested with sim + ASan only.)
Change-Id: I99c6aa11d38f5105b096fc448948b9ec1b27dfe6
Instead of putting "#ifdef LCD_STRIDEFORMAT" at every usage of the
macro it's simpler to have config.h define LCD_STRIDEFORMAT to the
default of horizontal stride when the target leaves it unspecified.
Change-Id: Ib187012aad65ac678dbd837b1464a83bad722411
This was only enabled for the mrobe500 and sansaconnect targets.
Most targets are therefore running without this "safety" measure,
and presumably we'd have noticed long ago if there was a problem.
So in all likelihood this is just a bunch of dead code that we
don't need to carry around.
Change-Id: I7d27701a38b1c2a985ee73fa6f277ad215d8d385
This makes status by event debounce status changes over
a 200ms period, which is what polling was already using.
This is helpful on targets where events are excessively
noisy and generate a lot of transitions during insertion
and extraction.
Change-Id: I0eae2cca93aaa865e33c94a1318c27e91c7f7c4b
An allocation is pinned by calling buflib_pin() to up its pin count.
The pin count is like a reference count: when above 0, buflib won't
move the allocation and won't call its move callbacks. This makes it
safe to hold the pointer returned by buflib_get_data() across yields
or allocations.
Note that pinned allocations can still shrink because there are some
use cases where this would be valid, if buffer users coordinate with
the shrink callback.
Change-Id: I0d0c2a8ac7d891d3ad6b3d0eb80c5b5a1b4b9a9d
Since allocation is infrequent in Rockbox enabling the extra
checks to catch memory corruption is probably worth the time
and code size cost.
Change-Id: If0d701421054328c57b69e4d0af30759d799d158
Using a length 1 char array to point to the name buffer triggers
a -Warray-bounds warning from GCC when fortified strcpy is used.
This type of construct isn't safe in general -- if the compiler
makes assumptions based on the array bound it can create subtle
bugs when accessing the array out of bounds.
Instead, add a function get_block_name() which returns a pointer
to the name field by casting. This suppresses the warning and it
should be a bit more portable.
Change-Id: I25d4f46f799022ad0ec23bef0218f7595cc741ea
These don't have any users and there is already another way to
print blocks (which is actually used by the debug menu).
Change-Id: Ic6a4f874c6499c42bc046e8af3e4aaddc9e68276
If we don't check or generate CRCs then the CRC field can be left
out of the header, which reduces buflib overhead slightly.
Change-Id: I08b4cf77a701d8f6da453e019a0373d858a79ae4
Move CRC checking and updating behind a paranoia bit, like the
other checks, so it can be enabled and disabled.
Change-Id: Icff66c842cbd5af2d99aa91e6c40447a64e6d4b2
Handle checks ensure that the data in the handle table points
within buflib memory and checks handle entry pointers in block
headers before dereferencing them.
Change-Id: Ic16f1b81c1a0ea63c0e7f48d87938293b75c2419
Tighten up checking by adding length checks to loops which
ensure the iteration stays within bounds. Check is disabled
by default and can be enabled using a BUFLIB_PARANOIA bit.
Change-Id: I35e911e0878797d5ebf732be548ca659f6910fe0
