- Address sanitizer may call sigaltstack().
Add it to the syscall whitelist (debug only).
- Fix args count checking for `check-bookmarkfs-util watcher`.
- Use negated errno as return value.
- Do not consider deletion of the watched file as a fatal error,
and use a separate error code to distinguish between them.
- Lazy-init worker: Starts watching upon the first call to
watcher_poll().
There's a special kind of bookmark in Firefox known as "separator",
which appears as vertical or horizontal bars in the browser.
BookmarkFS currently does not support managing separators, but
the backend should be aware of their existence, and must not break
when one appears.
A separator always has a NULL `title` and `fk` in `moz_bookmarks`,
so it doesn't break `bookmark_list()` and `bookmark_lookup()`,
but breaks `bookmark_check()` since it could be mistaken for a
bookmark or bookmark folder with NULL title.
Fix by checking the bookmark type in `bookmark_check_cb()`.
The SQLite builtin function `length()` calculates the number of
Unicode code points of the given argument, while `octet_length()`
calculates the number of bytes.
The two functions should produce the same result for a URL since it's
always ASCII-only, however, with `octet_length()` the length can be
directly fetched from metadata without actually reading the URL text,
thereby improving performance.
Following commit 35d4a93a41, now only perform `PRAGMA quick_check`
in non-sandbox mode before querying data on the database.
Although in practice SQLite does well in terms of memory safety,
most likely way better than BookmarkFS itself, we consider
sandboxing a stronger security guarantee than `PRAGMA quick_check`.
- Always lazy-init watcher when possible.
- Add a check in `backend_create()` that fails when the bookmark
storage does not exist, so that function behavior is more
consistent on different platforms with and without sandboxing.
- Only check Landlock flags on Linux.
Fix a regression in commit d1dac54b72 where sys/stat.h is no longer
included in backend_firefox.c and backend_chromium.c.
It has to be explicitly included for the UTIME_xxx macros.
Switch to schema version 74, so that it is compatible with
browsers (e.g., GNU IceCat) which are still based on
Firefox 115 ESR (now end-of-life), as well as saving us
a bit more space since there are fewer tables to be created.
There were bad code changes that cause the compiler to complain or
panic, but went unnoticed since they are only built if toggled with
`--enable-xxx` or `--disable-xxx` during build configuration.
Fix them altogether.
There's only a few legacy releases of gcc and clang that
support -fmacro-prefix-map but not __FILE_NAME__.
Thus the originial workaround is not very beneficial.
Switching to a more portable `__FILE__ + offset` workaround
that works for any standard-compliant compiler, even TinyCC.
However, this workaround may produce binaries that leak
information about the build environment, especially when using
an exotic build path.
Do not check if the bookmark title is a valid filename,
as we said in the user manual.
However, we should ensure that the string does not contain
NUL characters, since we assume that a valid bookmark storage
should not contain bookmarks with such names.
- Make sure all tables and indices are created for the database,
even the ones that are not used by BookmarkFS.
- Maintain the schema version in `PRAGMA user_version`.
- Always use `INT` for integer type, and `TEXT` for text type,
so that we could save a little space. This does not affect the
actual datatype (more precisely, type affinity) of the columns.
- Allow fdatasync(), since it is used by SQLite when commiting.
- Move `PRAGMA quick_check` to backend_create(), since it sometimes
calls stat() and cannot be sandboxed.
