When updating timestamps, make sure that the corresponding
microsecond value fits in a single signed 64-bit integer,
so that it won't result in an integer overflow, which is UB.
Also forbid timestamps before the Unix epoch, since working with
negative time_t is problematic.
This check does not apply to current timestamp, however,
add a check on backend startup to ensure sane system time.
There's no need to validate `tv_nsec`, since the kernel already
does that for us.
Do not expose UTIME_OMIT to backends, but instead specify
which timestamps to update with flags.
This allows us to further refactor backend code, especially
the Chromium backend.
- Follow the "best practice" in the SQLite manual, where calls to
sqlite3_column_bytes() should come after sqlite3_column_text().
This change does not affect the values returned.
- Other misc updates.
If a bookmark is assigned SYNC_STATUS_NORMAL (value 2),
a "tombstone" has to be inserted upon deletion,
so that the browser could purge it from remote.
- `hashmap_insert()` no longer takes key as argument, and
takes the pointer to be associated with the entry as argument.
- Rename `hashmap_entry_delete` -> `hashmap_delete`.
- Make `user_data` the first argument for `hashmap_walk_func`.
- Other misc renames.
That part of code in configure.ac look stupid, remove it.
If we _do_ try to run BookmarkFS on such an exotic platform with
non-zero null pointers, the breakage should be detected by the tests
(if it can run or even build at all).
This is meant to be a workaround for a limitation of Autotest,
where `set -e` has no effect in AT_CHECK().
Also we don't want to use `trap ... ERR`, since it is not portable.
- Workaround a glibc issue for filtering negative syscall arguments.
- Allow unlinkat() syscall.
- Add extra filter for openat() in read-only mode when Landlock
is not available.
- The initial `impl_rearm()` should always be performed by the
worker thread, so that we won't get spurious zero returns from
`watcher_poll()`.
- Sandboxing should not be implicitly disabled if not implemented.
- Shift internal watcher flags, to save space for public ones
if we wish to add any in the future.
- Address sanitizer may call sigaltstack().
Add it to the syscall whitelist (debug only).
- Fix args count checking for `check-bookmarkfs-util watcher`.
- Use negated errno as return value.
- Do not consider deletion of the watched file as a fatal error,
and use a separate error code to distinguish between them.
- Lazy-init worker: Starts watching upon the first call to
watcher_poll().
There's a special kind of bookmark in Firefox known as "separator",
which appears as vertical or horizontal bars in the browser.
BookmarkFS currently does not support managing separators, but
the backend should be aware of their existence, and must not break
when one appears.
A separator always has a NULL `title` and `fk` in `moz_bookmarks`,
so it doesn't break `bookmark_list()` and `bookmark_lookup()`,
but breaks `bookmark_check()` since it could be mistaken for a
bookmark or bookmark folder with NULL title.
Fix by checking the bookmark type in `bookmark_check_cb()`.
