Bug 1604609 - Don't send large window actor messages. r=jdai

IPC crashes if you try to send large messages. The message manager already drops messages that are too big (and used to collect telemetry for which messages were being dropped). I think that some message manager messages have been ported over to JS window actors and started crashing on beta, so let's just give the same behavior for JS window actors as we do for the message manager. Differential Revision: https://phabricator.services.mozilla.com/D57583 --HG-- extra : moz-landing-system : lando
2024-10-22 01:35:35 +00:00 · 2019-12-19 21:17:11 +00:00 · 2019-12-19 21:17:11 +00:00 · 0162ffca4b
commit 0162ffca4b
parent 4fccaa9864
4 changed files with 32 additions and 0 deletions
--- a/dom/ipc/JSWindowActor.cpp
+++ b/dom/ipc/JSWindowActor.cpp
@ -110,6 +110,21 @@ void JSWindowActor::RejectPendingQueries() {
  }
 }

+/* static */
+bool JSWindowActor::AllowMessage(const JSWindowActorMessageMeta& aMetadata,
+                                 size_t aDataLength) {
+  // A message includes more than structured clone data, so subtract
+  // 20KB to make it more likely that a message within this bound won't
+  // result in an overly large IPC message.
+  static const size_t kMaxMessageSize =
+      IPC::Channel::kMaximumMessageSize - 20 * 1024;
+  if (aDataLength < kMaxMessageSize) {
+    return true;
+  }
+
+  return false;
+}
+
 void JSWindowActor::SetName(const nsAString& aName) {
  MOZ_ASSERT(mName.IsEmpty(), "Cannot set name twice!");
  mName = aName;
--- a/dom/ipc/JSWindowActor.h
+++ b/dom/ipc/JSWindowActor.h
@ -71,6 +71,11 @@ class JSWindowActor : public nsISupports, public nsWrapperCache {
                              ipc::StructuredCloneData&& aStack,
                              ErrorResult& aRv) = 0;

+  // Check if a message is so large that IPC will probably crash if we try to
+  // send it. If it is too large, record telemetry about the message.
+  static bool AllowMessage(const JSWindowActorMessageMeta& aMetadata,
+                           size_t aDataLength);
+
  virtual ~JSWindowActor() = default;

  void SetName(const nsAString& aName);
--- a/dom/ipc/JSWindowActorChild.cpp
+++ b/dom/ipc/JSWindowActorChild.cpp
@ -87,6 +87,12 @@ void JSWindowActorChild::SendRawMessage(const JSWindowActorMessageMeta& aMeta,
    return;
  }

+  if (NS_WARN_IF(
+          !AllowMessage(aMeta, aData.DataLength() + aStack.DataLength()))) {
+    aRv.Throw(NS_ERROR_UNEXPECTED);
+    return;
+  }
+
  // Cross-process case - send data over WindowGlobalChild to other side.
  ClonedMessageData msgData;
  ClonedMessageData stackData;
--- a/dom/ipc/JSWindowActorParent.cpp
+++ b/dom/ipc/JSWindowActorParent.cpp
@ -80,6 +80,12 @@ void JSWindowActorParent::SendRawMessage(const JSWindowActorMessageMeta& aMeta,
    return;
  }

+  if (NS_WARN_IF(
+          !AllowMessage(aMeta, aData.DataLength() + aStack.DataLength()))) {
+    aRv.Throw(NS_ERROR_UNEXPECTED);
+    return;
+  }
+
  // Cross-process case - send data over WindowGlobalParent to other side.
  ClonedMessageData msgData;
  ClonedMessageData stackData;