Bug 1330533 - Remove argc/argv arguments to XRE_LibFuzzerSetMain. r=decoder

The function given to XRE_LibFuzzerSetMain is called from somewhere that does have access to argc/argv already, so we can avoid passing them to XRE_LibFuzzerSetMain. This actually might fix subtle issues with argc/argv not really matching reality when calling the LibFuzzerMain function in the current code: some arguments are handled before the call, and both argc and argv are modified from within XRE_main, but the values stored for the LibFuzzerMain call still are the original ones. Argv being a pointer, and it not being reallocated, the value stored for the LibFuzzerMain call points to the changed one, but argc, being an integer, is not modified accordingly. In fact, it's actually worse, because while the Gecko code doesn't reallocate argv, gtk_main might. So if some GTK flag is passed on the command line, there's also a possibility that the LibFuzzerMain function will do a use-after-free. So all in all, it's just better to use the set of modified argc/argv from XRE_main instead of storing them from main(). --HG-- extra : rebase_source : 92b89909eab0fc2f67ce372b959bb0e3ed12cd2b
2024-10-13 21:35:39 +00:00 · 2017-01-12 11:59:37 +09:00 · 2017-01-12 11:59:37 +09:00 · 92c5bff388
commit 92c5bff388
parent c9370d609b
7 changed files with 13 additions and 17 deletions
--- a/browser/app/nsBrowserApp.cpp
+++ b/browser/app/nsBrowserApp.cpp
@ -235,7 +235,7 @@ static int do_main(int argc, char* argv[], char* envp[])

 #ifdef LIBFUZZER
  if (getenv("LIBFUZZER"))
-    gBootstrap->XRE_LibFuzzerSetMain(argc, argv, libfuzzer_main);
+    gBootstrap->XRE_LibFuzzerSetMain(libfuzzer_main);
 #endif

  return gBootstrap->XRE_main(argc, argv, config);
--- a/toolkit/xre/Bootstrap.cpp
+++ b/toolkit/xre/Bootstrap.cpp
@ -80,8 +80,8 @@ public:
 #endif

 #ifdef LIBFUZZER
-  virtual void XRE_LibFuzzerSetMain(int argc, char** argv, LibFuzzerMain aMain) override {
-    ::XRE_LibFuzzerSetMain(argc, argv, aMain);
+  virtual void XRE_LibFuzzerSetMain(LibFuzzerMain aMain) override {
+    ::XRE_LibFuzzerSetMain(aMain);
  }

  virtual void XRE_LibFuzzerGetFuncs(const char* aModuleName, LibFuzzerInitFunc* aInitFunc, LibFuzzerTestingFunc* aTestingFunc) override {
--- a/toolkit/xre/Bootstrap.h
+++ b/toolkit/xre/Bootstrap.h
@ -110,7 +110,7 @@ public:
 #endif

 #ifdef LIBFUZZER
-  virtual void XRE_LibFuzzerSetMain(int argc, char** argv, LibFuzzerMain aMain) = 0;
+  virtual void XRE_LibFuzzerSetMain(LibFuzzerMain aMain) = 0;

  virtual void XRE_LibFuzzerGetFuncs(const char* aModuleName, LibFuzzerInitFunc* aInitFunc, LibFuzzerTestingFunc* aTestingFunc) = 0;
 #endif
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@ -272,8 +272,8 @@ namespace mozilla {
 LibFuzzerRunner* libFuzzerRunner = 0;
 } // namespace mozilla

-void XRE_LibFuzzerSetMain(int argc, char** argv, LibFuzzerMain main) {
-  mozilla::libFuzzerRunner->setParams(argc, argv, main);
+void XRE_LibFuzzerSetMain(LibFuzzerMain main) {
+  mozilla::libFuzzerRunner->setParams(main);
 }
 #endif

@ -3724,7 +3724,7 @@ XREMain::XRE_mainStartup(bool* aExitFlag)
 #ifdef LIBFUZZER
  if (PR_GetEnv("LIBFUZZER")) {
    *aExitFlag = true;
-    return mozilla::libFuzzerRunner->Run();
+    return mozilla::libFuzzerRunner->Run(gArgc, gArgv);
  }
 #endif

--- a/tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.cpp
+++ b/tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.cpp
@ -22,16 +22,14 @@ public:
  }
 } InitLibFuzzer;

-int LibFuzzerRunner::Run() {
+int LibFuzzerRunner::Run(int argc, char** argv) {
  ScopedXPCOM xpcom("LibFuzzer");
-  return mFuzzerMain(mArgc, mArgv);
+  return mFuzzerMain(argc, argv);
 }

 typedef int(*LibFuzzerMain)(int, char**);

-void LibFuzzerRunner::setParams(int argc, char** argv, LibFuzzerMain main) {
-  mArgc = argc;
-  mArgv = argv;
+void LibFuzzerRunner::setParams(LibFuzzerMain main) {
  mFuzzerMain = main;
 }

--- a/tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.h
+++ b/tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.h
@ -9,12 +9,10 @@ typedef int(*LibFuzzerMain)(int, char**);

 class LibFuzzerRunner {
 public:
-  int Run();
-  void setParams(int argc, char** argv, LibFuzzerMain main);
+  int Run(int argc, char** argv);
+  void setParams(LibFuzzerMain main);

 private:
-  int mArgc;
-  char** mArgv;
  LibFuzzerMain mFuzzerMain;
 };

--- a/xpcom/build/nsXULAppAPI.h
+++ b/xpcom/build/nsXULAppAPI.h
@ -515,7 +515,7 @@ XRE_API(void,
 #include "LibFuzzerRegistry.h"

 XRE_API(void,
-        XRE_LibFuzzerSetMain, (int, char**, LibFuzzerMain))
+        XRE_LibFuzzerSetMain, (LibFuzzerMain))

 XRE_API(void,
        XRE_LibFuzzerGetFuncs, (const char*, LibFuzzerInitFunc*,