Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-23 18:26:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1211832 - Disable functions that can easily cause artificial OOMs. r=jonco

Browse Source
This commit is contained in:
Tom Schuster 2015-10-06 17:04:09 +01:00
parent 57abe031dd
commit 9f084aa31c
6 changed files with 30 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
js/src/builtin/TestingFunctions.cpp
View File

@ -49,6 +49,10 @@ using mozilla::UniquePtr;
// fuzzers. Set this via the environment variable MOZ_FUZZING_SAFE.
static bool fuzzingSafe = false;
// If disableOOMFunctions is set, disable functionality that causes artificial
// OOM conditions.
static bool disableOOMFunctions = false;
static bool
GetBuildConfiguration(JSContext* cx, unsigned argc, Value* vp)
{
@ -352,6 +356,11 @@ GCParameter(JSContext* cx, unsigned argc, Value* vp)
return false;
}
if (disableOOMFunctions && (param == JSGC_MAX_BYTES || param == JSGC_MAX_MALLOC_BYTES)) {
args.rval().setUndefined();
return true;
}
uint32_t value;
if (!ToUint32(cx, args[1], &value))
return false;
@ -996,6 +1005,12 @@ static bool
SetupOOMFailure(JSContext* cx, bool failAlways, unsigned argc, Value* vp)
{
CallArgs args = CallArgsFromVp(argc, vp);
if (disableOOMFunctions) {
args.rval().setUndefined();
return true;
}
if (args.length() < 1) {
JS_ReportError(cx, "Count argument required");
return false;
@ -3344,12 +3359,15 @@ static const JSPropertySpec TestingProperties[] = {
};
bool
js::DefineTestingFunctions(JSContext* cx, HandleObject obj, bool fuzzingSafe_)
js::DefineTestingFunctions(JSContext* cx, HandleObject obj, bool fuzzingSafe_,
bool disableOOMFunctions_)
{
fuzzingSafe = fuzzingSafe_;
if (getenv("MOZ_FUZZING_SAFE") && getenv("MOZ_FUZZING_SAFE")[0] != '0')
fuzzingSafe = true;
disableOOMFunctions = disableOOMFunctions_;
if (!JS_DefineProperties(cx, obj, TestingProperties))
return false;

2
js/src/builtin/TestingFunctions.h
View File

@ -12,7 +12,7 @@
namespace js {
bool
DefineTestingFunctions(JSContext* cx, HandleObject obj, bool fuzzingSafe);
DefineTestingFunctions(JSContext* cx, HandleObject obj, bool fuzzingSafe, bool disableOOMFunctions);
bool
testingFunc_assertFloat32(JSContext* cx, unsigned argc, Value* vp);

2
js/src/jsapi-tests/testSavedStacks.cpp
View File

@ -66,7 +66,7 @@ END_TEST(testSavedStacks_ApiDefaultValues)
BEGIN_TEST(testSavedStacks_RangeBasedForLoops)
{
CHECK(js::DefineTestingFunctions(cx, global, false));
CHECK(js::DefineTestingFunctions(cx, global, false, false));
JS::RootedValue val(cx);
CHECK(evaluate("(function one() { \n" // 1

2
js/src/jsapi-tests/testUbiNode.cpp
View File

@ -172,7 +172,7 @@ checkString(const char* expected, F fillBufferFunction, G stringGetterFunction)
BEGIN_TEST(test_ubiStackFrame)
{
CHECK(js::DefineTestingFunctions(cx, global, false));
CHECK(js::DefineTestingFunctions(cx, global, false, false));
JS::RootedValue val(cx);
CHECK(evaluate("(function one() { \n" // 1

2
js/src/jsfriendapi.cpp
View File

@ -1078,7 +1078,7 @@ js::GetTestingFunctions(JSContext* cx)
if (!obj)
return nullptr;
if (!DefineTestingFunctions(cx, obj, false))
if (!DefineTestingFunctions(cx, obj, false, false))
return nullptr;
return obj;

8
js/src/shell/js.cpp
View File

@ -186,6 +186,7 @@ static FILE* gOutFile = nullptr;
static bool reportWarnings = true;
static bool compileOnly = false;
static bool fuzzingSafe = false;
static bool disableOOMFunctions = false;
#ifdef DEBUG
static bool dumpEntrainedVariables = false;
@ -5781,7 +5782,7 @@ NewGlobalObject(JSContext* cx, JS::CompartmentOptions& options,
{
return nullptr;
}
if (!js::DefineTestingFunctions(cx, glob, fuzzingSafe))
if (!js::DefineTestingFunctions(cx, glob, fuzzingSafe, disableOOMFunctions))
return nullptr;
if (!fuzzingSafe) {
@ -6212,6 +6213,9 @@ Shell(JSContext* cx, OptionParser* op, char** envp)
else
fuzzingSafe = (getenv("MOZ_FUZZING_SAFE") && getenv("MOZ_FUZZING_SAFE")[0] != '0');
if (op->getBoolOption("disable-oom-functions"))
disableOOMFunctions = true;
RootedObject glob(cx);
JS::CompartmentOptions options;
options.setVersion(JSVERSION_LATEST);
@ -6411,6 +6415,8 @@ main(int argc, char** argv, char** envp)
|| !op.addBoolOption('\0', "no-avx", "No-op. AVX is currently disabled by default.")
|| !op.addBoolOption('\0', "fuzzing-safe", "Don't expose functions that aren't safe for "
"fuzzers to call")
|| !op.addBoolOption('\0', "disable-oom-functions", "Disable functions that cause "
"artificial OOMs")
|| !op.addBoolOption('\0', "no-threads", "Disable helper threads")
#ifdef DEBUG
|| !op.addBoolOption('\0', "dump-entrained-variables", "Print variables which are "