Bug 1861997 - Add OnMessageError handler to IPC fuzzing. r=nika

Differential Revision: https://phabricator.services.mozilla.com/D192240

ipc/chromium/src/chrome/common/ipc_message.h

@@ -347,7 +347,7 @@ class Message : public mojo::core::ports::UserMessage, public Pickle {
   }
 
 #ifdef FUZZING_SNAPSHOT
-  bool IsFuzzMsg() { return isFuzzMsg; }
+  bool IsFuzzMsg() const { return isFuzzMsg; }
   void SetFuzzMsg() { isFuzzMsg = true; }
 #endif
 

ipc/glue/MessageChannel.cpp

@@ -1935,6 +1935,10 @@ bool MessageChannel::MaybeHandleError(Result code, const Message& aMsg,
                                       const char* channelName) {
   if (MsgProcessed == code) return true;
 
+#ifdef FUZZING_SNAPSHOT
+  mozilla::fuzzing::IPCFuzzController::instance().OnMessageError(code, aMsg);
+#endif
+
   const char* errorMsg = nullptr;
   switch (code) {
     case MsgNotKnown:

tools/fuzzing/ipc/IPCFuzzController.cpp

@@ -362,6 +362,28 @@ bool IPCFuzzController::ObserveIPCMessage(mozilla::ipc::NodeChannel* channel,
   return true;
 }
 
+void IPCFuzzController::OnMessageError(
+    mozilla::ipc::HasResultCodes::Result code, const IPC::Message& aMsg) {
+  if (!mozilla::fuzzing::Nyx::instance().is_enabled("IPC_Generic")) {
+    // Fuzzer is not enabled.
+    return;
+  }
+
+  if (!XRE_IsParentProcess()) {
+    // For now we only care about things in the parent process.
+    return;
+  }
+
+  if (!aMsg.IsFuzzMsg()) {
+    // We should only act upon fuzzing messages.
+    return;
+  }
+
+#if 0
+  Nyx::instance().release(IPCFuzzController::instance().getMessageStopCount());
+#endif
+}
+
 bool IPCFuzzController::MakeTargetDecision(
     uint8_t portIndex, uint8_t portInstanceIndex, uint8_t actorIndex,
     uint16_t typeOffset, PortName* name, int32_t* seqno, uint64_t* fseqno,

tools/fuzzing/ipc/IPCFuzzController.h

@@ -12,6 +12,7 @@
 #include "mozilla/HashTable.h"
 #include "mozilla/Mutex.h"
 #include "mozilla/fuzzing/Nyx.h"
+#include "mozilla/ipc/MessageLink.h"
 
 #include "nsIRunnable.h"
 #include "nsThreadUtils.h"
@@ -90,6 +91,8 @@ class IPCFuzzController {
 
   void OnActorConnected(mozilla::ipc::IProtocol* protocol);
   void OnActorDestroyed(mozilla::ipc::IProtocol* protocol);
+  void OnMessageError(mozilla::ipc::HasResultCodes::Result code,
+                      const IPC::Message& aMsg);
   void OnDropPeer(const char* reason, const char* file, int line);
   void OnMessageTaskStart();
   void OnMessageTaskStop();