зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1211832 - Disable functions that can easily cause artificial OOMs. r=jonco
This commit is contained in:
Tom Schuster
Родитель
57abe031dd
Коммит
9f084aa31c
|
|
@ -49,6 +49,10 @@ using mozilla::UniquePtr;
|
|||
// fuzzers. Set this via the environment variable MOZ_FUZZING_SAFE.
|
||||
static bool fuzzingSafe = false;
|
||||
|
||||
// If disableOOMFunctions is set, disable functionality that causes artificial
|
||||
// OOM conditions.
|
||||
static bool disableOOMFunctions = false;
|
||||
|
||||
static bool
|
||||
GetBuildConfiguration(JSContext* cx, unsigned argc, Value* vp)
|
||||
{
|
||||
|
|
@ -352,6 +356,11 @@ GCParameter(JSContext* cx, unsigned argc, Value* vp)
|
|||
return false;
|
||||
}
|
||||
|
||||
if (disableOOMFunctions && (param == JSGC_MAX_BYTES || param == JSGC_MAX_MALLOC_BYTES)) {
|
||||
args.rval().setUndefined();
|
||||
return true;
|
||||
}
|
||||
|
||||
uint32_t value;
|
||||
if (!ToUint32(cx, args[1], &value))
|
||||
return false;
|
||||
|
|
@ -996,6 +1005,12 @@ static bool
|
|||
SetupOOMFailure(JSContext* cx, bool failAlways, unsigned argc, Value* vp)
|
||||
{
|
||||
CallArgs args = CallArgsFromVp(argc, vp);
|
||||
|
||||
if (disableOOMFunctions) {
|
||||
args.rval().setUndefined();
|
||||
return true;
|
||||
}
|
||||
|
||||
if (args.length() < 1) {
|
||||
JS_ReportError(cx, "Count argument required");
|
||||
return false;
|
||||
|
|
@ -3344,12 +3359,15 @@ static const JSPropertySpec TestingProperties[] = {
|
|||
};
|
||||
|
||||
bool
|
||||
js::DefineTestingFunctions(JSContext* cx, HandleObject obj, bool fuzzingSafe_)
|
||||
js::DefineTestingFunctions(JSContext* cx, HandleObject obj, bool fuzzingSafe_,
|
||||
bool disableOOMFunctions_)
|
||||
{
|
||||
fuzzingSafe = fuzzingSafe_;
|
||||
if (getenv("MOZ_FUZZING_SAFE") && getenv("MOZ_FUZZING_SAFE")[0] != '0')
|
||||
fuzzingSafe = true;
|
||||
|
||||
disableOOMFunctions = disableOOMFunctions_;
|
||||
|
||||
if (!JS_DefineProperties(cx, obj, TestingProperties))
|
||||
return false;
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@
|
|||
namespace js {
|
||||
|
||||
bool
|
||||
DefineTestingFunctions(JSContext* cx, HandleObject obj, bool fuzzingSafe);
|
||||
DefineTestingFunctions(JSContext* cx, HandleObject obj, bool fuzzingSafe, bool disableOOMFunctions);
|
||||
|
||||
bool
|
||||
testingFunc_assertFloat32(JSContext* cx, unsigned argc, Value* vp);
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ END_TEST(testSavedStacks_ApiDefaultValues)
|
|||
|
||||
BEGIN_TEST(testSavedStacks_RangeBasedForLoops)
|
||||
{
|
||||
CHECK(js::DefineTestingFunctions(cx, global, false));
|
||||
CHECK(js::DefineTestingFunctions(cx, global, false, false));
|
||||
|
||||
JS::RootedValue val(cx);
|
||||
CHECK(evaluate("(function one() { \n" // 1
|
||||
|
|
|
|||
|
|
@ -172,7 +172,7 @@ checkString(const char* expected, F fillBufferFunction, G stringGetterFunction)
|
|||
|
||||
BEGIN_TEST(test_ubiStackFrame)
|
||||
{
|
||||
CHECK(js::DefineTestingFunctions(cx, global, false));
|
||||
CHECK(js::DefineTestingFunctions(cx, global, false, false));
|
||||
|
||||
JS::RootedValue val(cx);
|
||||
CHECK(evaluate("(function one() { \n" // 1
|
||||
|
|
|
|||
|
|
@ -1078,7 +1078,7 @@ js::GetTestingFunctions(JSContext* cx)
|
|||
if (!obj)
|
||||
return nullptr;
|
||||
|
||||
if (!DefineTestingFunctions(cx, obj, false))
|
||||
if (!DefineTestingFunctions(cx, obj, false, false))
|
||||
return nullptr;
|
||||
|
||||
return obj;
|
||||
|
|
|
|||
|
|
@ -186,6 +186,7 @@ static FILE* gOutFile = nullptr;
|
|||
static bool reportWarnings = true;
|
||||
static bool compileOnly = false;
|
||||
static bool fuzzingSafe = false;
|
||||
static bool disableOOMFunctions = false;
|
||||
|
||||
#ifdef DEBUG
|
||||
static bool dumpEntrainedVariables = false;
|
||||
|
|
@ -5781,7 +5782,7 @@ NewGlobalObject(JSContext* cx, JS::CompartmentOptions& options,
|
|||
{
|
||||
return nullptr;
|
||||
}
|
||||
if (!js::DefineTestingFunctions(cx, glob, fuzzingSafe))
|
||||
if (!js::DefineTestingFunctions(cx, glob, fuzzingSafe, disableOOMFunctions))
|
||||
return nullptr;
|
||||
|
||||
if (!fuzzingSafe) {
|
||||
|
|
@ -6212,6 +6213,9 @@ Shell(JSContext* cx, OptionParser* op, char** envp)
|
|||
else
|
||||
fuzzingSafe = (getenv("MOZ_FUZZING_SAFE") && getenv("MOZ_FUZZING_SAFE")[0] != '0');
|
||||
|
||||
if (op->getBoolOption("disable-oom-functions"))
|
||||
disableOOMFunctions = true;
|
||||
|
||||
RootedObject glob(cx);
|
||||
JS::CompartmentOptions options;
|
||||
options.setVersion(JSVERSION_LATEST);
|
||||
|
|
@ -6411,6 +6415,8 @@ main(int argc, char** argv, char** envp)
|
|||
|| !op.addBoolOption('\0', "no-avx", "No-op. AVX is currently disabled by default.")
|
||||
|| !op.addBoolOption('\0', "fuzzing-safe", "Don't expose functions that aren't safe for "
|
||||
"fuzzers to call")
|
||||
|| !op.addBoolOption('\0', "disable-oom-functions", "Disable functions that cause "
|
||||
"artificial OOMs")
|
||||
|| !op.addBoolOption('\0', "no-threads", "Disable helper threads")
|
||||
#ifdef DEBUG
|
||||
|| !op.addBoolOption('\0', "dump-entrained-variables", "Print variables which are "
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче