Bug 1325834: Add MOZ_DIAGNOSTIC_ASSERTs to mscom proxy deserialization code; r=jimm

MozReview-Commit-ID: 9i4A1SFkyZP --HG-- extra : amend_source : 408641f3624861d6ce624e4766994dbc3d37e10c
2017-01-10 13:55:32 -07:00 · 2017-01-10 13:55:32 -07:00 · ab058eb02b
--- a/ipc/mscom/COMPtrHolder.h
+++ b/ipc/mscom/COMPtrHolder.h
@ -7,6 +7,7 @@
 #ifndef mozilla_mscom_COMPtrHolder_h
 #define mozilla_mscom_COMPtrHolder_h

+#include "mozilla/Assertions.h"
 #include "mozilla/Attributes.h"
 #include "mozilla/Move.h"
 #include "mozilla/mscom/ProxyStream.h"
@ -125,13 +126,16 @@ struct ParamTraits<mozilla::mscom::COMPtrHolder<Interface, _IID>>
    }

    mozilla::mscom::ProxyStream proxyStream(buf.get(), length);
+    MOZ_DIAGNOSTIC_ASSERT(proxyStream.IsValid());
    if (!proxyStream.IsValid()) {
      return false;
    }
+
    Interface* rawInterface = nullptr;
    if (!proxyStream.GetInterface(_IID, (void**)&rawInterface)) {
      return false;
    }
+
    typename paramType::COMPtrType ptr(rawInterface);
    aResult->Set(mozilla::Move(ptr));
    return true;
--- a/ipc/mscom/ProxyStream.cpp
+++ b/ipc/mscom/ProxyStream.cpp
@ -40,7 +40,7 @@ ProxyStream::ProxyStream(const BYTE* aInitBuf, const int aInitBufSize)
  // NB: We can't check for a null mStream until after we have checked for
  // the zero aInitBufSize above. This is because InitStream will also fail
  // in that case, even though marshaling a nullptr is allowable.
-  MOZ_ASSERT(mStream);
+  MOZ_DIAGNOSTIC_ASSERT(mStream);
  if (!mStream) {
    return;
  }
@ -54,10 +54,10 @@ ProxyStream::ProxyStream(const BYTE* aInitBuf, const int aInitBufSize)
    IUnknown* rawUnmarshaledProxy = nullptr;
    // OK to forget mStream when calling into this function because the stream
    // gets released even if the unmarshaling part fails.
-    DebugOnly<HRESULT> hr =
-      ::CoGetInterfaceAndReleaseStream(mStream.forget().take(), IID_IUnknown,
-                                       (void**)&rawUnmarshaledProxy);
-    MOZ_ASSERT(SUCCEEDED(hr));
+    HRESULT hr = ::CoGetInterfaceAndReleaseStream(mStream.forget().take(),
+                                                  IID_IUnknown,
+                                                  (void**)&rawUnmarshaledProxy);
+    MOZ_DIAGNOSTIC_ASSERT(SUCCEEDED(hr));
    mUnmarshaledProxy.reset(rawUnmarshaledProxy);
  };

@ -77,9 +77,12 @@ ProxyStream::InitStream(const BYTE* aInitBuf, const UINT aInitBufSize)
  // Need to link to this as ordinal 12 for Windows XP
  static DynamicallyLinkedFunctionPtr<decltype(&::SHCreateMemStream)>
    pSHCreateMemStream(L"shlwapi.dll", reinterpret_cast<const char*>(12));
+
+  MOZ_DIAGNOSTIC_ASSERT(pSHCreateMemStream);
  if (!pSHCreateMemStream) {
    return nullptr;
  }
+
  return already_AddRefed<IStream>(pSHCreateMemStream(aInitBuf, aInitBufSize));
 }

@ -128,8 +131,8 @@ bool
 ProxyStream::GetInterface(REFIID aIID, void** aOutInterface) const
 {
  // We should not have a locked buffer on this side
-  MOZ_ASSERT(!mGlobalLockedBuf);
-  MOZ_ASSERT(aOutInterface);
+  MOZ_DIAGNOSTIC_ASSERT(!mGlobalLockedBuf);
+  MOZ_DIAGNOSTIC_ASSERT(aOutInterface);

  if (!aOutInterface) {
    return false;
@ -152,6 +155,8 @@ ProxyStream::GetInterface(REFIID aIID, void** aOutInterface) const
    // mUnmarshaledProxy requires that we execute this in the MTA
    EnsureMTA mta(qiFn);
  }
+
+  MOZ_DIAGNOSTIC_ASSERT(SUCCEEDED(hr));
  return SUCCEEDED(hr);
 }

@ -166,18 +171,20 @@ ProxyStream::ProxyStream(REFIID aIID, IUnknown* aObject)
  auto marshalFn = [&]() -> void
  {
    HRESULT hr = ::CreateStreamOnHGlobal(nullptr, TRUE, getter_AddRefs(stream));
+    MOZ_DIAGNOSTIC_ASSERT(SUCCEEDED(hr));
    if (FAILED(hr)) {
      return;
    }

    hr = ::CoMarshalInterface(stream, aIID, aObject, MSHCTX_LOCAL, nullptr,
                              MSHLFLAGS_NORMAL);
+    MOZ_DIAGNOSTIC_ASSERT(SUCCEEDED(hr));
    if (FAILED(hr)) {
      return;
    }

    hr = ::GetHGlobalFromStream(stream, &hglobal);
-    MOZ_ASSERT(SUCCEEDED(hr));
+    MOZ_DIAGNOSTIC_ASSERT(SUCCEEDED(hr));
  };

  if (XRE_IsParentProcess()) {