From e6bb32cdcba05efa09954af0f66dd8007c9ed00f Mon Sep 17 00:00:00 2001 From: Jon Coppeard Date: Tue, 2 Oct 2018 10:36:29 +0100 Subject: [PATCH] Bug 1491326 - Make oomTest() fuzzing safe by ensuring expectExceptionOnFailure parameter is false when fuzzing r=nbp --- js/src/builtin/TestingFunctions.cpp | 11 ++++++----- js/src/jit-test/tests/gc/bug-1491326.js | 9 +++++++++ 2 files changed, 15 insertions(+), 5 deletions(-) create mode 100644 js/src/jit-test/tests/gc/bug-1491326.js diff --git a/js/src/builtin/TestingFunctions.cpp b/js/src/builtin/TestingFunctions.cpp index cab9173ab84e..0ff28d283ccc 100644 --- a/js/src/builtin/TestingFunctions.cpp +++ b/js/src/builtin/TestingFunctions.cpp @@ -2012,11 +2012,6 @@ ParseIterativeFailureTestParams(JSContext* cx, const CallArgs& args, } params->testFunction = &args[0].toObject().as(); - // There are some places where we do fail without raising an exception, so - // we can't expose this to the fuzzers by default. - if (fuzzingSafe) - params->expectExceptionOnFailure = false; - if (args.length() == 2) { if (args[1].isBoolean()) { params->expectExceptionOnFailure = args[1].toBoolean(); @@ -2043,6 +2038,12 @@ ParseIterativeFailureTestParams(JSContext* cx, const CallArgs& args, } } + // There are some places where we do fail without raising an exception, so + // we can't expose this to the fuzzers by default. + if (fuzzingSafe) { + params->expectExceptionOnFailure = false; + } + // Test all threads by default. params->threadStart = oom::FirstThreadTypeToTest; params->threadEnd = oom::LastThreadTypeToTest; diff --git a/js/src/jit-test/tests/gc/bug-1491326.js b/js/src/jit-test/tests/gc/bug-1491326.js new file mode 100644 index 000000000000..51f59574b031 --- /dev/null +++ b/js/src/jit-test/tests/gc/bug-1491326.js @@ -0,0 +1,9 @@ +// |jit-test| --fuzzing-safe + +if (!('oomTest') in this) + quit(); + +var g = newGlobal(); +g.parent = this; +g.eval("new Debugger(parent).onExceptionUnwind = function() {}"); +oomTest(() => l, (true));