Fix:
/var/lib/jenkins/workspace/firefox-clang-lld-last/security/sandbox/chromium/base/time/time.h:796:18: error: implicit conversion from 'long' to 'double' changes value from 922337203
return value > std::numeric_limits<int64_t>::max()
~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Upstream code is very different now (uses some saturated_cast):
https://chromium.googlesource.com/chromium/src/base/+/master/time/time.h#846
Differential Revision: https://phabricator.services.mozilla.com/D43786
--HG--
extra : moz-landing-system : lando
This is because we are hitting it frequently during PolicyBase::OnJobEmpty and
currently we can't work out how this can happen.
Differential Revision: https://phabricator.services.mozilla.com/D38090
--HG--
extra : moz-landing-system : lando
This updates security/sandbox/chromium/ files to chromium commit 84108231f6e6e0772fb9a4643679ce76aa771e67.
Existing and new patches applied from security/sandbox/chromium-shim/patches/with_update/ to give a compiling and mostly working browser.
See patch files for additional commit comments.
--HG--
rename : security/sandbox/chromium-shim/base/debug/debugging_flags.h => security/sandbox/chromium-shim/base/debug/debugging_buildflags.h
rename : security/sandbox/chromium-shim/base/win/base_features.h => security/sandbox/chromium-shim/base/win/base_win_buildflags.h
There's a bug in ole32.dll on arm64 versions of Windows prior to 1809, that crashes our content processes if we enable CFG. We've reported the issue, but even if it gets fixed, we can't assume users will have the update.
This patch uses process mitigation policy flags to disable CFG on arm64 before 1809. Based on testing, we only need to do this in the sandbox for child processes, and it's not strictly necessary for the launcher stub to set the flag on the main process. But I've included that anyway as a guard against some yet-undiscovered scenario that might hit the issue and make the browser unusable.
The effects of this patch won't be visible until we actually enable CFG in a subsequent landing.
Differential Revision: https://phabricator.services.mozilla.com/D29474
--HG--
extra : moz-landing-system : lando
There's a bug in ole32.dll on arm64 versions of Windows prior to 1809, that crashes our content processes if we enable CFG. We've reported the issue, but even if it gets fixed, we can't assume users will have the update.
This patch uses process mitigation policy flags to disable CFG on arm64 before 1809. Based on testing, we only need to do this in the sandbox for child processes, and it's not strictly necessary for the launcher stub to set the flag on the main process. But I've included that anyway as a guard against some yet-undiscovered scenario that might hit the issue and make the browser unusable.
The effects of this patch won't be visible until we actually enable CFG in a subsequent landing.
Differential Revision: https://phabricator.services.mozilla.com/D29474
--HG--
extra : moz-landing-system : lando
In Bug 1462100 we started casting to void* because mingw doesn't do
automatic conversions like MSVC does. In Bug 1498695 I backed out that
change because I (mistakenly) thought it wasn't necessary for mingw-clang
when in actuality, I simply wasn't hitting the code path due to
SANDBOX_EXPORTS being defined.
Since we want to _not_ define SANDBOX_EXPORTS I need to put the original
patch back in place.
--HG--
extra : amend_source : a26eec746e7881fa88b963c8dd3c1fa900b6a8b6
mingw-clang, when using SEH exceptions, compile these fine but don't unwind
them properly. When using sj/lj exceptions it can't compile them at all.
--HG--
extra : histedit_source : 4bda121d4d60ab6e7cf51a3d4287261c81904fe2
I'm not adding a patch to security/sandbox/chromium-shim/patches for this,
because we need to get this fixed ASAP, certainly before we take another update.
This function is a technique to name a thread for debugging purposes,
and it always throws an exception (and then continues). On MinGW
we don't want it to throw an exception, so we do nothing.
This means on MinGW we won't get nice thread naming during debugging,
but we'll limp along.
MozReview-Commit-ID: JRKY4wp7sdu
--HG--
extra : rebase_source : 439205d83167dcde5306f9899244e7d336116111
This reverts 6e41201152dd (Bug 1431621) which compiled but did not link.
It also fixes the original issue by removing the stray \ at the end of the
line that was causing the error.
MozReview-Commit-ID: LgaxYK3EOwR
--HG--
extra : rebase_source : 7de3b5126417ea99ff7fee3a809e556b5a2de4a6
error: invalid conversion from 'FARPROC {aka int (__attribute__((__stdcall__)) *)()}' to 'void*' [-fpermissive]
According to http://stackoverflow.com/questions/13958081/, msvc does the fixup
MozReview-Commit-ID: HTghe9uL0EP
--HG--
extra : rebase_source : b083b9247aa07ba58c23b3b3a2e5b19c7393dafb
On MinGW, these typedefs are the same, and mingw complains about duplicate instantiations.
Rather than use -fpermissive, just comment out the second instantiation.
MozReview-Commit-ID: 5prsrStgwKY
--HG--
extra : rebase_source : 843340df6e2ce835794b4f370f846b249babf93c
Note that MinGW defines it without __builtin_extract_return_addr which
means we're dropping that, but the gcc documentation indicates that
shouldn't be an issue. It is needed when a fixup is necessary:
> For example, on the 31-bit S/390 platform the highest bit has to
> be masked out, or on SPARC platforms an offset has to be added for
> the true next instruction to be executed.
MozReview-Commit-ID: 4D5bIT9Fei4
--HG--
extra : rebase_source : 3f959d72ab3a756e0d636b5eaaf3e883042e9865
This updates security/sandbox/chromium/ files to chromium commit 937db09514e061d7983e90e0c448cfa61680f605.
Additional patches re-applied from security/sandbox/chromium-shim/patches/with_update/ to give a compiling and mostly working browser.
See patch files for additional commit comments.
This is 0cb5dadc2b1f84fbbd9c6f75056e38d05a5b07d3 and
db4c64b63d6098294ed255e962700fd2d465575e in the chromium repository.
This allows a single process to create sandboxed children with alternate
desktops on both an alternate winstation and the local winstation.
MozReview-Commit-ID: 8sS7LjoveOk
--HG--
extra : rebase_source : 6915af73743f87ed74ddefe04210dbdd95bb56ed
Bob Owen
Sylvestre Ledru
Gian-Carlo Pascutto
Tom Ritter
David Major
Coroiu Cristina
Chris Peterson
Csoregi Natalia
Gian-Carlo Pascutto
Alex Gaynor
James Forshaw