diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-12 05:35:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-12 05:35:29 +0000 |
commit | 59203c63bb777a3bacec32fb8830fba33540e809 (patch) | |
tree | 58298e711c0ff0575818c30485b44a2f21bf28a0 /toolkit/components/uniffi-js/UniFFIPointer.cpp | |
parent | Adding upstream version 126.0.1. (diff) | |
download | firefox-59203c63bb777a3bacec32fb8830fba33540e809.tar.xz firefox-59203c63bb777a3bacec32fb8830fba33540e809.zip |
Adding upstream version 127.0.upstream/127.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'toolkit/components/uniffi-js/UniFFIPointer.cpp')
-rw-r--r-- | toolkit/components/uniffi-js/UniFFIPointer.cpp | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/toolkit/components/uniffi-js/UniFFIPointer.cpp b/toolkit/components/uniffi-js/UniFFIPointer.cpp index 8e79bac0db..7227e1f0c6 100644 --- a/toolkit/components/uniffi-js/UniFFIPointer.cpp +++ b/toolkit/components/uniffi-js/UniFFIPointer.cpp @@ -73,6 +73,16 @@ void UniFFIPointer::Write(const ArrayBuffer& aArrayBuff, uint32_t aPosition, MOZ_LOG(sUniFFIPointerLogger, LogLevel::Info, ("[UniFFI] Writing Pointer to buffer")); + // Clone the pointer outside of ProcessData, since the JS hazard checker + // assumes the call could result in a GC pass. + // + // This means that if the code below fails, we will leak a reference to the + // pointer. This is acceptable because the code should will only fail if + // UniFFI incorrectly sizes the array buffers which should be caught by our + // unit tests. Also, there's no way to protect against this in general since + // if anything fails after writing a pointer to the array then the reference + // will leak. + void* clone = ClonePtr(); CheckedUint32 end = CheckedUint32(aPosition) + 8; if (!end.isValid() || !aArrayBuff.ProcessData([&](const Span<uint8_t>& aData, JS::AutoCheckCannotGC&&) { @@ -82,14 +92,7 @@ void UniFFIPointer::Write(const ArrayBuffer& aArrayBuff, uint32_t aPosition, // in Rust and Read(), a u64 is read as BigEndian and then converted to // a pointer we do the reverse here const auto& data_ptr = aData.Subspan(aPosition, 8); - // The hazard checker assumes all calls to a function pointer may result - // in a GC call and `ClonePtr` calls mType->clone. However, we know that - // mtype->clone won't make a GC call since it's essentially just a call - // to Rust's `Arc::clone()`. Use AutoSuppressGCAnalysis to tell the - // hazard checker to ignore the call. - JS::AutoSuppressGCAnalysis suppress; - mozilla::BigEndian::writeUint64(data_ptr.Elements(), - (uint64_t)ClonePtr()); + mozilla::BigEndian::writeUint64(data_ptr.Elements(), (uint64_t)clone); return true; })) { aError.ThrowRangeError("position is out of range"); |