diff options
Diffstat (limited to 'js/xpconnect')
| -rw-r--r-- | js/xpconnect/crashtests/601284-1.html | 2 | ||||
| -rw-r--r-- | js/xpconnect/idl/xpccomponents.idl | 14 | ||||
| -rw-r--r-- | js/xpconnect/loader/mozJSModuleLoader.cpp | 10 | ||||
| -rw-r--r-- | js/xpconnect/shell/moz.build | 7 | ||||
| -rw-r--r-- | js/xpconnect/shell/xpcshell.cpp | 3 | ||||
| -rw-r--r-- | js/xpconnect/src/JSServices.cpp | 5 | ||||
| -rw-r--r-- | js/xpconnect/src/Sandbox.cpp | 7 | ||||
| -rw-r--r-- | js/xpconnect/src/XPCComponents.cpp | 7 | ||||
| -rw-r--r-- | js/xpconnect/src/XPCJSContext.cpp | 6 | ||||
| -rw-r--r-- | js/xpconnect/src/XPCShellImpl.cpp | 7 | ||||
| -rw-r--r-- | js/xpconnect/src/XPCString.cpp | 9 | ||||
| -rw-r--r-- | js/xpconnect/src/moz.build | 2 | ||||
| -rw-r--r-- | js/xpconnect/src/xpcprivate.h | 1 | ||||
| -rw-r--r-- | js/xpconnect/src/xpcpublic.h | 4 | ||||
| -rw-r--r-- | js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.cpp | 8 | ||||
| -rw-r--r-- | js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.h | 4 | ||||
| -rw-r--r-- | js/xpconnect/tests/chrome/test_xrayToJS.xhtml | 6 | ||||
| -rw-r--r-- | js/xpconnect/tests/idl/xpctest_utils.idl | 24 |
18 files changed, 70 insertions, 56 deletions
diff --git a/js/xpconnect/crashtests/601284-1.html b/js/xpconnect/crashtests/601284-1.html index 3bd3b2bef9..3459e40b46 100644 --- a/js/xpconnect/crashtests/601284-1.html +++ b/js/xpconnect/crashtests/601284-1.html @@ -16,7 +16,7 @@ function boom() <body onload="boom();"> -<iframe id="f" src="data:application/xhtml+xml,<html xmlns='http://www.w3.org/1999/xhtml'><body><marquee></marquee></body></html>"></iframe> +<iframe id="f" src="data:application/xhtml+xml,<html xmlns='http://www.w3.org/1999/xhtml'><body><marquee style='display: none'></marquee></body></html>"></iframe> </body> </html> diff --git a/js/xpconnect/idl/xpccomponents.idl b/js/xpconnect/idl/xpccomponents.idl index 47ed22e3a5..0146f407b5 100644 --- a/js/xpconnect/idl/xpccomponents.idl +++ b/js/xpconnect/idl/xpccomponents.idl @@ -211,10 +211,10 @@ interface nsIXPCComponents_Utils : nsISupports * object that you want to make available as a global to code running in * the sandbox. Possible values: Blob, ChromeUtils, CSS, CSSRule, * Directory, DOMParser, Element, Event, File, FileReader, FormData, - * InspectorUtils, MessageChannel, Node, NodeFilter, PromiseDebugging, - * TextDecoder, TextEncoder, URL, URLSearchParams, XMLHttpRequest, - * XMLSerializer, atob, btoa, caches, crypto, fetch, indexedDB, - * rtcIdentityProvider + * InspectorCSSParser, InspectorUtils, MessageChannel, Node, NodeFilter, + PromiseDebugging, TextDecoder, TextEncoder, URL, URLSearchParams, + XMLHttpRequest, XMLSerializer, atob, btoa, caches, crypto, fetch, + indexedDB, rtcIdentityProvider * - wantXrays: {Boolean} Whether the sandbox wants Xray vision with * respect to same-origin objects outside the sandbox. * Note that wantXrays is essentially deprecated. The preferred method @@ -683,12 +683,6 @@ interface nsIXPCComponents_Utils : nsISupports string getClassName(in jsval aObj, in boolean aUnwrap); /** - * Get a DOM classinfo for the given classname. Only some class - * names are supported. - */ - nsIClassInfo getDOMClassInfo(in AString aClassName); - - /** * Gets the incument global for the execution of this function. For internal * and testing use only. * diff --git a/js/xpconnect/loader/mozJSModuleLoader.cpp b/js/xpconnect/loader/mozJSModuleLoader.cpp index cdf4df1970..5a9b552357 100644 --- a/js/xpconnect/loader/mozJSModuleLoader.cpp +++ b/js/xpconnect/loader/mozJSModuleLoader.cpp @@ -788,9 +788,9 @@ class ScriptReaderRunnable final : public nsIRunnable, mRv = aRv; RefPtr<dom::MainThreadStopSyncLoopRunnable> runnable = - new dom::MainThreadStopSyncLoopRunnable( - mWorkerPrivate, std::move(mSyncLoopTarget), mRv); - MOZ_ALWAYS_TRUE(runnable->Dispatch()); + new dom::MainThreadStopSyncLoopRunnable(std::move(mSyncLoopTarget), + mRv); + MOZ_ALWAYS_TRUE(runnable->Dispatch(mWorkerPrivate)); mWorkerPrivate = nullptr; mSyncLoopTarget = nullptr; @@ -1505,7 +1505,7 @@ nsresult mozJSModuleLoader::GetLoadedJSAndESModules( #ifdef STARTUP_RECORDER_ENABLED void mozJSModuleLoader::RecordImportStack(JSContext* aCx, const nsACString& aLocation) { - if (!Preferences::GetBool("browser.startup.record", false)) { + if (!StaticPrefs::browser_startup_record()) { return; } @@ -1515,7 +1515,7 @@ void mozJSModuleLoader::RecordImportStack(JSContext* aCx, void mozJSModuleLoader::RecordImportStack( JSContext* aCx, JS::loader::ModuleLoadRequest* aRequest) { - if (!Preferences::GetBool("browser.startup.record", false)) { + if (!StaticPrefs::browser_startup_record()) { return; } diff --git a/js/xpconnect/shell/moz.build b/js/xpconnect/shell/moz.build index de3b050b79..0fe251bbd9 100644 --- a/js/xpconnect/shell/moz.build +++ b/js/xpconnect/shell/moz.build @@ -10,8 +10,11 @@ SOURCES += [ "xpcshell.cpp", ] -if CONFIG["LIBFUZZER"]: - USE_LIBS += ["fuzzer"] +if CONFIG["FUZZING_INTERFACES"]: + if CONFIG["LIBFUZZER"]: + USE_LIBS += ["fuzzer"] + else: + USE_LIBS += ["fuzzer-interface"] if CONFIG["MOZ_WIDGET_TOOLKIT"] == "cocoa": SOURCES += [ diff --git a/js/xpconnect/shell/xpcshell.cpp b/js/xpconnect/shell/xpcshell.cpp index 5e44db3b34..02de402743 100644 --- a/js/xpconnect/shell/xpcshell.cpp +++ b/js/xpconnect/shell/xpcshell.cpp @@ -77,6 +77,9 @@ int main(int argc, char** argv, char** envp) { #ifdef LIBFUZZER shellData.fuzzerDriver = fuzzer::FuzzerDriver; #endif +#ifdef AFLFUZZ + shellData.fuzzerDriver = afl_interface_raw; +#endif int result = bootstrap->XRE_XPCShellMain(argc, argv, envp, &shellData); diff --git a/js/xpconnect/src/JSServices.cpp b/js/xpconnect/src/JSServices.cpp index cb8fe6cdca..e4d2350ffd 100644 --- a/js/xpconnect/src/JSServices.cpp +++ b/js/xpconnect/src/JSServices.cpp @@ -8,6 +8,7 @@ #include "StaticComponents.h" #include "mozilla/ErrorResult.h" #include "mozilla/ProfilerLabels.h" +#include "js/Debug.h" // JS::dbg::ShouldAvoidSideEffects #include "js/PropertyAndElement.h" // JS_DefineProperty, JS_DefinePropertyById #include "js/String.h" // JS::LinearStringHasLatin1Chars #include "nsJSUtils.h" @@ -136,6 +137,10 @@ static JSObject* GetService(JSContext* cx, const xpcom::JSServiceEntry& service, static bool Services_Resolve(JSContext* cx, HandleObject obj, HandleId id, bool* resolvedp) { *resolvedp = false; + if (JS::dbg::ShouldAvoidSideEffects(cx)) { + return false; + } + JSLinearString* name = GetNameIfLatin1(id); if (!name) { return true; diff --git a/js/xpconnect/src/Sandbox.cpp b/js/xpconnect/src/Sandbox.cpp index ed77605193..0af438d7ce 100644 --- a/js/xpconnect/src/Sandbox.cpp +++ b/js/xpconnect/src/Sandbox.cpp @@ -928,6 +928,8 @@ bool xpc::GlobalProperties::Parse(JSContext* cx, JS::HandleObject obj) { Headers = true; } else if (JS_LinearStringEqualsLiteral(nameStr, "IOUtils")) { IOUtils = true; + } else if (JS_LinearStringEqualsLiteral(nameStr, "InspectorCSSParser")) { + InspectorCSSParser = true; } else if (JS_LinearStringEqualsLiteral(nameStr, "InspectorUtils")) { InspectorUtils = true; } else if (JS_LinearStringEqualsLiteral(nameStr, "MessageChannel")) { @@ -1075,6 +1077,11 @@ bool xpc::GlobalProperties::Define(JSContext* cx, JS::HandleObject obj) { return false; } + if (InspectorCSSParser && + !dom::InspectorCSSParser_Binding::GetConstructorObject(cx)) { + return false; + } + if (InspectorUtils && !dom::InspectorUtils_Binding::GetConstructorObject(cx)) return false; diff --git a/js/xpconnect/src/XPCComponents.cpp b/js/xpconnect/src/XPCComponents.cpp index 25feaf851c..10425e935e 100644 --- a/js/xpconnect/src/XPCComponents.cpp +++ b/js/xpconnect/src/XPCComponents.cpp @@ -2182,13 +2182,6 @@ nsXPCComponents_Utils::GetClassName(HandleValue aObj, bool aUnwrap, } NS_IMETHODIMP -nsXPCComponents_Utils::GetDOMClassInfo(const nsAString& aClassName, - nsIClassInfo** aClassInfo) { - *aClassInfo = nullptr; - return NS_ERROR_NOT_AVAILABLE; -} - -NS_IMETHODIMP nsXPCComponents_Utils::GetIncumbentGlobal(HandleValue aCallback, JSContext* aCx, MutableHandleValue aOut) { nsCOMPtr<nsIGlobalObject> global = mozilla::dom::GetIncumbentGlobal(); diff --git a/js/xpconnect/src/XPCJSContext.cpp b/js/xpconnect/src/XPCJSContext.cpp index 8f3621f9c5..4125a90147 100644 --- a/js/xpconnect/src/XPCJSContext.cpp +++ b/js/xpconnect/src/XPCJSContext.cpp @@ -25,6 +25,7 @@ #include "nsPrintfCString.h" #include "mozilla/Preferences.h" #include "mozilla/Telemetry.h" +#include "mozilla/MemoryTelemetry.h" #include "mozilla/Services.h" #ifdef FUZZING # include "mozilla/StaticPrefs_fuzzing.h" @@ -1433,6 +1434,11 @@ void XPCJSContext::AfterProcessTask(uint32_t aNewRecursionDepth) { nsJSContext::MaybePokeCC(); CycleCollectedJSContext::AfterProcessTask(aNewRecursionDepth); + // Poke the memory telemetry reporter + if (AppShutdown::GetCurrentShutdownPhase() == ShutdownPhase::NotInShutdown) { + MemoryTelemetry::Get().Poke(); + } + // This exception might have been set if we called an XPCWrappedJS that threw, // but now we're returning to the event loop, so nothing is going to look at // this value again. Clear it to prevent leaks. diff --git a/js/xpconnect/src/XPCShellImpl.cpp b/js/xpconnect/src/XPCShellImpl.cpp index b36ba56aed..15afacbaa7 100644 --- a/js/xpconnect/src/XPCShellImpl.cpp +++ b/js/xpconnect/src/XPCShellImpl.cpp @@ -1363,16 +1363,11 @@ int XRE_XPCShellMain(int argc, char** argv, char** envp, { #ifdef FUZZING_INTERFACES if (fuzzHaveModule) { -# ifdef LIBFUZZER // argv[0] was removed previously, but libFuzzer expects it argc++; argv--; - result = FuzzXPCRuntimeStart(&jsapi, &argc, &argv, - aShellData->fuzzerDriver); -# elif AFLFUZZ - MOZ_CRASH("AFL is unsupported for XPC runtime fuzzing integration"); -# endif + result = FuzzXPCRuntimeStart(&jsapi, &argc, &argv, aShellData); } else { #endif // We are almost certainly going to run script here, so we need an diff --git a/js/xpconnect/src/XPCString.cpp b/js/xpconnect/src/XPCString.cpp index 5d784a02fd..651f3dde9f 100644 --- a/js/xpconnect/src/XPCString.cpp +++ b/js/xpconnect/src/XPCString.cpp @@ -104,8 +104,7 @@ bool XPCStringConvert::ReadableToJSVal(JSContext* cx, const nsAString& readable, return StringLiteralToJSVal(cx, readable.BeginReading(), length, vp); } - nsStringBuffer* buf = nsStringBuffer::FromString(readable); - if (buf) { + if (nsStringBuffer* buf = readable.GetStringBuffer()) { bool shared; if (!UCStringBufferToJSVal(cx, buf, length, vp, &shared)) { return false; @@ -138,8 +137,7 @@ bool XPCStringConvert::Latin1ToJSVal(JSContext* cx, const nsACString& latin1, length, vp); } - nsStringBuffer* buf = nsStringBuffer::FromString(latin1); - if (buf) { + if (nsStringBuffer* buf = latin1.GetStringBuffer()) { bool shared; if (!Latin1StringBufferToJSVal(cx, buf, length, vp, &shared)) { return false; @@ -170,8 +168,7 @@ bool XPCStringConvert::UTF8ToJSVal(JSContext* cx, const nsACString& utf8, cx, JS::UTF8Chars(utf8.BeginReading(), length), vp); } - nsStringBuffer* buf = nsStringBuffer::FromString(utf8); - if (buf) { + if (nsStringBuffer* buf = utf8.GetStringBuffer()) { bool shared; if (!UTF8StringBufferToJSVal(cx, buf, length, vp, &shared)) { return false; diff --git a/js/xpconnect/src/moz.build b/js/xpconnect/src/moz.build index 39d4baecec..4f99838dbd 100644 --- a/js/xpconnect/src/moz.build +++ b/js/xpconnect/src/moz.build @@ -50,7 +50,7 @@ UNIFIED_SOURCES += [ ] -if CONFIG["LIBFUZZER"]: +if CONFIG["FUZZING_INTERFACES"]: UNIFIED_SOURCES += ["xpcrtfuzzing/xpcrtfuzzing.cpp"] XPCOM_MANIFESTS += [ diff --git a/js/xpconnect/src/xpcprivate.h b/js/xpconnect/src/xpcprivate.h index 1e873d9c05..7b348e35b5 100644 --- a/js/xpconnect/src/xpcprivate.h +++ b/js/xpconnect/src/xpcprivate.h @@ -2204,6 +2204,7 @@ struct GlobalProperties { bool FormData : 1; bool Headers : 1; bool IOUtils : 1; + bool InspectorCSSParser : 1; bool InspectorUtils : 1; bool MessageChannel : 1; bool MIDIInputMap : 1; diff --git a/js/xpconnect/src/xpcpublic.h b/js/xpconnect/src/xpcpublic.h index 08da56e2fc..28e93a65b4 100644 --- a/js/xpconnect/src/xpcpublic.h +++ b/js/xpconnect/src/xpcpublic.h @@ -238,11 +238,11 @@ extern JS::UniqueChars xpc_PrintJSStack(JSContext* cx, bool showArgs, inline void AssignFromStringBuffer(nsStringBuffer* buffer, size_t len, nsAString& dest) { - buffer->ToString(len, dest); + dest.Assign(buffer, len); } inline void AssignFromStringBuffer(nsStringBuffer* buffer, size_t len, nsACString& dest) { - buffer->ToString(len, dest); + dest.Assign(buffer, len); } // readable string conversions, static methods and members only diff --git a/js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.cpp b/js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.cpp index 95982733cd..3d7b70cf84 100644 --- a/js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.cpp +++ b/js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.cpp @@ -39,7 +39,7 @@ static void CrashOnPendingException() { } int FuzzXPCRuntimeStart(AutoJSAPI* jsapi, int* argc, char*** argv, - LibFuzzerDriver fuzzerDriver) { + const XREShellData* aShellData) { gFuzzModuleName = getenv("FUZZER"); gJsapi = jsapi; @@ -49,7 +49,11 @@ int FuzzXPCRuntimeStart(AutoJSAPI* jsapi, int* argc, char*** argv, return ret; } - ret = fuzzerDriver(argc, argv, FuzzXPCRuntimeFuzz); +#ifdef AFLFUZZ + ret = aShellData->fuzzerDriver(FuzzXPCRuntimeFuzz); +#else + ret = aShellData->fuzzerDriver(argc, argv, FuzzXPCRuntimeFuzz); +#endif if (!ret) { fprintf(stdout, "Trying to shutdown!\n"); int shutdown = FuzzXPCRuntimeShutdown(); diff --git a/js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.h b/js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.h index 89cdf5996b..f5779cc435 100644 --- a/js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.h +++ b/js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.h @@ -10,11 +10,11 @@ #define shell_xpcrtfuzzing_h #include "mozilla/dom/ScriptSettings.h" // mozilla::dom::AutoJSAPI -#include "FuzzerRegistry.h" // LibFuzzerDriver +#include "XREShellData.h" // This is the entry point of the XPC runtime fuzzing code from the XPC shell int FuzzXPCRuntimeStart(mozilla::dom::AutoJSAPI* jsapi, int* argc, char*** argv, - LibFuzzerDriver); + const XREShellData*); // These are the traditional libFuzzer-style functions for initialization // and fuzzing iteration. diff --git a/js/xpconnect/tests/chrome/test_xrayToJS.xhtml b/js/xpconnect/tests/chrome/test_xrayToJS.xhtml index 9943055aea..6f4889fe21 100644 --- a/js/xpconnect/tests/chrome/test_xrayToJS.xhtml +++ b/js/xpconnect/tests/chrome/test_xrayToJS.xhtml @@ -313,8 +313,10 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=933681 constructorProps(["groupBy", Symbol.species]); gPrototypeProperties.Set = - ["constructor", "size", Symbol.toStringTag, "has", "add", "delete", - "keys", "values", "clear", "forEach", "entries", Symbol.iterator]; + [Symbol.toStringTag, Symbol.iterator, "add", "clear", "constructor", "delete", + "difference", "entries", "forEach", "has", "intersection", "isDisjointFrom", + "isSubsetOf", "isSupersetOf", "keys", "size", "symmetricDifference", "union", + "values"]; gConstructorProperties.Set = constructorProps([Symbol.species]); diff --git a/js/xpconnect/tests/idl/xpctest_utils.idl b/js/xpconnect/tests/idl/xpctest_utils.idl index db135fcbe1..3379a5253c 100644 --- a/js/xpconnect/tests/idl/xpctest_utils.idl +++ b/js/xpconnect/tests/idl/xpctest_utils.idl @@ -18,25 +18,29 @@ interface nsIXPCTestUtils : nsISupports { nsIXPCTestFunctionInterface doubleWrapFunction(in nsIXPCTestFunctionInterface f); }; -/* - * Test that non-[scriptable] interfaces and [noscript] members are not - * generated for TypeScript bindings. +/** + * TypeScript bindings specific tests. */ +// Typedefs with a TSNoncompat underlying type are not defined. +typedef voidPtr Noncompat; + +// Not [scriptable] interfaces are not generated. [uuid(ddf64cfb-668a-4571-a900-0fe2babb6249)] interface nsIXPCTestNotScriptable : nsISupports { // Empty. }; [scriptable, uuid(1bbfe703-c67d-4995-b061-564c8a1c39d7)] -interface nsIXPCTestNoScriptMembers : nsISupports { - [noscript] - attribute long noscriptProp; - +interface nsIXPCTestTypeScript : nsISupports { attribute long exposedProp; + void exposedMethod(in long arg); - [noscript] - void noscriptMethod(in long arg); + // Members referencing TSNoncompat typedefs are not exposed. + [noscript] attribute Noncompat noncompatProp; + [noscript] void noncompatMethod(in Noncompat arg); - void exposedMethod(in long arg); + // [noscript] attributes and methods are not exposed. + [noscript] attribute long noscriptProp; + [noscript] void noscriptMethod(in long arg); }; |