1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
/* -*- Mode: javascript; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
// This function can be used to "sanitize" a new global for fuzzing in such
// a way that permanent side-effects, hangs and behavior that could be harmful
// to libFuzzer targets is reduced to a minimum.
function sanitizeGlobal(g) {
let lfFuncs = {
// Noisy functions (output)
backtrace: function () { },
getBacktrace: function () { },
help: function () { },
print: function (s) { return s.toString(); },
printErr: function (s) { return s.toString(); },
putstr: function (s) { return s.toString(); },
stackDump: function () { },
dumpHeap: function () { },
dumpScopeChain: function () { },
dumpObjectWrappers: function () { },
dumpGCArenaInfo: function () { },
printProfilerEvents: function () { },
// Harmful functions (hangs, timeouts, leaks)
getLcovInfo: function () { },
readline: function () { },
readlineBuf: function () { },
timeout: function () { },
quit: function () { },
interruptIf: function () { },
terminate: function () { },
invokeInterruptCallback: function () { },
setInterruptCallback: function () { },
intern: function () { },
evalInWorker: function () { },
sleep: function () { },
cacheEntry: function () { },
streamCacheEntry: function () { },
createMappedArrayBuffer: function () { },
wasmCompileInSeparateProcess: function () { },
gcparam: function () { },
newGlobal: function () { return g; },
// Harmful functions (throw)
assertEq: function (a, b) { return a.toString() == b.toString(); },
throwError: function () { },
reportOutOfMemory: function () { },
throwOutOfMemory: function () { },
reportLargeAllocationFailure: function () { },
// Functions that need limiting
gczeal: function (m, f) { return gczeal(m, 100); },
startgc: function (n, o) { startgc(n > 20 ? 20 : n, o); },
gcslice: function (n) { gcslice(n > 20 ? 20 : n); },
// Global side-effects
deterministicgc: function () { },
fullcompartmentchecks: function () { },
setIonCheckGraphCoherency: function () { },
enableShellAllocationMetadataBuilder: function () { },
setTimeResolution: function () { },
options: function () { return "tracejit,methodjit,typeinfer"; },
setJitCompilerOption: function () { },
clearLastWarning: function () { },
enableSingleStepProfiling: function () { },
disableSingleStepProfiling: function () { },
enableGeckoProfiling: function () { },
enableGeckoProfilingWithSlowAssertions: function () { },
disableGeckoProfiling: function () { },
enqueueJob: function () { },
globalOfFirstJobInQueue: function () { },
drainJobQueue: function () { },
setPromiseRejectionTrackerCallback: function () { },
startTimingMutator: function () { },
stopTimingMutator: function () { },
setModuleLoadHook: function () { },
// Left enabled, as it is required for now to avoid leaks
//setModuleResolveHook: function() {},
setModuleMetadataHook: function () { },
setModuleDynamicImportHook: function () { },
finishDynamicModuleImport: function () { },
abortDynamicModuleImport: function () { },
offThreadCompileToStencil: function () { },
offThreadCompileModuleToStencil: function () { },
offThreadDecodeStencil: function () { },
finishOffThreadStencil: function () { },
addPromiseReactions: function () { },
ignoreUnhandledRejections: function () { },
enableTrackAllocations: function () { },
disableTrackAllocations: function () { },
setTestFilenameValidationCallback: function () { },
};
for (let lfFunc in lfFuncs) {
g[lfFunc] = lfFuncs[lfFunc];
}
return g;
}
|