/src/mozilla-central/tools/fuzzing/messagemanager/MessageManagerFuzzer.cpp

Source (jump to first uncovered line)
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include <climits>
#include <cmath>
#include "FuzzingTraits.h"
#include "jsapi.h"
#include "jsfriendapi.h"
#include "js/CharacterEncoding.h"
#include "prenv.h"
#include "MessageManagerFuzzer.h"
#include "mozilla/ErrorResult.h"
#include "nsDebug.h"
#include "nsError.h"
#include "nsFrameMessageManager.h"
#include "nsJSUtils.h"
#include "nsXULAppAPI.h"
#include "nsNetCID.h"
#include "nsString.h"
#include "nsUnicharUtils.h"
#include "nsIFile.h"
#include "nsIFileStreams.h"
#include "nsILineInputStream.h"
#include "nsLocalFile.h"
#include "nsTArray.h"


#define MESSAGEMANAGER_FUZZER_DEFAULT_MUTATION_PROBABILITY 2
#define MSGMGR_FUZZER_LOG(fmt, args...)                         \
  if (MessageManagerFuzzer::IsLoggingEnabled()) {               \
    printf_stderr("[MessageManagerFuzzer] " fmt "\n", ## args); \
  }

namespace mozilla {
namespace dom {

using namespace fuzzing;
using namespace ipc;

/* static */
void
MessageManagerFuzzer::ReadFile(const char* path, nsTArray<nsCString> &aArray)
{
  nsCOMPtr<nsIFile> file;
  nsresult rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(path),
                                true,
                                getter_AddRefs(file));
  NS_ENSURE_SUCCESS_VOID(rv);

  bool exists = false;
  rv = file->Exists(&exists);
  if (NS_FAILED(rv) || !exists) {
    return;
  }

  nsCOMPtr<nsIFileInputStream> fileStream(
    do_CreateInstance(NS_LOCALFILEINPUTSTREAM_CONTRACTID, &rv));
  NS_ENSURE_SUCCESS_VOID(rv);

  rv = fileStream->Init(file, -1, -1, false);
  NS_ENSURE_SUCCESS_VOID(rv);

  nsCOMPtr<nsILineInputStream> lineStream(do_QueryInterface(fileStream, &rv));
  NS_ENSURE_SUCCESS_VOID(rv);

  nsAutoCString line;
  bool more = true;
  do {
    rv = lineStream->ReadLine(line, &more);
    NS_ENSURE_SUCCESS_VOID(rv);
    aArray.AppendElement(line);
  } while (more);
}

/* static */
bool
MessageManagerFuzzer::IsMessageNameBlacklisted(const nsAString& aMessageName) {
  static bool sFileLoaded = false;
  static nsTArray<nsCString> valuesInFile;

  if (!sFileLoaded) {
    ReadFile(PR_GetEnv("MESSAGEMANAGER_FUZZER_BLACKLIST"), valuesInFile);
    sFileLoaded = true;
  }

  if (valuesInFile.Length() == 0) {
    return false;
  }

  return valuesInFile.Contains(NS_ConvertUTF16toUTF8(aMessageName).get());
}

/* static */
nsCString
MessageManagerFuzzer::GetFuzzValueFromFile()
{
  static bool sFileLoaded = false;
  static nsTArray<nsCString> valuesInFile;

  if (!sFileLoaded) {
    ReadFile(PR_GetEnv("MESSAGEMANAGER_FUZZER_STRINGSFILE"), valuesInFile);
    sFileLoaded = true;
  }

  // If something goes wrong with importing the file we return an empty string.
  if (valuesInFile.Length() == 0) {
    return nsCString();
  }

  unsigned randIdx = RandomIntegerRange<unsigned>(0, valuesInFile.Length());
  return valuesInFile.ElementAt(randIdx);
}


/* static */
void
MessageManagerFuzzer::MutateObject(JSContext* aCx,
                                   JS::HandleValue aValue,
                                   unsigned short int aRecursionCounter)
{
  JS::Rooted<JSObject*> object(aCx, &aValue.toObject());
  JS::Rooted<JS::IdVector> ids(aCx, JS::IdVector(aCx));

  if (!JS_Enumerate(aCx, object, &ids)) {
    return;
  }

  for (size_t i = 0, n = ids.length(); i < n; i++) {
    // Retrieve Property name.
    nsAutoJSString propName;
    if (!propName.init(aCx, ids[i])) {
      continue;
    }
    MSGMGR_FUZZER_LOG("%*s- Property: %s",
                      aRecursionCounter*4, "",
                      NS_ConvertUTF16toUTF8(propName).get());

    // The likelihood when a value gets fuzzed of this object.
    if (!FuzzingTraits::Sometimes(DefaultMutationProbability())) {
      continue;
    }

    // Retrieve Property value.
    JS::RootedValue propertyValue(aCx);
    JS_GetPropertyById(aCx, object, ids[i], &propertyValue);

    JS::RootedValue newPropValue(aCx);
    MutateValue(aCx, propertyValue, &newPropValue, aRecursionCounter);

    JS_SetPropertyById(aCx, object, ids[i], newPropValue);
  }
}

/* static */
bool
MessageManagerFuzzer::MutateValue(JSContext* aCx,
                                  JS::HandleValue aValue,
                                  JS::MutableHandleValue aOutMutationValue,
                                  unsigned short int aRecursionCounter)
{
  if (aValue.isInt32()) {
    if (FuzzingTraits::Sometimes(DefaultMutationProbability() * 2)) {
      aOutMutationValue.set(JS::Int32Value(RandomNumericLimit<int>()));
    } else {
      aOutMutationValue.set(JS::Int32Value(RandomInteger<int>()));
    }
    MSGMGR_FUZZER_LOG("%*s! Mutated value of type |int32|: '%d' to '%d'",
                      aRecursionCounter * 4, "",
                      aValue.toInt32(), aOutMutationValue.toInt32());
    return true;
  }

  if (aValue.isDouble()) {
    aOutMutationValue.set(JS::DoubleValue(RandomFloatingPoint<double>()));
    MSGMGR_FUZZER_LOG("%*s! Mutated value of type |double|: '%f' to '%f'",
                      aRecursionCounter * 4, "",
                      aValue.toDouble(), aOutMutationValue.toDouble());
    return true;
  }

  if (aValue.isBoolean()) {
    aOutMutationValue.set(JS::BooleanValue(bool(RandomIntegerRange(0, 2))));
    MSGMGR_FUZZER_LOG("%*s! Mutated value of type |boolean|: '%d' to '%d'",
                      aRecursionCounter * 4, "",
                      aValue.toBoolean(), aOutMutationValue.toBoolean());
    return true;
  }

  if (aValue.isString()) {
    nsCString x = GetFuzzValueFromFile();
    if (x.IsEmpty()) {
      return false;
    }
    JSString* str = JS_NewStringCopyZ(aCx, x.get());
    aOutMutationValue.set(JS::StringValue(str));
    JS::RootedString rootedValue(aCx, aValue.toString());
    JS::UniqueChars valueChars = JS_EncodeStringToUTF8(aCx, rootedValue);
    MSGMGR_FUZZER_LOG("%*s! Mutated value of type |string|: '%s' to '%s'",
                      aRecursionCounter * 4, "",
                      valueChars.get(), x.get());
    return true;
  }

  if (aValue.isObject()) {
    aRecursionCounter++;
    MSGMGR_FUZZER_LOG("%*s<Enumerating found object>",
                      aRecursionCounter * 4, "");
    MutateObject(aCx, aValue, aRecursionCounter);
    aOutMutationValue.set(aValue);
    return true;
  }

  return false;
}

/* static */
bool
MessageManagerFuzzer::Mutate(JSContext* aCx,
                             const nsAString& aMessageName,
                             ipc::StructuredCloneData* aData,
                             const JS::Value& aTransfer)
{
  MSGMGR_FUZZER_LOG("Message: %s in process: %d",
                   NS_ConvertUTF16toUTF8(aMessageName).get(),
                   XRE_GetProcessType());

  unsigned short int aRecursionCounter = 0;
  ErrorResult rv;
  JS::RootedValue t(aCx, aTransfer);

  /* Read original StructuredCloneData. */
  JS::RootedValue scdContent(aCx);
  aData->Read(aCx, &scdContent, rv);
  if (NS_WARN_IF(rv.Failed())) {
    rv.SuppressException();
    JS_ClearPendingException(aCx);
    return false;
  }

  JS::RootedValue scdMutationContent(aCx);
  bool isMutated = MutateValue(aCx,
                               scdContent,
                               &scdMutationContent,
                               aRecursionCounter);

  /* Write mutated StructuredCloneData. */
  ipc::StructuredCloneData mutatedStructuredCloneData;
  mutatedStructuredCloneData.Write(aCx, scdMutationContent, t, rv);
  if (NS_WARN_IF(rv.Failed())) {
    rv.SuppressException();
    JS_ClearPendingException(aCx);
    return false;
  }

  // See: https://bugzilla.mozilla.org/show_bug.cgi?id=1346040
  aData->Copy(mutatedStructuredCloneData);

  /* Mutated and successfully written to StructuredCloneData object. */
  if (isMutated) {
    JS::RootedString str(aCx, JS_ValueToSource(aCx, scdMutationContent));
    JS::UniqueChars strChars = JS_EncodeStringToUTF8(aCx, str);
    MSGMGR_FUZZER_LOG("Mutated '%s' Message: %s",
                      NS_ConvertUTF16toUTF8(aMessageName).get(),
                      strChars.get());
  }

  return true;
}

/* static */
unsigned int
MessageManagerFuzzer::DefaultMutationProbability()
{
  static unsigned long sPropValue = MESSAGEMANAGER_FUZZER_DEFAULT_MUTATION_PROBABILITY;
  static bool sInitialized = false;

  if (sInitialized) {
    return sPropValue;
  }
  sInitialized = true;

  // Defines the likelihood of fuzzing a message.
  const char* probability = PR_GetEnv("MESSAGEMANAGER_FUZZER_MUTATION_PROBABILITY");
  if (probability) {
    long n = std::strtol(probability, nullptr, 10);
    if (n != 0) {
      sPropValue = n;
      return sPropValue;
    }
  }

  return sPropValue;
}

/* static */
bool
MessageManagerFuzzer::IsLoggingEnabled()
{
  static bool sInitialized = false;
  static bool sIsLoggingEnabled = false;

  if (!sInitialized) {
    sIsLoggingEnabled = !!PR_GetEnv("MESSAGEMANAGER_FUZZER_ENABLE_LOGGING");
    sInitialized = true;
  }

  return sIsLoggingEnabled;
}

/* static */
bool
MessageManagerFuzzer::IsEnabled()
{
  return !!PR_GetEnv("MESSAGEMANAGER_FUZZER_ENABLE") && XRE_IsContentProcess();
}

/* static */
void
MessageManagerFuzzer::TryMutate(JSContext* aCx,
                                const nsAString& aMessageName,
                                ipc::StructuredCloneData* aData,
                                const JS::Value& aTransfer)
{
  if (!IsEnabled()) {
    return;
  }

  if (IsMessageNameBlacklisted(aMessageName)) {
    MSGMGR_FUZZER_LOG("Blacklisted message: %s",
                      NS_ConvertUTF16toUTF8(aMessageName).get());
    return;
  }

  Mutate(aCx, aMessageName, aData, aTransfer);
}

} // namespace dom
} // namespace mozilla

Coverage Report

Created: 2018-09-25 14:53

Line	Count	Source (jump to first uncovered line)
1		/* -- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -- */
2		/* vim: set ts=8 sts=2 et sw=2 tw=80: */
3		/* This Source Code Form is subject to the terms of the Mozilla Public
4		* License, v. 2.0. If a copy of the MPL was not distributed with this
5		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7		#include <climits>
8		#include <cmath>
9		#include "FuzzingTraits.h"
10		#include "jsapi.h"
11		#include "jsfriendapi.h"
12		#include "js/CharacterEncoding.h"
13		#include "prenv.h"
14		#include "MessageManagerFuzzer.h"
15		#include "mozilla/ErrorResult.h"
16		#include "nsDebug.h"
17		#include "nsError.h"
18		#include "nsFrameMessageManager.h"
19		#include "nsJSUtils.h"
20		#include "nsXULAppAPI.h"
21		#include "nsNetCID.h"
22		#include "nsString.h"
23		#include "nsUnicharUtils.h"
24		#include "nsIFile.h"
25		#include "nsIFileStreams.h"
26		#include "nsILineInputStream.h"
27		#include "nsLocalFile.h"
28		#include "nsTArray.h"
29
30
31	0	#define MESSAGEMANAGER_FUZZER_DEFAULT_MUTATION_PROBABILITY 2
32		#define MSGMGR_FUZZER_LOG(fmt, args...) \
33	0	if (MessageManagerFuzzer::IsLoggingEnabled()) { \
34	0	printf_stderr("[MessageManagerFuzzer] " fmt "\n", ## args); \
35	0	}
36
37		namespace mozilla {
38		namespace dom {
39
40		using namespace fuzzing;
41		using namespace ipc;
42
43		/* static */
44		void
45		MessageManagerFuzzer::ReadFile(const char* path, nsTArray<nsCString> &aArray)
46	0	{
47	0	nsCOMPtr<nsIFile> file;
48	0	nsresult rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(path),
49	0	true,
50	0	getter_AddRefs(file));
51	0	NS_ENSURE_SUCCESS_VOID(rv);
52	0
53	0	bool exists = false;
54	0	rv = file->Exists(&exists);
55	0	if (NS_FAILED(rv) \|\| !exists) {
56	0	return;
57	0	}
58	0
59	0	nsCOMPtr<nsIFileInputStream> fileStream(
60	0	do_CreateInstance(NS_LOCALFILEINPUTSTREAM_CONTRACTID, &rv));
61	0	NS_ENSURE_SUCCESS_VOID(rv);
62	0
63	0	rv = fileStream->Init(file, -1, -1, false);
64	0	NS_ENSURE_SUCCESS_VOID(rv);
65	0
66	0	nsCOMPtr<nsILineInputStream> lineStream(do_QueryInterface(fileStream, &rv));
67	0	NS_ENSURE_SUCCESS_VOID(rv);
68	0
69	0	nsAutoCString line;
70	0	bool more = true;
71	0	do {
72	0	rv = lineStream->ReadLine(line, &more);
73	0	NS_ENSURE_SUCCESS_VOID(rv);
74	0	aArray.AppendElement(line);
75	0	} while (more);
76	0	}
77
78		/* static */
79		bool
80	0	MessageManagerFuzzer::IsMessageNameBlacklisted(const nsAString& aMessageName) {
81	0	static bool sFileLoaded = false;
82	0	static nsTArray<nsCString> valuesInFile;
83	0
84	0	if (!sFileLoaded) {
85	0	ReadFile(PR_GetEnv("MESSAGEMANAGER_FUZZER_BLACKLIST"), valuesInFile);
86	0	sFileLoaded = true;
87	0	}
88	0
89	0	if (valuesInFile.Length() == 0) {
90	0	return false;
91	0	}
92	0
93	0	return valuesInFile.Contains(NS_ConvertUTF16toUTF8(aMessageName).get());
94	0	}
95
96		/* static */
97		nsCString
98		MessageManagerFuzzer::GetFuzzValueFromFile()
99	0	{
100	0	static bool sFileLoaded = false;
101	0	static nsTArray<nsCString> valuesInFile;
102	0
103	0	if (!sFileLoaded) {
104	0	ReadFile(PR_GetEnv("MESSAGEMANAGER_FUZZER_STRINGSFILE"), valuesInFile);
105	0	sFileLoaded = true;
106	0	}
107	0
108	0	// If something goes wrong with importing the file we return an empty string.
109	0	if (valuesInFile.Length() == 0) {
110	0	return nsCString();
111	0	}
112	0
113	0	unsigned randIdx = RandomIntegerRange<unsigned>(0, valuesInFile.Length());
114	0	return valuesInFile.ElementAt(randIdx);
115	0	}
116
117
118		/* static */
119		void
120		MessageManagerFuzzer::MutateObject(JSContext* aCx,
121		JS::HandleValue aValue,
122		unsigned short int aRecursionCounter)
123	0	{
124	0	JS::Rooted<JSObject*> object(aCx, &aValue.toObject());
125	0	JS::Rooted<JS::IdVector> ids(aCx, JS::IdVector(aCx));
126	0
127	0	if (!JS_Enumerate(aCx, object, &ids)) {
128	0	return;
129	0	}
130	0
131	0	for (size_t i = 0, n = ids.length(); i < n; i++) {
132	0	// Retrieve Property name.
133	0	nsAutoJSString propName;
134	0	if (!propName.init(aCx, ids[i])) {
135	0	continue;
136	0	}
137	0	MSGMGR_FUZZER_LOG("%*s- Property: %s",
138	0	aRecursionCounter*4, "",
139	0	NS_ConvertUTF16toUTF8(propName).get());
140	0
141	0	// The likelihood when a value gets fuzzed of this object.
142	0	if (!FuzzingTraits::Sometimes(DefaultMutationProbability())) {
143	0	continue;
144	0	}
145	0
146	0	// Retrieve Property value.
147	0	JS::RootedValue propertyValue(aCx);
148	0	JS_GetPropertyById(aCx, object, ids[i], &propertyValue);
149	0
150	0	JS::RootedValue newPropValue(aCx);
151	0	MutateValue(aCx, propertyValue, &newPropValue, aRecursionCounter);
152	0
153	0	JS_SetPropertyById(aCx, object, ids[i], newPropValue);
154	0	}
155	0	}
156
157		/* static */
158		bool
159		MessageManagerFuzzer::MutateValue(JSContext* aCx,
160		JS::HandleValue aValue,
161		JS::MutableHandleValue aOutMutationValue,
162		unsigned short int aRecursionCounter)
163	0	{
164	0	if (aValue.isInt32()) {
165	0	if (FuzzingTraits::Sometimes(DefaultMutationProbability() * 2)) {
166	0	aOutMutationValue.set(JS::Int32Value(RandomNumericLimit<int>()));
167	0	} else {
168	0	aOutMutationValue.set(JS::Int32Value(RandomInteger<int>()));
169	0	}
170	0	MSGMGR_FUZZER_LOG("%*s! Mutated value of type \|int32\|: '%d' to '%d'",
171	0	aRecursionCounter * 4, "",
172	0	aValue.toInt32(), aOutMutationValue.toInt32());
173	0	return true;
174	0	}
175	0
176	0	if (aValue.isDouble()) {
177	0	aOutMutationValue.set(JS::DoubleValue(RandomFloatingPoint<double>()));
178	0	MSGMGR_FUZZER_LOG("%*s! Mutated value of type \|double\|: '%f' to '%f'",
179	0	aRecursionCounter * 4, "",
180	0	aValue.toDouble(), aOutMutationValue.toDouble());
181	0	return true;
182	0	}
183	0
184	0	if (aValue.isBoolean()) {
185	0	aOutMutationValue.set(JS::BooleanValue(bool(RandomIntegerRange(0, 2))));
186	0	MSGMGR_FUZZER_LOG("%*s! Mutated value of type \|boolean\|: '%d' to '%d'",
187	0	aRecursionCounter * 4, "",
188	0	aValue.toBoolean(), aOutMutationValue.toBoolean());
189	0	return true;
190	0	}
191	0
192	0	if (aValue.isString()) {
193	0	nsCString x = GetFuzzValueFromFile();
194	0	if (x.IsEmpty()) {
195	0	return false;
196	0	}
197	0	JSString* str = JS_NewStringCopyZ(aCx, x.get());
198	0	aOutMutationValue.set(JS::StringValue(str));
199	0	JS::RootedString rootedValue(aCx, aValue.toString());
200	0	JS::UniqueChars valueChars = JS_EncodeStringToUTF8(aCx, rootedValue);
201	0	MSGMGR_FUZZER_LOG("%*s! Mutated value of type \|string\|: '%s' to '%s'",
202	0	aRecursionCounter * 4, "",
203	0	valueChars.get(), x.get());
204	0	return true;
205	0	}
206	0
207	0	if (aValue.isObject()) {
208	0	aRecursionCounter++;
209	0	MSGMGR_FUZZER_LOG("%*s<Enumerating found object>",
210	0	aRecursionCounter * 4, "");
211	0	MutateObject(aCx, aValue, aRecursionCounter);
212	0	aOutMutationValue.set(aValue);
213	0	return true;
214	0	}
215	0
216	0	return false;
217	0	}
218
219		/* static */
220		bool
221		MessageManagerFuzzer::Mutate(JSContext* aCx,
222		const nsAString& aMessageName,
223		ipc::StructuredCloneData* aData,
224		const JS::Value& aTransfer)
225	0	{
226	0	MSGMGR_FUZZER_LOG("Message: %s in process: %d",
227	0	NS_ConvertUTF16toUTF8(aMessageName).get(),
228	0	XRE_GetProcessType());
229	0
230	0	unsigned short int aRecursionCounter = 0;
231	0	ErrorResult rv;
232	0	JS::RootedValue t(aCx, aTransfer);
233	0
234	0	/* Read original StructuredCloneData. */
235	0	JS::RootedValue scdContent(aCx);
236	0	aData->Read(aCx, &scdContent, rv);
237	0	if (NS_WARN_IF(rv.Failed())) {
238	0	rv.SuppressException();
239	0	JS_ClearPendingException(aCx);
240	0	return false;
241	0	}
242	0
243	0	JS::RootedValue scdMutationContent(aCx);
244	0	bool isMutated = MutateValue(aCx,
245	0	scdContent,
246	0	&scdMutationContent,
247	0	aRecursionCounter);
248	0
249	0	/* Write mutated StructuredCloneData. */
250	0	ipc::StructuredCloneData mutatedStructuredCloneData;
251	0	mutatedStructuredCloneData.Write(aCx, scdMutationContent, t, rv);
252	0	if (NS_WARN_IF(rv.Failed())) {
253	0	rv.SuppressException();
254	0	JS_ClearPendingException(aCx);
255	0	return false;
256	0	}
257	0
258	0	// See: https://bugzilla.mozilla.org/show_bug.cgi?id=1346040
259	0	aData->Copy(mutatedStructuredCloneData);
260	0
261	0	/* Mutated and successfully written to StructuredCloneData object. */
262	0	if (isMutated) {
263	0	JS::RootedString str(aCx, JS_ValueToSource(aCx, scdMutationContent));
264	0	JS::UniqueChars strChars = JS_EncodeStringToUTF8(aCx, str);
265	0	MSGMGR_FUZZER_LOG("Mutated '%s' Message: %s",
266	0	NS_ConvertUTF16toUTF8(aMessageName).get(),
267	0	strChars.get());
268	0	}
269	0
270	0	return true;
271	0	}
272
273		/* static */
274		unsigned int
275		MessageManagerFuzzer::DefaultMutationProbability()
276	0	{
277	0	static unsigned long sPropValue = MESSAGEMANAGER_FUZZER_DEFAULT_MUTATION_PROBABILITY;
278	0	static bool sInitialized = false;
279	0
280	0	if (sInitialized) {
281	0	return sPropValue;
282	0	}
283	0	sInitialized = true;
284	0
285	0	// Defines the likelihood of fuzzing a message.
286	0	const char* probability = PR_GetEnv("MESSAGEMANAGER_FUZZER_MUTATION_PROBABILITY");
287	0	if (probability) {
288	0	long n = std::strtol(probability, nullptr, 10);
289	0	if (n != 0) {
290	0	sPropValue = n;
291	0	return sPropValue;
292	0	}
293	0	}
294	0
295	0	return sPropValue;
296	0	}
297
298		/* static */
299		bool
300		MessageManagerFuzzer::IsLoggingEnabled()
301	0	{
302	0	static bool sInitialized = false;
303	0	static bool sIsLoggingEnabled = false;
304	0
305	0	if (!sInitialized) {
306	0	sIsLoggingEnabled = !!PR_GetEnv("MESSAGEMANAGER_FUZZER_ENABLE_LOGGING");
307	0	sInitialized = true;
308	0	}
309	0
310	0	return sIsLoggingEnabled;
311	0	}
312
313		/* static */
314		bool
315		MessageManagerFuzzer::IsEnabled()
316	0	{
317	0	return !!PR_GetEnv("MESSAGEMANAGER_FUZZER_ENABLE") && XRE_IsContentProcess();
318	0	}
319
320		/* static */
321		void
322		MessageManagerFuzzer::TryMutate(JSContext* aCx,
323		const nsAString& aMessageName,
324		ipc::StructuredCloneData* aData,
325		const JS::Value& aTransfer)
326	0	{
327	0	if (!IsEnabled()) {
328	0	return;
329	0	}
330	0
331	0	if (IsMessageNameBlacklisted(aMessageName)) {
332	0	MSGMGR_FUZZER_LOG("Blacklisted message: %s",
333	0	NS_ConvertUTF16toUTF8(aMessageName).get());
334	0	return;
335	0	}
336	0
337	0	Mutate(aCx, aMessageName, aData, aTransfer);
338	0	}
339
340		} // namespace dom
341		} // namespace mozilla