/work/obj-fuzz/dist/include/mozilla/Poison.h

Source (jump to first uncovered line)
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/*
 * A poison value that can be used to fill a memory space with
 * an address that leads to a safe crash when dereferenced.
 */

#ifndef mozilla_Poison_h
#define mozilla_Poison_h

#include "mozilla/Assertions.h"
#include "mozilla/Types.h"

#include <stdint.h>
#include <string.h>

MOZ_BEGIN_EXTERN_C

extern MFBT_DATA uintptr_t gMozillaPoisonValue;

/**
 * @return the poison value.
 */
inline uintptr_t mozPoisonValue()
{
  return gMozillaPoisonValue;
}

/**
 * Overwrite the memory block of aSize bytes at aPtr with the poison value.
 * aPtr MUST be aligned at a sizeof(uintptr_t) boundary.
 * Only an even number of sizeof(uintptr_t) bytes are overwritten, the last
 * few bytes (if any) is not overwritten.
 */
inline void mozWritePoison(void* aPtr, size_t aSize)
{
  const uintptr_t POISON = mozPoisonValue();
  char* p = (char*)aPtr;
  char* limit = p + (aSize & ~(sizeof(uintptr_t) - 1));
  MOZ_ASSERT(aSize >= sizeof(uintptr_t), "poisoning this object has no effect");
  for (; p < limit; p += sizeof(uintptr_t)) {
    memcpy(p, &POISON, sizeof(POISON));
  }
}

/**
 * Initialize the poison value.
 * This should only be called once.
 */
extern MFBT_API void mozPoisonValueInit();

/* Values annotated by CrashReporter */
extern MFBT_DATA uintptr_t gMozillaPoisonBase;
extern MFBT_DATA uintptr_t gMozillaPoisonSize;

MOZ_END_EXTERN_C

#if defined(__cplusplus)

namespace mozilla {

/**
 * A version of CorruptionCanary that is suitable as a member of objects that
 * are statically allocated.
 */
class CorruptionCanaryForStatics {
public:
  constexpr CorruptionCanaryForStatics()
    : mValue(kCanarySet)
  {
  }

  // This is required to avoid static constructor bloat.
  ~CorruptionCanaryForStatics() = default;

  void Check() const {
    if (mValue != kCanarySet) {
      MOZ_CRASH("Canary check failed, check lifetime");
    }
  }

protected:
  uintptr_t mValue;

private:
  static const uintptr_t kCanarySet = 0x0f0b0f0b;
};


/**
 * This class is designed to cause crashes when various kinds of memory
 * corruption are observed. For instance, let's say we have a class C where we
 * suspect out-of-bounds writes to some members.  We can insert a member of type
 * Poison near the members we suspect are being corrupted by out-of-bounds
 * writes.  Or perhaps we have a class K we suspect is subject to use-after-free
 * violations, in which case it doesn't particularly matter where in the class
 * we add the member of type Poison.
 *
 * In either case, we then insert calls to Check() throughout the code.  Doing
 * so enables us to narrow down the location where the corruption is occurring.
 * A pleasant side-effect of these additional Check() calls is that crash
 * signatures may become more regular, as crashes will ideally occur
 * consolidated at the point of a Check(), rather than scattered about at
 * various uses of the corrupted memory.
 */
class CorruptionCanary : public CorruptionCanaryForStatics {
public:
  constexpr CorruptionCanary() = default;

  ~CorruptionCanary() {
    Check();
    mValue = mozPoisonValue();
  }
};

} // mozilla

#endif

#endif /* mozilla_Poison_h */

Line	Count	Source (jump to first uncovered line)
1		/* -- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -- */
2		/* vim: set ts=8 sts=2 et sw=2 tw=80: */
3		/* This Source Code Form is subject to the terms of the Mozilla Public
4		* License, v. 2.0. If a copy of the MPL was not distributed with this
5		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7		/*
8		* A poison value that can be used to fill a memory space with
9		* an address that leads to a safe crash when dereferenced.
10		*/
11
12		#ifndef mozilla_Poison_h
13		#define mozilla_Poison_h
14
15		#include "mozilla/Assertions.h"
16		#include "mozilla/Types.h"
17
18		#include <stdint.h>
19		#include <string.h>
20
21		MOZ_BEGIN_EXTERN_C
22
23		extern MFBT_DATA uintptr_t gMozillaPoisonValue;
24
25		/**
26		* @return the poison value.
27		*/
28		inline uintptr_t mozPoisonValue()
29		{
30		return gMozillaPoisonValue;
31		}
32
33		/**
34		* Overwrite the memory block of aSize bytes at aPtr with the poison value.
35		* aPtr MUST be aligned at a sizeof(uintptr_t) boundary.
36		* Only an even number of sizeof(uintptr_t) bytes are overwritten, the last
37		* few bytes (if any) is not overwritten.
38		*/
39		inline void mozWritePoison(void* aPtr, size_t aSize)
40	816	{
41	816	const uintptr_t POISON = mozPoisonValue();
42	816	char* p = (char*)aPtr;
43	816	char* limit = p + (aSize & ~(sizeof(uintptr_t) - 1));
44	816	MOZ_ASSERT(aSize >= sizeof(uintptr_t), "poisoning this object has no effect");
45	25.9k	for (; p < limit; p += sizeof(uintptr_t)) {
46	25.1k	memcpy(p, &POISON, sizeof(POISON));
47	25.1k	}
48	816	}
49
50		/**
51		* Initialize the poison value.
52		* This should only be called once.
53		*/
54		extern MFBT_API void mozPoisonValueInit();
55
56		/* Values annotated by CrashReporter */
57		extern MFBT_DATA uintptr_t gMozillaPoisonBase;
58		extern MFBT_DATA uintptr_t gMozillaPoisonSize;
59
60		MOZ_END_EXTERN_C
61
62		#if defined(__cplusplus)
63
64		namespace mozilla {
65
66		/**
67		* A version of CorruptionCanary that is suitable as a member of objects that
68		* are statically allocated.
69		*/
70		class CorruptionCanaryForStatics {
71		public:
72		constexpr CorruptionCanaryForStatics()
73		: mValue(kCanarySet)
74	0	{
75	0	}
76
77		// This is required to avoid static constructor bloat.
78		~CorruptionCanaryForStatics() = default;
79
80	23.5M	void Check() const {
81	23.5M	if (mValue != kCanarySet) {
82	0	MOZ_CRASH("Canary check failed, check lifetime");
83	0	}
84	23.5M	}
85
86		protected:
87		uintptr_t mValue;
88
89		private:
90		static const uintptr_t kCanarySet = 0x0f0b0f0b;
91		};
92
93
94		/**
95		* This class is designed to cause crashes when various kinds of memory
96		* corruption are observed. For instance, let's say we have a class C where we
97		* suspect out-of-bounds writes to some members. We can insert a member of type
98		* Poison near the members we suspect are being corrupted by out-of-bounds
99		* writes. Or perhaps we have a class K we suspect is subject to use-after-free
100		* violations, in which case it doesn't particularly matter where in the class
101		* we add the member of type Poison.
102		*
103		* In either case, we then insert calls to Check() throughout the code. Doing
104		* so enables us to narrow down the location where the corruption is occurring.
105		* A pleasant side-effect of these additional Check() calls is that crash
106		* signatures may become more regular, as crashes will ideally occur
107		* consolidated at the point of a Check(), rather than scattered about at
108		* various uses of the corrupted memory.
109		*/
110		class CorruptionCanary : public CorruptionCanaryForStatics {
111		public:
112	181	constexpr CorruptionCanary() = default;
113
114	0	~CorruptionCanary() {
115	0	Check();
116	0	mValue = mozPoisonValue();
117	0	}
118		};
119
120		} // mozilla
121
122		#endif
123
124		#endif /* mozilla_Poison_h */

Coverage Report

Created: 2018-09-25 14:53