Bug 1455593 - BinAST multipart fuzzing changes. r?yoric
MozReview-Commit-ID: LmMRoNhHN3j
--- a/js/src/frontend/BinTokenReaderBase.h
+++ b/js/src/frontend/BinTokenReaderBase.h
@@ -104,19 +104,24 @@ class MOZ_STACK_CLASS BinTokenReaderBase
MOZ_MUST_USE bool matchConst(const char (&value)[N], bool expectNul) {
MOZ_ASSERT(N > 0);
MOZ_ASSERT(value[N - 1] == 0);
MOZ_ASSERT(!cx_->isExceptionPending());
if (current_ + N - 1 > stop_)
return false;
+#ifndef FUZZING
// Perform lookup, without side-effects.
+ // For fuzzing, we disable this check to avoid spending unnecessary
+ // time on getting the constants right. Instead, the constant fields
+ // may contain any data for such builds.
if (!std::equal(current_, current_ + N + (expectNul ? 0 : -1)/*implicit NUL*/, value))
return false;
+#endif
// Looks like we have a match. Now perform side-effects
current_ += N + (expectNul ? 0 : -1);
updateLatestKnownGood();
return true;
}
void updateLatestKnownGood();
@@ -143,9 +148,9 @@ class MOZ_STACK_CLASS BinTokenReaderBase
BinTokenReaderBase(const BinTokenReaderBase&) = delete;
BinTokenReaderBase(BinTokenReaderBase&&) = delete;
BinTokenReaderBase& operator=(BinTokenReaderBase&) = delete;
};
} // namespace frontend
} // namespace js
-#endif // frontend_BinTokenReaderBase_h
\ No newline at end of file
+#endif // frontend_BinTokenReaderBase_h
--- a/js/src/fuzz-tests/testBinASTReader.cpp
+++ b/js/src/fuzz-tests/testBinASTReader.cpp
@@ -51,17 +51,17 @@ testBinASTReaderFuzz(const uint8_t* buf,
}
js::frontend::UsedNameTracker binUsedNames(gCx);
if (!binUsedNames.init()) {
ReportOutOfMemory(gCx);
return 0;
}
- js::frontend::BinASTParser<js::frontend::BinTokenReaderTester> reader(gCx, gCx->tempLifoAlloc(), binUsedNames, options);
+ js::frontend::BinASTParser<js::frontend::BinTokenReaderMultipart> reader(gCx, gCx->tempLifoAlloc(), binUsedNames, options);
// Will be deallocated once `reader` goes out of scope.
auto binParsed = reader.parse(binSource);
RootedValue binExn(gCx);
if (binParsed.isErr()) {
js::GetAndClearException(gCx, &binExn);
return 0;
}
--- a/js/src/moz.build
+++ b/js/src/moz.build
@@ -714,19 +714,21 @@ if CONFIG['JS_BUILD_BINAST']:
'frontend/BinSource.cpp',
'frontend/BinToken.cpp',
'frontend/BinTokenReaderBase.cpp',
'frontend/BinTokenReaderMultipart.cpp',
]
# Instrument BinAST files for fuzzing as we have a fuzzing target for BinAST.
if CONFIG['FUZZING_INTERFACES'] and CONFIG['LIBFUZZER']:
+ SOURCES['frontend/BinSource-auto.cpp'].flags += libfuzzer_flags_cmp
SOURCES['frontend/BinSource.cpp'].flags += libfuzzer_flags_cmp
SOURCES['frontend/BinToken.cpp'].flags += libfuzzer_flags_cmp
- SOURCES['frontend/BinTokenReaderTester.cpp'].flags += libfuzzer_flags_cmp
+ SOURCES['frontend/BinTokenReaderBase.cpp'].flags += libfuzzer_flags_cmp
+ SOURCES['frontend/BinTokenReaderMultipart.cpp'].flags += libfuzzer_flags_cmp
# Wasm code should use WASM_HUGE_MEMORY instead of JS_CODEGEN_X64
# so that it is easy to use the huge-mapping optimization for other
# 64-bit platforms in the future.
if CONFIG['JS_CODEGEN_X64'] or CONFIG['JS_CODEGEN_ARM64']:
DEFINES['WASM_HUGE_MEMORY'] = True