KotJohansson/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-05-26 14:30:27 +00:00
Code Issues Projects Releases Wiki Activity
Files
master
palemoon27/mfbt/Poison.cpp
T
roytam1 67e04cfead import changes from `dev' branch of rmottola/Arctic-Fox: 
- Bug 1236750 - Introduce a new unit type CSSTransformedLayerPixel. r=kats (4e9bba3d19)
- Bug 1236750 - Add a ViewAs() overload for casting (with a justification) one typed matrix to another. r=kats (c48e143508)
- Bug 1236750 - Add some specialized typedefs of Matrix4x4 to represent layer transform matrices. r=kats (cc50113c98)
- Bug 1239300 - reject promise with null while creating imagebitmap from empty blob; r=smaug (bff7483bf1)
- Bug 1233056 - Long tapping on a link will select a different link from the page r=tnikkel (3a727b33c1)
- Bug 1245674. Null-check mGlobal before dereferencing it in one more place in Promise code. r=smaug (68cf5312dc)
- Bug 1236750 - Use strongly-typed matrices to represent layer transforms in APZ code. r=kats (63931eb2a1)
- Bug 1236750 - Add typed getters for layer transform matrices. r=kats (baef978fe1)
- Bug 1147673 - Relax the ancestor transform assertion a little. r=kats (ec9ce47ba4)
- Bug 1154161 Initialize WidgetQueryContentEvent::mReply r=smaug (6086291313)
- Bug 1240921 - Use nsAutoTArray in nsStyleSet::RuleNodeWithReplacement. r=bz. (66f6823b46)
- Bug 1229437 part 1 - Add a helper function to get the float containing block of a given frame. r=dbaron (72de452e5d)
- Bug 1229437 part 2 - Reparent floats inside pulled ruby segment. r=dbaron (82cc44632d)
- Bug 1229437 part 3 - Support iterating frames of RubyColumn. r=dholbert (5d43e7f6ff)
- Bug 1229437 part 4 - Reparent floats inside pulled ruby column. r=dbaron (4c1a7ff20b)
- Bug 1229437 part 5 - Add crashtests for this bug. r=dbaron (6afabe1604)
- Bug 1229437 followup - Fix sign-compare error in RubyColumn::Iterator on CLOSED TREE. (e93453d00a)
- Bug 1229437 followup 2 - Fix another sign-compare error in RubyColumn::Iterator on CLOSED TREE. (c0bf6a2a7b)
- Bug 1229437 followup 3 - Fix a mistake in RubyColumn::Iterator::SkipUntilExistingFrame(). a=me (1ce408e194)
- bits of Bug 1072150 - Use the opt-out for various sloppy consumers (29d97c59ca)
- Make test_bug946632 compatible with asynchronous scrolling. (bug 1140293, r=mstange) (e975a8350c)
- fix misspatch of 1072150 (a3e580fa4b)
- Bug 686281 - Implement nsStyleImageLayers; r=dbaron (85bb33c8e6)
- Bug 686281 - Rename *background* to *imagelayer*; r=dbaron. (36d90f112d)
- Bug 1230034 part 4 - Make FramePropertyDescriptor to be a template. r=froydnj,dbaron (271cd19b6e)
- Bug 1230034 part 5 - Convert all frame properties which use DeleteValue and ReleaseValue as destructor to be typesafe. r=dbaron (efc8d63c9d)
- Bug 1230034 part 6 - Convert all frame properties which do not hold pointer to be typed. r=dbaron (b5541775f7)
- Bug 1230034 part 7 - Convert nsIFrame::GenConProperty to be typed. r=dbaron (2b71527b2c)
- Bug 1230034 part 8 - Convert frame properties which assert on destructor to be typed. r=dbaron (0f125a3414)
- Bug 1230034 part 9 - Convert FrameLayerBuilder::LayerManagerDataProperty to be typed. r=dbaron (1147498c2f)
- Bug 1230034 part 10 - Convert remaining frame properties to by typed and remove the unsafe declaring macro. r=dbaron (d59d94eac4)
- Bug 1072501: Unmap file mapping on source surface destruction. r=jrmuizel (19fd63890a)
- Bug 1235613 - Make gfxCriticalError/Note strings in gfx/ unique. r=jrmuizel (780c6ff862)
- Bug 1247535 - Fix -Wunreachable-code warning in mfbt/Poison.cpp. r=froydnj (0e7cf60b6d)
- Bug 1239479: Add comments to mfbt/XorShift128PlusRNG.h from the RNG's designer. DONTBUILD r=Waldo (bb674b07ce)
- Add an assertion message to the assert-is-empty in LinkedList::~LinkedList, to indicate to users who hit it that it's the fault of the caller, not the fault of MFBT code. No bug, rs=froydnj (4cad80874c)
- Bug 1221103 - Add a comment to nsIChannel::securityInfo noting that this info may appear on non-nsHttpChannels and how that may happen. r=bz IGNORE IDL (cd9cebc3f2)
- Bug 1001765 - Make login credentials in Saved Passwords manager editable. r=MattN (09eec4f6f8)
- Bug 1188478 - Add an Import button to the password manager to open the browser migrator. r=dolske (d1126a89fc)
- Bug 1199382 - Rename some strings from "password" to "login" in preferences and the manager. r=markh (60638f5e2a)
- Bug 1207733 - Update @disabled on the Remove Password button when selection changes. r=MattN (64ac9f22f6)
- bits of 1124472 and 1166840 (26e2681183)
- Bug 1219707 - fix argument passing to migration.js, r=jaws (55d332f5c6)
- bug 1215657 - make AccessibleWrap::get_accSelection work with proxies=davidb (4e72111032)
- fix missing telemetry entry (4fcfabb3e6)
and follow-up API changes of TFF#493.
2023-11-09 16:35:18 +08:00

209 lines
5.1 KiB
C++
Raw Permalink Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* A poison value that can be used to fill a memory space with
* an address that leads to a safe crash when dereferenced.
*/
#include "mozilla/Poison.h"
#include "mozilla/Assertions.h"
#ifdef _WIN32
# include <windows.h>
#elif !defined(__OS2__)
# include <unistd.h>
# include <sys/mman.h>
# ifndef MAP_ANON
# ifdef MAP_ANONYMOUS
# define MAP_ANON MAP_ANONYMOUS
# else
# error "Don't know how to get anonymous memory"
# endif
# endif
#endif
extern "C" {
uintptr_t gMozillaPoisonValue;
uintptr_t gMozillaPoisonBase;
uintptr_t gMozillaPoisonSize;
}
// Freed memory is filled with a poison value, which we arrange to
// form a pointer either to an always-unmapped region of the address
// space, or to a page that has been reserved and rendered
// inaccessible via OS primitives. See tests/TestPoisonArea.cpp for
// extensive discussion of the requirements for this page. The code
// from here to 'class FreeList' needs to be kept in sync with that
// file.
#ifdef _WIN32
static void*
ReserveRegion(uintptr_t aRegion, uintptr_t aSize)
{
return VirtualAlloc((void*)aRegion, aSize, MEM_RESERVE, PAGE_NOACCESS);
}
static void
ReleaseRegion(void* aRegion, uintptr_t aSize)
{
VirtualFree(aRegion, aSize, MEM_RELEASE);
}
static bool
ProbeRegion(uintptr_t aRegion, uintptr_t aSize)
{
SYSTEM_INFO sinfo;
GetSystemInfo(&sinfo);
if (aRegion >= (uintptr_t)sinfo.lpMaximumApplicationAddress &&
aRegion + aSize >= (uintptr_t)sinfo.lpMaximumApplicationAddress) {
return true;
} else {
return false;
}
}
static uintptr_t
GetDesiredRegionSize()
{
SYSTEM_INFO sinfo;
GetSystemInfo(&sinfo);
return sinfo.dwAllocationGranularity;
}
#define RESERVE_FAILED 0
#elif defined(__OS2__)
static void*
ReserveRegion(uintptr_t aRegion, uintptr_t aSize)
{
// OS/2 doesn't support allocation at an arbitrary address,
// so return an address that is known to be invalid.
return (void*)0xFFFD0000;
}
static void
ReleaseRegion(void* aRegion, uintptr_t aSize)
{
return;
}
static bool
ProbeRegion(uintptr_t aRegion, uintptr_t aSize)
{
// There's no reliable way to probe an address in the system
// arena other than by touching it and seeing if a trap occurs.
return false;
}
static uintptr_t
GetDesiredRegionSize()
{
// Page size is fixed at 4k.
return 0x1000;
}
#define RESERVE_FAILED 0
#else // Unix
#include "mozilla/TaggedAnonymousMemory.h"
static void*
ReserveRegion(uintptr_t aRegion, uintptr_t aSize)
{
return MozTaggedAnonymousMmap(reinterpret_cast<void*>(aRegion), aSize,
PROT_NONE, MAP_PRIVATE|MAP_ANON, -1, 0,
"poison");
}
static void
ReleaseRegion(void* aRegion, uintptr_t aSize)
{
munmap(aRegion, aSize);
}
static bool
ProbeRegion(uintptr_t aRegion, uintptr_t aSize)
{
if (madvise(reinterpret_cast<void*>(aRegion), aSize, MADV_NORMAL)) {
return true;
} else {
return false;
}
}
static uintptr_t
GetDesiredRegionSize()
{
return sysconf(_SC_PAGESIZE);
}
#define RESERVE_FAILED MAP_FAILED
#endif // system dependencies
static_assert(sizeof(uintptr_t) == 4 || sizeof(uintptr_t) == 8, "");
static_assert(sizeof(uintptr_t) == sizeof(void*), "");
static uintptr_t
ReservePoisonArea(uintptr_t rgnsize)
{
if (sizeof(uintptr_t) == 8) {
// Use the hardware-inaccessible region.
// We have to avoid 64-bit constants and shifts by 32 bits, since this
// code is compiled in 32-bit mode, although it is never executed there.
return
(((uintptr_t(0x7FFFFFFFu) << 31) << 1 | uintptr_t(0xF0DEAFFFu))
& ~(rgnsize-1));
}
// First see if we can allocate the preferred poison address from the OS.
uintptr_t candidate = (0xF0DEAFFF & ~(rgnsize-1));
void* result = ReserveRegion(candidate, rgnsize);
if (result == (void*)candidate) {
// success - inaccessible page allocated
return candidate;
}
// That didn't work, so see if the preferred address is within a range
// of permanently inacessible memory.
if (ProbeRegion(candidate, rgnsize)) {
// success - selected page cannot be usable memory
if (result != RESERVE_FAILED) {
ReleaseRegion(result, rgnsize);
}
return candidate;
}
// The preferred address is already in use. Did the OS give us a
// consolation prize?
if (result != RESERVE_FAILED) {
return uintptr_t(result);
}
// It didn't, so try to allocate again, without any constraint on
// the address.
result = ReserveRegion(0, rgnsize);
if (result != RESERVE_FAILED) {
return uintptr_t(result);
}
MOZ_CRASH("no usable poison region identified");
}
void
mozPoisonValueInit()
{
gMozillaPoisonSize = GetDesiredRegionSize();
gMozillaPoisonBase = ReservePoisonArea(gMozillaPoisonSize);
if (gMozillaPoisonSize == 0) { // can't happen
return;
}
gMozillaPoisonValue = gMozillaPoisonBase + gMozillaPoisonSize / 2 - 1;
}
Reference in New Issue View Git Blame Copy Permalink