diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-01-26 21:26:07 +0100 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-02-08 23:32:18 +0100 |
commit | 91d9f5d658d646e1ad1c0b3a28a9bba0094a44c6 (patch) | |
tree | bddbc08072e3baefc28563eecaa70251f56b19c6 /js/src/vm/Xdr.h | |
parent | a8d25a2ed6e6306fb073578158572b04749f7891 (diff) | |
download | uxp-91d9f5d658d646e1ad1c0b3a28a9bba0094a44c6.tar.gz |
Make XDR decoding more robust.
Diffstat (limited to 'js/src/vm/Xdr.h')
-rw-r--r-- | js/src/vm/Xdr.h | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/js/src/vm/Xdr.h b/js/src/vm/Xdr.h index 8e8c5bf177..2a5c624805 100644 --- a/js/src/vm/Xdr.h +++ b/js/src/vm/Xdr.h @@ -143,13 +143,17 @@ class XDRState { template <typename T> bool codeEnum32(T* val, typename mozilla::EnableIf<mozilla::IsEnum<T>::value, T>::Type * = NULL) { + // Mix the enumeration value with a random magic number, such that a + // corruption with a low-ranged value (like 0) is less likely to cause a + // miss-interpretation of the XDR content and instead cause a failure. + const uint32_t MAGIC = 0xAF647BCE; uint32_t tmp; if (mode == XDR_ENCODE) - tmp = uint32_t(*val); + tmp = uint32_t(*val) ^ MAGIC; if (!codeUint32(&tmp)) return false; if (mode == XDR_DECODE) - *val = T(tmp); + *val = T(tmp ^ MAGIC); return true; } @@ -167,6 +171,18 @@ class XDRState { return true; } + bool codeMarker(uint32_t magic) { + uint32_t actual = magic; + if (!codeUint32(&actual)) + return false; + if (actual != magic) { + // Fail in debug, but only soft-fail in release + MOZ_ASSERT(false, "Bad XDR marker"); + return fail(JS::TranscodeResult_Failure_BadDecode); + } + return true; + } + bool codeBytes(void* bytes, size_t len) { if (len == 0) return true; |