Audit JSAPI and add jsapi-tests for large ArrayBuffers
Categories
(Core :: JavaScript Engine, task, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox87 | --- | fixed |
People
(Reporter: jandem, Assigned: jandem)
References
Details
Attachments
(13 files)
|
(deleted),
text/x-phabricator-request
|
Details | |
|
(deleted),
text/x-phabricator-request
|
Details | |
|
(deleted),
text/x-phabricator-request
|
Details | |
|
(deleted),
text/x-phabricator-request
|
Details | |
|
(deleted),
text/x-phabricator-request
|
Details | |
|
(deleted),
text/x-phabricator-request
|
Details | |
|
(deleted),
text/x-phabricator-request
|
Details | |
|
(deleted),
text/x-phabricator-request
|
Details | |
|
(deleted),
text/x-phabricator-request
|
Details | |
|
(deleted),
text/x-phabricator-request
|
Details | |
|
(deleted),
text/x-phabricator-request
|
Details | |
|
Bug 1674777 part 12 - Add test for XPConnect array conversions involving large typed arrays. r?kmag!
(deleted),
text/x-phabricator-request
|
Details | |
|
(deleted),
text/x-phabricator-request
|
Details |
This is not the most urgent thing to address for bug 1673557, but we should ensure we have proper tests for this eventually.
Especially the APIs that don't go through the internal accessors are easy to overlook in an audit.
|
Assignee | |
Comment 1•4 years ago
|
||
A later patch will add a jsapi-test for this.
|
||
Updated•4 years ago
|
|
|
Assignee | |
Comment 2•4 years ago
|
||
Depends on D103273
|
|
Assignee | |
Comment 3•4 years ago
|
||
Depends on D103274
|
|
Assignee | |
Comment 4•4 years ago
|
||
Of these four, only JS_GetTypedArrayByteLength is used outside jsapi-tests.
|
|
Assignee | |
Updated•4 years ago
|
Pushed by jdemooij@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d55cbd2be32d part 1 - Change JS::NewArrayBuffer and JS_New*Array size argument from uint32_t to size_t. r=sfink https://hg.mozilla.org/integration/autoland/rev/f330737adc50 part 2 - Enable large ArrayBuffers for jsapi-tests. r=sfink https://hg.mozilla.org/integration/autoland/rev/5539557bbfd3 part 3 - Change Get*LengthAndData outparam from uint32_t to size_t. r=sfink,aosmond https://hg.mozilla.org/integration/autoland/rev/94684c2cfbc4 part 4 - Change some JSAPI byteLength and byteOffset accessors to return size_t instead of uint32_t. r=sfink
|
||
Comment 6•4 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 7•4 years ago
|
||
Note that in the IndexedDB code we pass a Span to Key::EncodeAsString where we check
for large lengths.
|
|
Assignee | |
Comment 8•4 years ago
|
||
There's only one caller outside jsapi-tests so these are easy to convert.
Depends on D103679
Pushed by jdemooij@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b142ae1ffe74 part 5 - Change GetObjectAs* APIs to use size_t for outparam instead of uint32_t. r=sfink,sg
|
|
Assignee | |
Comment 10•4 years ago
|
||
We're adding support for ArrayBuffers larger than 4 GB to the JS engine (on 64-bit
platforms).
ReadArrayBuffer uses uint32_t values in a number of places. This patch ensures we
throw an exception for code like this: stream.readArrayBuffer(ab.byteLength, ab, ...)).
|
|
Assignee | |
Comment 11•4 years ago
|
||
Similar to the previous patch. Prevent truncation when assigning to mBufferLength.
Depends on D103759
|
|
Assignee | |
Comment 12•4 years ago
|
||
Note that previous patches already fixed various other callers.
Depends on D103760
|
||
Comment 13•4 years ago
|
||
| bugherder | ||
|
|
||
Updated•4 years ago
|
|
|
Assignee | |
Comment 14•4 years ago
|
||
For enumerateNames on Xrays, throw an OOM exception upfront. This matches what we do
inside the JS engine when enumerating large typed arrays.
|
|
Assignee | |
Comment 15•4 years ago
|
||
The callers in AudioWorkletNode.cpp are just comparing the length to the expected length
to guard against detachment.
Depends on D103902
|
|
Assignee | |
Comment 16•4 years ago
|
||
|
|
Assignee | |
Comment 17•4 years ago
|
||
Also change wasmMaxSize and wasmMappedSize to use 'get' instead of 'deprecatedGetUint32'.
|
||
Comment 18•4 years ago
|
||
Pushed by jdemooij@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d4bd35d3c25d part 6 - Change SharedArrayBuffer APIs to use size_t instead of uint32_t. r=lth
|
|
||
Comment 19•4 years ago
|
||
| bugherder | ||
|
|
||
Comment 20•4 years ago
|
||
Pushed by jdemooij@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/031bc0b1e8e5 part 7 - Change nsIBinaryInputStream.readArrayBuffer to use uint64_t instead of uint32_t. r=kmag https://hg.mozilla.org/integration/autoland/rev/e23dca0763fc part 8 - Change nsIArrayBufferInputStream.setData arguments from uint32_t to uint64_t. r=kmag https://hg.mozilla.org/integration/autoland/rev/42239f7a0ddf part 9 - Change GetArrayBufferByteLength return type from uint32_t to size_t. r=sfink
|
|
||
Comment 21•4 years ago
|
||
Pushed by jdemooij@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/03c71d1fa7f8 part 10 - Fix XPConnect callers for JS_GetTypedArrayLength returning size_t. r=kmag https://hg.mozilla.org/integration/autoland/rev/ce348dc69837 part 11 - Change JS_GetTypedArrayLength return type from uint32_t to size_t. r=sfink https://hg.mozilla.org/integration/autoland/rev/a5b7b61ae148 part 12 - Add test for XPConnect array conversions involving large typed arrays. r=kmag https://hg.mozilla.org/integration/autoland/rev/f34c46915ae1 part 13 - Remove deprecatedGetUint32. r=lth
|
|
Assignee | |
Updated•4 years ago
|
|
||
Comment 22•4 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/031bc0b1e8e5
https://hg.mozilla.org/mozilla-central/rev/e23dca0763fc
https://hg.mozilla.org/mozilla-central/rev/42239f7a0ddf
|
|
||
Comment 23•4 years ago
|
||
| bugherder | ||
Description
•