Cleanup XDR handling of js::ImmutableScriptData
Categories
(Core :: JavaScript Engine, task, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox93 | --- | fixed |
People
(Reporter: tcampbell, Assigned: tcampbell)
References
(Blocks 1 open bug)
Details
Attachments
(5 files)
A few patches to clean up the XDR code for ImmutableScriptData as well as harden XDR coding further again memory/disk corruption.
Assignee | ||
Comment 1•3 years ago
|
||
Harden XDR code against memory / disk corruption by using the codeEnum32
helper instead of small integers. This is only once per CompilationStencil
so
size impact is neglible.
Assignee | ||
Comment 2•3 years ago
|
||
This function is only being used in that file now, so move the code and mark it
as static.
Depends on D122153
Assignee | ||
Comment 3•3 years ago
|
||
Transcoding the SharedImmutableScriptData and ImmutableScriptData together gives
more flexibility. A later patch will support handling a nullptr sisd
by coding
a length of zero instead.
Depends on D122154
Assignee | ||
Comment 4•3 years ago
|
||
When transcoding a js::frontend::SharedDataContainer that is in "vector"
configuration, we may encounter nullptrs in the vector. Instead of coding a byte
for each entry to determine if it is nullptr or not, start coding the
ImmutableScriptData size with a value of zero. In "vector" mode, this container
is dense and most entries are non-nullptr with a non-zero size anyways. Overall,
this should reduce the size of XDR data needed by removing the is-empty byte and
associated alignment padding.
Depends on D122155
Assignee | ||
Comment 5•3 years ago
|
||
In Bug 1710984 we added extra checks to avoid certain crashes that looked like
memory corruption. This patch makes those checks slightly more robust by
checking the 'optional-offsets' array is in-bounds before dereferencing it for
the rest of the checks.
Depends on D122156
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 6•3 years ago
|
||
Here is an example of the crash that the last patch helps: https://crash-stats.mozilla.org/report/index/b4dcfd9a-9117-4e8a-bd09-2533e0210809
Comment 8•3 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/f1ad83b1e704
https://hg.mozilla.org/mozilla-central/rev/019d13cbb22f
https://hg.mozilla.org/mozilla-central/rev/58f3627453a7
https://hg.mozilla.org/mozilla-central/rev/5fdc6f93f436
https://hg.mozilla.org/mozilla-central/rev/efefbf74d3fc
Description
•