Bug 1635217 [wpt PR 23388] - Add WPT tests for bug 1074317, a=testonly
[gecko.git] / mfbt / Poison.h
blobd184a8da26706312a8290f35bce4a6031b309ecf
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 /*
8 * A poison value that can be used to fill a memory space with
9 * an address that leads to a safe crash when dereferenced.
12 #ifndef mozilla_Poison_h
13 #define mozilla_Poison_h
15 #include "mozilla/Assertions.h"
16 #include "mozilla/Types.h"
18 #include <stdint.h>
19 #include <string.h>
21 MOZ_BEGIN_EXTERN_C
23 extern MFBT_DATA uintptr_t gMozillaPoisonValue;
25 /**
26 * @return the poison value.
28 inline uintptr_t mozPoisonValue() { return gMozillaPoisonValue; }
30 /**
31 * Overwrite the memory block of aSize bytes at aPtr with the poison value.
32 * aPtr MUST be aligned at a sizeof(uintptr_t) boundary.
33 * Only an even number of sizeof(uintptr_t) bytes are overwritten, the last
34 * few bytes (if any) is not overwritten.
36 inline void mozWritePoison(void* aPtr, size_t aSize) {
37 const uintptr_t POISON = mozPoisonValue();
38 char* p = (char*)aPtr;
39 char* limit = p + (aSize & ~(sizeof(uintptr_t) - 1));
40 MOZ_ASSERT(aSize >= sizeof(uintptr_t), "poisoning this object has no effect");
41 for (; p < limit; p += sizeof(uintptr_t)) {
42 memcpy(p, &POISON, sizeof(POISON));
46 /**
47 * Initialize the poison value.
48 * This should only be called once.
50 extern MFBT_API void mozPoisonValueInit();
52 /* Values annotated by CrashReporter */
53 extern MFBT_DATA uintptr_t gMozillaPoisonBase;
54 extern MFBT_DATA uintptr_t gMozillaPoisonSize;
56 MOZ_END_EXTERN_C
58 #if defined(__cplusplus)
60 namespace mozilla {
62 /**
63 * A version of CorruptionCanary that is suitable as a member of objects that
64 * are statically allocated.
66 class CorruptionCanaryForStatics {
67 public:
68 constexpr CorruptionCanaryForStatics() : mValue(kCanarySet) {}
70 // This is required to avoid static constructor bloat.
71 ~CorruptionCanaryForStatics() = default;
73 void Check() const {
74 if (mValue != kCanarySet) {
75 MOZ_CRASH("Canary check failed, check lifetime");
79 protected:
80 uintptr_t mValue;
82 private:
83 static const uintptr_t kCanarySet = 0x0f0b0f0b;
86 /**
87 * This class is designed to cause crashes when various kinds of memory
88 * corruption are observed. For instance, let's say we have a class C where we
89 * suspect out-of-bounds writes to some members. We can insert a member of type
90 * Poison near the members we suspect are being corrupted by out-of-bounds
91 * writes. Or perhaps we have a class K we suspect is subject to use-after-free
92 * violations, in which case it doesn't particularly matter where in the class
93 * we add the member of type Poison.
95 * In either case, we then insert calls to Check() throughout the code. Doing
96 * so enables us to narrow down the location where the corruption is occurring.
97 * A pleasant side-effect of these additional Check() calls is that crash
98 * signatures may become more regular, as crashes will ideally occur
99 * consolidated at the point of a Check(), rather than scattered about at
100 * various uses of the corrupted memory.
102 class CorruptionCanary : public CorruptionCanaryForStatics {
103 public:
104 constexpr CorruptionCanary() = default;
106 ~CorruptionCanary() {
107 Check();
108 mValue = mozPoisonValue();
112 } // namespace mozilla
114 #endif
116 #endif /* mozilla_Poison_h */