tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

DoesntCrossCompartmentBoundaries.cpp (2044B)

      1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2; -*- */
      2 /* This Source Code Form is subject to the terms of the Mozilla Public
      3 * License, v. 2.0. If a copy of the MPL was not distributed with this
      4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      5 
      6 // Test that heap snapshots walk the compartment boundaries correctly.
      7 
      8 #include "DevTools.h"
      9 
     10 DEF_TEST(DoesntCrossCompartmentBoundaries, {
     11  // Create a new global to get a new compartment.
     12  JS::RealmOptions options;
     13  // dummy
     14  options.behaviors().setReduceTimerPrecisionCallerType(
     15      JS::RTPCallerTypeToken{0});
     16  JS::Rooted<JSObject*> newGlobal(
     17      cx, JS_NewGlobalObject(cx, getGlobalClass(), nullptr,
     18                             JS::FireOnNewGlobalHook, options));
     19  ASSERT_TRUE(newGlobal);
     20  JS::Compartment* newCompartment = nullptr;
     21  {
     22    JSAutoRealm ar(cx, newGlobal);
     23    ASSERT_TRUE(JS::InitRealmStandardClasses(cx));
     24    newCompartment = js::GetContextCompartment(cx);
     25  }
     26  ASSERT_TRUE(newCompartment);
     27  ASSERT_NE(newCompartment, compartment);
     28 
     29  // Our set of target compartments is only the pre-existing compartment and
     30  // does not include the new compartment.
     31  JS::CompartmentSet targetCompartments;
     32  ASSERT_TRUE(targetCompartments.put(compartment));
     33 
     34  FakeNode nodeA;
     35  FakeNode nodeB;
     36  FakeNode nodeC;
     37 
     38  nodeA.compartment = compartment;
     39  nodeB.compartment = nullptr;
     40  nodeC.compartment = newCompartment;
     41 
     42  AddEdge(nodeA, nodeB);
     43  AddEdge(nodeB, nodeC);
     44 
     45  ::testing::NiceMock<MockWriter> writer;
     46 
     47  // Should serialize nodeA, because it is in our target compartments.
     48  ExpectWriteNode(writer, nodeA);
     49 
     50  // Should serialize nodeB, because it doesn't belong to a compartment and is
     51  // therefore assumed to be shared.
     52  ExpectWriteNode(writer, nodeB);
     53 
     54  // But we shouldn't ever serialize nodeC.
     55 
     56  JS::AutoCheckCannotGC noGC(cx);
     57 
     58  ASSERT_TRUE(WriteHeapGraph(cx, JS::ubi::Node(&nodeA), writer,
     59                             /* wantNames = */ false, &targetCompartments,
     60                             noGC));
     61 });