sanitize.js (3980B)
1 /* -*- Mode: javascript; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ 2 /* This Source Code Form is subject to the terms of the Mozilla Public 3 * License, v. 2.0. If a copy of the MPL was not distributed with this 4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 5 6 // This function can be used to "sanitize" a new global for fuzzing in such 7 // a way that permanent side-effects, hangs and behavior that could be harmful 8 // to libFuzzer targets is reduced to a minimum. 9 function sanitizeGlobal(g) { 10 let lfFuncs = { 11 // Noisy functions (output) 12 backtrace: function () { }, 13 getBacktrace: function () { }, 14 help: function () { }, 15 print: function (s) { return s.toString(); }, 16 printErr: function (s) { return s.toString(); }, 17 putstr: function (s) { return s.toString(); }, 18 stackDump: function () { }, 19 dumpHeap: function () { }, 20 dumpScopeChain: function () { }, 21 dumpObjectWrappers: function () { }, 22 dumpGCArenaInfo: function () { }, 23 printProfilerEvents: function () { }, 24 25 // Harmful functions (hangs, timeouts, leaks) 26 getLcovInfo: function () { }, 27 readline: function () { }, 28 readlineBuf: function () { }, 29 timeout: function () { }, 30 quit: function () { }, 31 interruptIf: function () { }, 32 terminate: function () { }, 33 invokeInterruptCallback: function () { }, 34 setInterruptCallback: function () { }, 35 intern: function () { }, 36 evalInWorker: function () { }, 37 sleep: function () { }, 38 cacheEntry: function () { }, 39 streamCacheEntry: function () { }, 40 createMappedArrayBuffer: function () { }, 41 wasmCompileInSeparateProcess: function () { }, 42 gcparam: function () { }, 43 newGlobal: function () { return g; }, 44 45 // Harmful functions (throw) 46 assertEq: function (a, b) { return a.toString() == b.toString(); }, 47 throwError: function () { }, 48 reportOutOfMemory: function () { }, 49 throwOutOfMemory: function () { }, 50 reportLargeAllocationFailure: function () { }, 51 52 // Functions that need limiting 53 gczeal: function (m, f) { return gczeal(m, 100); }, 54 startgc: function (n, o) { startgc(n > 20 ? 20 : n, o); }, 55 gcslice: function (n) { gcslice(n > 20 ? 20 : n); }, 56 57 // Global side-effects 58 deterministicgc: function () { }, 59 fullcompartmentchecks: function () { }, 60 setIonCheckGraphCoherency: function () { }, 61 enableShellAllocationMetadataBuilder: function () { }, 62 setTimeResolution: function () { }, 63 options: function () { return "tracejit,methodjit,typeinfer"; }, 64 setJitCompilerOption: function () { }, 65 clearLastWarning: function () { }, 66 enableSingleStepProfiling: function () { }, 67 disableSingleStepProfiling: function () { }, 68 enableGeckoProfiling: function () { }, 69 enableGeckoProfilingWithSlowAssertions: function () { }, 70 disableGeckoProfiling: function () { }, 71 enqueueJob: function () { }, 72 globalOfFirstJobInQueue: function () { }, 73 drainJobQueue: function () { }, 74 setPromiseRejectionTrackerCallback: function () { }, 75 startTimingMutator: function () { }, 76 stopTimingMutator: function () { }, 77 setModuleLoadHook: function () { }, 78 // Left enabled, as it is required for now to avoid leaks 79 //setModuleResolveHook: function() {}, 80 setModuleMetadataHook: function () { }, 81 setModuleDynamicImportHook: function () { }, 82 finishDynamicModuleImport: function () { }, 83 abortDynamicModuleImport: function () { }, 84 offThreadCompileToStencil: function () { }, 85 offThreadCompileModuleToStencil: function () { }, 86 offThreadDecodeStencil: function () { }, 87 finishOffThreadStencil: function () { }, 88 addPromiseReactions: function () { }, 89 ignoreUnhandledRejections: function () { }, 90 enableTrackAllocations: function () { }, 91 disableTrackAllocations: function () { }, 92 setTestFilenameValidationCallback: function () { }, 93 }; 94 95 for (let lfFunc in lfFuncs) { 96 g[lfFunc] = lfFuncs[lfFunc]; 97 } 98 99 return g; 100 }