clone-errors.js (3394B)
1 // |reftest| skip-if(!xulRuntime.shell) 2 // -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- 3 // Any copyright is dedicated to the Public Domain. 4 // http://creativecommons.org/licenses/publicdomain/ 5 6 function check(v) { 7 try { 8 serialize(v); 9 } catch (exc) { 10 return; 11 } 12 throw new Error("serializing " + JSON.stringify(v) + " should have failed with an exception"); 13 } 14 15 // Unsupported object types. 16 check(this); 17 check(Math); 18 check(function () {}); 19 check(new Proxy({}, {})); 20 21 // A failing getter. 22 check({get x() { throw new Error("fail"); }}); 23 24 // Mismatched scopes. 25 for (let [write_scope, read_scope] of [['SameProcess', 'DifferentProcessForIndexedDB'], 26 ['SameProcess', 'DifferentProcess']]) 27 { 28 var ab = new ArrayBuffer(12); 29 var buffer = serialize(ab, [ab], { scope: write_scope }); 30 var caught = false; 31 try { 32 deserialize(buffer, { scope: read_scope }); 33 } catch (exc) { 34 caught = true; 35 } 36 assertEq(caught, true, `${write_scope} clone buffer should not be deserializable as ${read_scope}`); 37 } 38 39 // Extra data. This is not checked in #define FUZZING builds. 40 const fuzzing = getBuildConfiguration("fuzzing-defined"); 41 const shouldThrow = fuzzing === false; 42 43 var clone = serialize({foo: 7}, undefined, {scope: 'DifferentProcess'}); 44 deserialize(clone); 45 clone.clonebuffer = clone.clonebuffer + "\0\0\0\0\0\0\0\0"; 46 var exc = {message: 'no error'}; 47 try { 48 deserialize(clone); 49 } catch (e) { 50 exc = e; 51 } 52 if (shouldThrow) { 53 assertEq(exc.message.includes("bad serialized structured data"), true); 54 assertEq(exc.message.includes("extra data"), true); 55 } 56 57 // Extra data between the main body and "tail" of the clone data. 58 function dumpData(data) { 59 data.forEach((x, i) => print(`[${i}] 0x${(i*8).toString(16)} : 0x${x.toString(16)}`)); 60 } 61 62 function testInnerExtraData() { 63 const ab = new ArrayBuffer(8); 64 (new BigUint64Array(ab))[0] = 0xdeadbeefn; 65 const clone = serialize({ABC: 7, CBA: ab}, [ab], {scope: 'DifferentProcess'}); 66 67 const data = [...new BigUint64Array(clone.arraybuffer)]; 68 dumpData(data); 69 70 const fake = new ArrayBuffer(clone.arraybuffer.byteLength + 24); 71 const view = new BigUint64Array(fake); 72 view.set(new BigUint64Array(clone.arraybuffer), 0); 73 view[1] = view[1] & ~1n; // SCTAG_TRANSFER_MAP_HEADER with SCTAG_TM_UNREAD 74 view[5] += 24n; // Make space for another ArrayBuffer clone at the end 75 view[9] = 0xffff00030000000dn; // Change the constant 7 to 13 76 view[16] = 0xfeeddeadbeef2dadn; // Change stored ArrayBuffer contents 77 view[17] = view[14]; // SCTAG_ARRAY_BUFFER_OBJECT_V2 78 view[18] = view[15]; // 8 bytes long 79 view[19] = 0x1cedc0ffeen; // Content 80 81 dumpData(view); 82 clone.arraybuffer = fake; 83 84 let d; 85 let exc; 86 try { 87 d = deserialize(clone); 88 print(JSON.stringify(d)); 89 print(new BigUint64Array(d.CBA)[0].toString(16)); 90 } catch (e) { 91 exc = e; 92 } 93 94 const fuzzing = getBuildConfiguration("fuzzing-defined"); 95 const shouldThrow = fuzzing === false; 96 97 if (shouldThrow) { 98 assertEq(Boolean(exc), true); 99 assertEq(exc.message.includes("extra data"), true); 100 print(`PASS with FUZZING: Found expected exception "${exc.message}"`); 101 } else { 102 assertEq(new BigUint64Array(d.CBA)[0].toString(16), "1cedc0ffee"); 103 assertEq(d.ABC, 13); 104 print("PASS without FUZZING"); 105 } 106 } 107 108 testInnerExtraData(); 109 110 reportCompare(0, 0, "ok");