summaryrefslogtreecommitdiffstats
path: root/js/src/vm
diff options
context:
space:
mode:
Diffstat (limited to 'js/src/vm')
-rw-r--r--js/src/vm/Xdr.h20
1 files changed, 18 insertions, 2 deletions
diff --git a/js/src/vm/Xdr.h b/js/src/vm/Xdr.h
index 8e8c5bf17..2a5c62480 100644
--- a/js/src/vm/Xdr.h
+++ b/js/src/vm/Xdr.h
@@ -143,13 +143,17 @@ class XDRState {
template <typename T>
bool codeEnum32(T* val, typename mozilla::EnableIf<mozilla::IsEnum<T>::value, T>::Type * = NULL)
{
+ // Mix the enumeration value with a random magic number, such that a
+ // corruption with a low-ranged value (like 0) is less likely to cause a
+ // miss-interpretation of the XDR content and instead cause a failure.
+ const uint32_t MAGIC = 0xAF647BCE;
uint32_t tmp;
if (mode == XDR_ENCODE)
- tmp = uint32_t(*val);
+ tmp = uint32_t(*val) ^ MAGIC;
if (!codeUint32(&tmp))
return false;
if (mode == XDR_DECODE)
- *val = T(tmp);
+ *val = T(tmp ^ MAGIC);
return true;
}
@@ -167,6 +171,18 @@ class XDRState {
return true;
}
+ bool codeMarker(uint32_t magic) {
+ uint32_t actual = magic;
+ if (!codeUint32(&actual))
+ return false;
+ if (actual != magic) {
+ // Fail in debug, but only soft-fail in release
+ MOZ_ASSERT(false, "Bad XDR marker");
+ return fail(JS::TranscodeResult_Failure_BadDecode);
+ }
+ return true;
+ }
+
bool codeBytes(void* bytes, size_t len) {
if (len == 0)
return true;