209681 - improve XPCOM_CHECK_PENDING_CIDS: prevent some crashes, enable component manager to block components by contract

Status: RESOLVED FIXED

(Core :: XPCOM, enhancement)

Description

[timeless]

Changes:
* XPCOM_CHECK_PENDING_CIDS assertions list the contract/classid that is
triggered the assertion.
* prevent crashes in edge cases for XPCOM_CHECK_PENDING_CIDS 
* minor grammar change in one of the assertions
* added a blacklist for contracts (someone could add similar code to blacklist
classids, but i generally had a contract, so i didn't)

        static char abusedComponents[][128] = {
            "@mozilla.org/intl/charsetalias;1",
            "@mozilla.org/locale/win32-locale;1",
            "@mozilla.org/widget/lookandfeel/win;1",
            0
        };

This allows an xpcom hacker to list components which trigger the asserts guarded
by XPCOM_CHECK_PENDING_CIDS and then the next time an xpcom app is run it will
break for the first instance (which in many cases is the problem).

Note that for debugging I often didn't want the blacklist to prevent component
creation, so I generally changed:
    rv = AddPendingCID(aClass);
    if (NS_FAILED(rv))
        return rv; // <- to a NOP with a soft breakpoint

Comment 1

[timeless]

Attachment: changes as described in comment 0

Comment 2

[Doug Turner (:dougt)]

Comment on attachment 125837 [details] [diff] [review]
changes as described in comment 0

Add some comments about the use of abusedContracts in the code.

Also attach a diff -u10. 

looking good.

Comment 3

[timeless]

Attachment: -10 with comments (against 1.237)

Comment 4

[Doug Turner (:dougt)]

Comment on attachment 125941 [details] [diff] [review]
-10 with comments (against 1.237)

r=dougt

Comment 5

[timeless]

checked in