Closed
Bug 1124659
Opened 9 years ago
Closed 9 years ago
Restrict quit() argument to values 0-127
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla38
People
(Reporter: jandem, Assigned: jandem)
Details
Attachments
(1 file)
1.23 KB,
patch
|
jorendorff
:
review+
|
Details | Diff | Splinter Review |
This patch makes quit(x) throw if x is not in the range [0, 127]. decoder requested this to avoid false positives: when a script does quit(139) for instance, the fuzzer will think the shell segfaulted.
Attachment #8553081 -
Flags: review?(jorendorff)
Comment 1•9 years ago
|
||
Comment on attachment 8553081 [details] [diff] [review] Patch Review of attachment 8553081 [details] [diff] [review]: ----------------------------------------------------------------- The fuzzers should be able to tell the difference between an exit() and a crash without modifying the JS shell. At the POSIX level you're supposed to use wait(3) or waitpid(3) to monitor a process, and WIFSIGNALED() and WTERMSIG() to see if it was killed by a signal. If the fuzzer harnesses are written in Python or something, they can do the same; if they're written in bash it might be harder. Limiting the status code to [0, 255] would be all right, since exit() masks away any higher bits anyway. r=me if you still think it's best to land this.
Attachment #8553081 -
Flags: review?(jorendorff) → review+
Comment 2•9 years ago
|
||
We have various harnesses. Some are Python but LangFuzz is Java and I think that kind of difference is not visible at the Java level anymore. There are also situations where the process runs on a different machine and the exit code is the only information transferred. So in general it would be good if that exit code was reliable :)
Assignee | ||
Comment 3•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/20f9a56f6928
Comment 4•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/20f9a56f6928
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
You need to log in
before you can comment on or make changes to this bug.
Description
•