1359461 - Assert that SharedArrayBuffer is never structured-cloned cross-process

Status: RESOLVED FIXED

(Core :: JavaScript Engine, enhancement)

Description

[Lars T Hansen [:lth]]

There are structures in place that allow client code to tell the structured clone algorithm that a SharedArrayBuffer should be rejected, for policy or safety reasons.  The main safety reason is that SABs cannot be transmitted across process boundaries.

We should release-assert that this safety guarantee is not violated by checking the clone scope when we attempt to read or write a SharedArrayBuffer in the StructuredClone algorithm.

Comment 1

[Lars T Hansen [:lth]]

Attachment: bug1359461-assert-no-xprocess-sab.patch

The writing side seems straightforward: the scope must be SameProcess.

The reading side is more subtle.  Here I'm checking that the scope submitted with the data is SameProcess.  Given the assert in the writer that would seem to be vacuously true, but it allows for there to be other producers of SC data than the writer in this file.  Also, this check seems to be in the spirit of readHeader(), which lets the reader's scope be wider than the writer's scope.

Comment 2

[Steve Fink [:sfink] [:s:]]

Comment on attachment 8861480 [details] [diff] [review]
bug1359461-assert-no-xprocess-sab.patch

Review of attachment 8861480 [details] [diff] [review]:
-----------------------------------------------------------------

asserts good

Comment 3

[Pulsebot]

Pushed by ihsiao@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/d12f352d634d
Assert that SAB values are not cloned cross-process. r=sfink

Comment 4

[Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)]

https://hg.mozilla.org/mozilla-central/rev/d12f352d634d