Make it easier to fuzz dynamic module import in the shell

RESOLVED FIXED in Firefox 65

Status

()

enhancement
P3
normal
RESOLVED FIXED
10 months ago
10 months ago

People

(Reporter: jonco, Assigned: jonco)

Tracking

61 Branch
mozilla65
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox65 fixed)

Details

Attachments

(1 attachment, 1 obsolete attachment)

Dynamic import is difficult to fuzz because it requires access to external files.  Decoder requested a function that would take source code as an argument and then import that as a module.
Priority: -- → P3
Would something like this work (see use of import in the test code)?

This adds the ability to import from 'inline:' URLs that embed JS source in the URL.  (It's like data: URLs but without the MIME type).
Assignee: nobody → jcoppeard
Attachment #9018237 - Flags: feedback?(choller)
Comment on attachment 9018237 [details] [diff] [review]
bug1499335-inline-module-import

Yes, that looks like it might be possible to integrate into the fuzzing driver.
Attachment #9018237 - Flags: feedback?(choller) → feedback+
Attachment #9018337 - Flags: review?(evilpies)
Attachment #9018237 - Attachment is obsolete: true
Comment on attachment 9018337 [details] [diff] [review]
bug1499335-inline-module-import v2

Review of attachment 9018337 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/jit-test/tests/modules/inline-data.js
@@ +1,1 @@
> +// |jit-test| module

Could change the name of the test, but inline-data still kind of fits anyway.

::: js/src/shell/ModuleLoader.js
@@ +8,5 @@
>  /* global setModuleDynamicImportHook finishDynamicModuleImport abortDynamicModuleImport */
>  
>  // A basic synchronous module loader for testing the shell.
> +//
> +// Supports loading files and 'inline:' URLs that embed JS source text.

javascript:

@@ +30,5 @@
>          this.registry = new Map();
>          this.loadPath = getModuleLoadPath();
>      }
>  
> +    isInlineURL(name) {

isJavascriptURL

@@ +163,5 @@
>  
>      fetch(path) {
> +        if (this.isInlineURL(path)) {
> +            let i = ReflectApply(StringPrototypeIndexOf, path, [":"]);
> +            return ReflectApply(StringPrototypeSubstring, path, [i + 1]);

return ReflectApply(StringPrototypeSubstring, path, ["javascript:".length]);

Maybe add a top-level constant like const JS_SCHEME = "javascript:".
Attachment #9018337 - Flags: review?(evilpies) → review+
Pushed by jcoppeard@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/80235331ce5f
Support module specifiers containing inline data in the shell r=evilpie
https://hg.mozilla.org/mozilla-central/rev/80235331ce5f
Status: NEW → RESOLVED
Closed: 10 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
You need to log in before you can comment on or make changes to this bug.