Bug 1159244 - Add release mode bounds checking with custom annotation…

…s to nsTArray, r=froydnj MozReview-Commit-ID: Ljx9PwBCyTT
iaxat · Aug 15, 2016 · c2c717a · c2c717a
1 parent 412d40a
commit c2c717a
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 3 deletions.
diff --git a/mfbt/Assertions.h b/mfbt/Assertions.h
@@ -34,7 +34,7 @@ namespace CrashReporter {
 void AnnotateMozCrashReason(const char* aReason);
 } // namespace CrashReporter
 
-#  define MOZ_CRASH_ANNOTATE(...) CrashReporter::AnnotateMozCrashReason("" __VA_ARGS__)
+#  define MOZ_CRASH_ANNOTATE(...) CrashReporter::AnnotateMozCrashReason(__VA_ARGS__)
 #else
 #  define MOZ_CRASH_ANNOTATE(...) do { /* nothing */ } while (0)
 #endif

diff --git a/xpcom/glue/nsTArray.cpp b/xpcom/glue/nsTArray.cpp
@@ -18,3 +18,19 @@ IsTwiceTheRequiredBytesRepresentableAsUint32(size_t aCapacity, size_t aElemSize)
   using mozilla::CheckedUint32;
   return ((CheckedUint32(aCapacity) * aElemSize) * 2).isValid();
 }
+
+MOZ_NORETURN MOZ_COLD void
+InvalidArrayIndex_CRASH(size_t aIndex, size_t aLength)
+{
+  const size_t CAPACITY = 512;
+  // Leak the buffer on the heap to make sure that it lives long enough, as
+  // MOZ_CRASH_ANNOTATE expects the pointer passed to it to live to the end of
+  // the program.
+  char* buffer = new char[CAPACITY];
+  snprintf(buffer, CAPACITY,
+           "ElementAt(aIndex = %llu, aLength = %llu)",
+           (long long unsigned) aIndex,
+           (long long unsigned) aLength);
+  MOZ_CRASH_ANNOTATE(buffer);
+  MOZ_REALLY_CRASH();
+}
diff --git a/xpcom/glue/nsTArray.h b/xpcom/glue/nsTArray.h
@@ -330,6 +330,9 @@ struct nsTArray_SafeElementAtHelper<mozilla::OwningNonNull<E>, Derived>
 
 extern "C" void Gecko_EnsureTArrayCapacity(void* aArray, size_t aCapacity, size_t aElemSize);
 
+MOZ_NORETURN MOZ_COLD void
+InvalidArrayIndex_CRASH(size_t aIndex, size_t aLength);
+
 //
 // This class serves as a base class for nsTArray.  It shouldn't be used
 // directly.  It holds common implementation code that does not depend on the
@@ -989,7 +992,9 @@ class nsTArray_Impl
   // @return A reference to the i'th element of the array.
   elem_type& ElementAt(index_type aIndex)
   {
-    MOZ_ASSERT(aIndex < Length(), "invalid array index");
+    if (MOZ_UNLIKELY(aIndex >= Length())) {
+      InvalidArrayIndex_CRASH(aIndex, Length());
+    }
     return Elements()[aIndex];
   }
 
@@ -999,7 +1004,9 @@ class nsTArray_Impl
   // @return A const reference to the i'th element of the array.
   const elem_type& ElementAt(index_type aIndex) const
   {
-    MOZ_ASSERT(aIndex < Length(), "invalid array index");
+    if (MOZ_UNLIKELY(aIndex >= Length())) {
+      InvalidArrayIndex_CRASH(aIndex, Length());
+    }
     return Elements()[aIndex];
   }