Bug 1821010 - Remove legacy IPC fuzzing code. r=truber,nika

Differential Revision: https://phabricator.services.mozilla.com/D171981
iaxat · Mar 15, 2023 · e0e22b4 · e0e22b4
1 parent 657d86f
commit e0e22b4
Show file tree

Hide file tree

Showing 13 changed files with 6 additions and 1,185 deletions.
diff --git a/ipc/chromium/src/base/pickle.cc b/ipc/chromium/src/base/pickle.cc
@@ -482,84 +482,47 @@ void Pickle::EndWrite(uint32_t length) {
   WritePadding(buffers_, padding);
 }
 
-bool Pickle::WriteBool(bool value) {
-#ifdef FUZZING
-  mozilla::ipc::Faulty::instance().FuzzBool(&value);
-#endif
-  return WriteInt(value ? 1 : 0);
-}
+bool Pickle::WriteBool(bool value) { return WriteInt(value ? 1 : 0); }
 
 bool Pickle::WriteInt16(int16_t value) {
-#ifdef FUZZING
-  mozilla::ipc::Faulty::instance().FuzzInt16(&value);
-#endif
   return WriteBytes(&value, sizeof(value));
 }
 
 bool Pickle::WriteUInt16(uint16_t value) {
-#ifdef FUZZING
-  mozilla::ipc::Faulty::instance().FuzzUInt16(&value);
-#endif
   return WriteBytes(&value, sizeof(value));
 }
 
-bool Pickle::WriteInt(int value) {
-#ifdef FUZZING
-  mozilla::ipc::Faulty::instance().FuzzInt(&value);
-#endif
-  return WriteBytes(&value, sizeof(value));
-}
+bool Pickle::WriteInt(int value) { return WriteBytes(&value, sizeof(value)); }
 
 bool Pickle::WriteLong(long value) {
   // Always written as a 64-bit value since the size for this type can
   // differ between architectures.
-#ifdef FUZZING
-  mozilla::ipc::Faulty::instance().FuzzLong(&value);
-#endif
   return WriteInt64(int64_t(value));
 }
 
 bool Pickle::WriteULong(unsigned long value) {
   // Always written as a 64-bit value since the size for this type can
   // differ between architectures.
-#ifdef FUZZING
-  mozilla::ipc::Faulty::instance().FuzzULong(&value);
-#endif
   return WriteUInt64(uint64_t(value));
 }
 
 bool Pickle::WriteInt32(int32_t value) {
-#ifdef FUZZING
-  mozilla::ipc::Faulty::instance().FuzzInt(&value);
-#endif
   return WriteBytes(&value, sizeof(value));
 }
 
 bool Pickle::WriteUInt32(uint32_t value) {
-#ifdef FUZZING
-  mozilla::ipc::Faulty::instance().FuzzUInt32(&value);
-#endif
   return WriteBytes(&value, sizeof(value));
 }
 
 bool Pickle::WriteInt64(int64_t value) {
-#ifdef FUZZING
-  mozilla::ipc::Faulty::instance().FuzzInt64(&value);
-#endif
   return WriteBytes(&value, sizeof(value));
 }
 
 bool Pickle::WriteUInt64(uint64_t value) {
-#ifdef FUZZING
-  mozilla::ipc::Faulty::instance().FuzzUInt64(&value);
-#endif
   return WriteBytes(&value, sizeof(value));
 }
 
 bool Pickle::WriteDouble(double value) {
-#ifdef FUZZING
-  mozilla::ipc::Faulty::instance().FuzzDouble(&value);
-#endif
   return WriteBytes(&value, sizeof(value));
 }
 
@@ -570,9 +533,6 @@ bool Pickle::WriteIntPtr(intptr_t value) {
 }
 
 bool Pickle::WriteUnsignedChar(unsigned char value) {
-#ifdef FUZZING
-  mozilla::ipc::Faulty::instance().FuzzUChar(&value);
-#endif
   return WriteBytes(&value, sizeof(value));
 }
 
@@ -612,32 +572,16 @@ bool Pickle::WriteBytes(const void* data, uint32_t data_len) {
 }
 
 bool Pickle::WriteString(const std::string& value) {
-#ifdef FUZZING
-  std::string v(value);
-  mozilla::ipc::Faulty::instance().FuzzString(v);
-  if (!WriteInt(static_cast<int>(v.size()))) return false;
-
-  return WriteBytes(v.data(), static_cast<int>(v.size()));
-#else
   if (!WriteInt(static_cast<int>(value.size()))) return false;
 
   return WriteBytes(value.data(), static_cast<int>(value.size()));
-#endif
 }
 
 bool Pickle::WriteWString(const std::wstring& value) {
-#ifdef FUZZING
-  std::wstring v(value);
-  mozilla::ipc::Faulty::instance().FuzzWString(v);
-  if (!WriteInt(static_cast<int>(v.size()))) return false;
-
-  return WriteBytes(v.data(), static_cast<int>(v.size() * sizeof(wchar_t)));
-#else
   if (!WriteInt(static_cast<int>(value.size()))) return false;
 
   return WriteBytes(value.data(),
                     static_cast<int>(value.size() * sizeof(wchar_t)));
-#endif
 }
 
 bool Pickle::WriteData(const char* data, uint32_t length) {

diff --git a/ipc/chromium/src/base/pickle.h b/ipc/chromium/src/base/pickle.h
@@ -17,9 +17,6 @@
 #include "mozilla/BufferList.h"
 #include "mozilla/mozalloc.h"
 #include "mozilla/TimeStamp.h"
-#ifdef FUZZING
-#  include "mozilla/ipc/Faulty.h"
-#endif
 #if !defined(FUZZING) && (!defined(RELEASE_OR_BETA) || defined(DEBUG))
 #  define MOZ_PICKLE_SENTINEL_CHECKING
 #endif

diff --git a/ipc/chromium/src/chrome/common/ipc_channel_posix.cc b/ipc/chromium/src/chrome/common/ipc_channel_posix.cc
@@ -45,10 +45,6 @@
 #include "mozilla/UniquePtr.h"
 #include "mozilla/Unused.h"
 
-#ifdef FUZZING
-#  include "mozilla/ipc/Faulty.h"
-#endif
-
 // Use OS specific iovec array limit where it's possible.
 #if defined(IOV_MAX)
 static const size_t kMaxIOVecSize = IOV_MAX;
@@ -587,9 +583,6 @@ bool Channel::ChannelImpl::ProcessOutgoingMessages() {
   // Write out all the messages we can till the write blocks or there are no
   // more outgoing messages.
   while (!output_queue_.IsEmpty()) {
-#ifdef FUZZING
-    mozilla::ipc::Faulty::instance().MaybeCollectAndClosePipe(pipe_);
-#endif
     Message* msg = output_queue_.FirstElement().get();
 
     struct msghdr msgh = {0};
@@ -809,11 +802,6 @@ bool Channel::ChannelImpl::Send(mozilla::UniquePtr<Message> message) {
              << output_queue_.Count() << " in queue)";
 #endif
 
-#ifdef FUZZING
-  message = mozilla::ipc::Faulty::instance().MutateIPCMessage(
-      "Channel::ChannelImpl::Send", std::move(message));
-#endif
-
   // If the channel has been closed, ProcessOutgoingMessages() is never going
   // to pop anything off output_queue; output_queue will only get emptied when
   // the channel is destructed.  We might as well delete message now, instead

diff --git a/ipc/chromium/src/chrome/common/ipc_channel_win.cc b/ipc/chromium/src/chrome/common/ipc_channel_win.cc
@@ -25,10 +25,6 @@
 #include "mozilla/RandomNum.h"
 #include "nsThreadUtils.h"
 
-#ifdef FUZZING
-#  include "mozilla/ipc/Faulty.h"
-#endif
-
 using namespace mozilla::ipc;
 
 namespace IPC {
@@ -165,11 +161,6 @@ bool Channel::ChannelImpl::Send(mozilla::UniquePtr<Message> message) {
              << output_queue_.Count() << " in queue)";
 #endif
 
-#ifdef FUZZING
-  message = mozilla::ipc::Faulty::instance().MutateIPCMessage(
-      "Channel::ChannelImpl::Send", std::move(message));
-#endif
-
   if (pipe_ == INVALID_HANDLE_VALUE) {
     if (mozilla::ipc::LoggingEnabled()) {
       fprintf(stderr,

diff --git a/ipc/chromium/src/chrome/common/ipc_message.h b/ipc/chromium/src/chrome/common/ipc_message.h
@@ -19,10 +19,6 @@
 #include "mozilla/ipc/ScopedPort.h"
 #include "nsTArray.h"
 
-#ifdef FUZZING
-#  include "mozilla/ipc/Faulty.h"
-#endif
-
 namespace mozilla {
 
 #ifdef FUZZING_SNAPSHOT
@@ -47,9 +43,6 @@ class Channel;
 class Message;
 class MessageReader;
 class MessageWriter;
-#ifdef FUZZING
-class Faulty;
-#endif
 struct LogData;
 
 class Message : public mojo::core::ports::UserMessage, public Pickle {
@@ -361,9 +354,6 @@ class Message : public mojo::core::ports::UserMessage, public Pickle {
   friend class Channel;
   friend class MessageReplyDeserializer;
   friend class SyncMessage;
-#ifdef FUZZING
-  friend class mozilla::ipc::Faulty;
-#endif
   friend class mozilla::ipc::MiniTransceiver;
 
 #if !defined(OS_MACOSX) && !defined(FUZZING_SNAPSHOT)