RESOLVED FIXED 164834
ExceptionFuzz functions should use its client's ThrowScope. 
https://bugs.webkit.org/show_bug.cgi?id=164834
Summary ExceptionFuzz functions should use its client's ThrowScope.
Mark Lam
Reported 2016-11-16 13:57:16 PST
This is because ExceptionFuzz's purpose is to throw exceptions from its client at exception check sites. Using the client's ThrowScope solves 2 problems: 1. If ExceptionFuzz makes its own ThrowScope, the simulated throw will be mis-attributed to ExceptionFuzz when it should be attributed to its client. 2. One way exception scope verification works is by having ThrowScopes assert that there are no unchecked simulated exceptions when the ThrowScope is instantiated. However, ExceptionFuzz necessarily works by inserting doExceptionFuzzingIfEnabled() between a ThrowScope that simulated a throw and an exception check. If we declare a ThrowScope in ExceptionFuzz's code, we will be instantiating a ThrowScope between the point where a simulated throw occurs and where the needed exception check can occur. Hence, having ExceptionFuzz instantiate its own ThrowScope will fail exception scope verification every time. Changing ExceptionFuzz to use its client's ThrowScope resolves both problems.
Attachments
proposed patch. (7.03 KB, patch)
2016-11-16 14:03 PST, Mark Lam 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2016-11-16 14:03:35 PST
Created attachment 294973 [details] proposed patch.
WebKit Commit Bot
Comment 2 2016-11-16 14:04:52 PST
Attachment 294973 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/ChangeLog:17: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: fuzzing, fuzzing, fuzzing [changelog/unwantedsecurityterms] [3] Total errors found: 1 in 6 files If any of these errors are false positives, please file a bug against check-webkit-style.
Geoffrey Garen
Comment 3 2016-11-16 14:10:50 PST
Comment on attachment 294973 [details] proposed patch. r=me
Mark Lam
Comment 4 2016-11-16 14:52:32 PST
Comment on attachment 294973 [details] proposed patch. Thanks for the review. Landing via cq.
WebKit Commit Bot
Comment 5 2016-11-16 15:18:16 PST
Comment on attachment 294973 [details] proposed patch. Clearing flags on attachment: 294973 Committed r208819: <http://trac.webkit.org/changeset/208819>
WebKit Commit Bot
Comment 6 2016-11-16 15:18:21 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.