From dc0719c1023d0708980406b0828eead467cbad66 Mon Sep 17 00:00:00 2001 From: Cindy Zhou Date: Tue, 7 Jan 2020 13:23:15 -0800 Subject: Enable CFI libpac Turned on CFI sanitizer in libpac and added blacklist. Bug: 145990493 Test: Ran native test proxy_resolver_v8_unittest and GTS test DeviceOwnerTest. Change-Id: I7effd784fdec27b4be0b12a7df4650d48d709966 --- Android.bp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Android.bp b/Android.bp index c4a0dd0..c4538f8 100644 --- a/Android.bp +++ b/Android.bp @@ -37,4 +37,10 @@ cc_library_shared { "com.android.art.release", "com.android.art.debug", ], + sanitize: { + cfi: true, + diag: { + cfi: true, + }, + }, } -- cgit v1.2.3 From bf03b491b7d4473588121d0f8925e0fd7912a132 Mon Sep 17 00:00:00 2001 From: Cindy Zhou Date: Thu, 16 Jan 2020 14:36:47 -0800 Subject: libpac removing diag Removing diagnostic mode for CFI before IC Bug: 147144481 Bug: 145990493 Test: N/A Change-Id: I23d34d15a24c6c4a9f03e8812c3514fa6a3c5b1f --- Android.bp | 3 --- 1 file changed, 3 deletions(-) diff --git a/Android.bp b/Android.bp index c4538f8..465dfbd 100644 --- a/Android.bp +++ b/Android.bp @@ -39,8 +39,5 @@ cc_library_shared { ], sanitize: { cfi: true, - diag: { - cfi: true, - }, }, } -- cgit v1.2.3 From 0a3a231581f6f4e7fb117c9843d33470b45d81da Mon Sep 17 00:00:00 2001 From: Anna Malova Date: Thu, 13 Feb 2020 11:47:51 +0000 Subject: Disable CFI in libpac. Bug: 147359729 Bug: 145990493 Test: Run proxy CTS tests on cuttlefish Test: atest com.android.cts.devicepolicy.DeviceOwnerTest#testProxyPacProxyTest Change-Id: I6ca4d1f905571e414cf8ea2a8967ea2afc97ebce --- Android.bp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Android.bp b/Android.bp index 465dfbd..46f6d31 100644 --- a/Android.bp +++ b/Android.bp @@ -37,7 +37,8 @@ cc_library_shared { "com.android.art.release", "com.android.art.debug", ], - sanitize: { - cfi: true, - }, + // Re-enable when b/145990493 is fixed + // sanitize: { + // cfi: true, + // }, } -- cgit v1.2.3 From e0e56273f3d535f4cc9a99f49592496836b2ed05 Mon Sep 17 00:00:00 2001 From: Cindy Zhou Date: Thu, 13 Feb 2020 13:24:32 -0800 Subject: Enable CFI in libpac. Bug: 147359729 Bug: 145990493 Test: Run proxy CTS tests on cuttlefish Test: atest com.android.cts.devicepolicy.DeviceOwnerTest#testProxyPacProxyTest Change-Id: I37be8186599735f64a1bcfab92976466792cd63c --- Android.bp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/Android.bp b/Android.bp index 46f6d31..465dfbd 100644 --- a/Android.bp +++ b/Android.bp @@ -37,8 +37,7 @@ cc_library_shared { "com.android.art.release", "com.android.art.debug", ], - // Re-enable when b/145990493 is fixed - // sanitize: { - // cfi: true, - // }, + sanitize: { + cfi: true, + }, } -- cgit v1.2.3 From 780b5e342028c8c7964145483ac73eca941ed464 Mon Sep 17 00:00:00 2001 From: Rubin Xu Date: Thu, 5 Mar 2020 15:22:52 +0000 Subject: Cherry-pick "Refactor Regexp.prototype" Original change: https://chromium-review.googlesource.com/c/v8/v8/+/1547660 Adds unit test. Bug: 147664838 Test: m -j proxy_resolver_v8_unittest && adb sync && adb shell \ /data/nativetest/proxy_resolver_v8_unittest/proxy_resolver_v8_unittest Merged-In: I6b8f8f2eff548cab5bbc69f7ba981381043227da Change-Id: I6b8f8f2eff548cab5bbc69f7ba981381043227da --- test/js-unittest/b_147664838.js | 21 +++++++++++++++++++++ test/proxy_resolver_v8_unittest.cc | 13 +++++++++++++ test/proxy_test_script.h | 24 ++++++++++++++++++++++++ 3 files changed, 58 insertions(+) create mode 100644 test/js-unittest/b_147664838.js diff --git a/test/js-unittest/b_147664838.js b/test/js-unittest/b_147664838.js new file mode 100644 index 0000000..d1d8b72 --- /dev/null +++ b/test/js-unittest/b_147664838.js @@ -0,0 +1,21 @@ +function FindProxyForURL(url, host){ + let re = /x/y; + let cnt = 0; + let str = re[Symbol.replace]("x", { + toString: () => { + cnt++; + if (cnt == 2) { + re.lastIndex = {valueOf: () => { + re.x = 42; + return 0; + }}; + } + return 'y$'; + } + }); + if (str != "y$") { + throw "regex mutated"; + return "FAIL"; + } + return "DIRECT"; +} \ No newline at end of file diff --git a/test/proxy_resolver_v8_unittest.cc b/test/proxy_resolver_v8_unittest.cc index fa11f73..e66f68b 100644 --- a/test/proxy_resolver_v8_unittest.cc +++ b/test/proxy_resolver_v8_unittest.cc @@ -586,6 +586,19 @@ TEST(ProxyResolverV8Test, B_139806216) { EXPECT_EQ("DIRECT", proxies[0]); } +TEST(ProxyResolverV8Test, B_147664838) { + ProxyResolverV8WithMockBindings resolver(new MockJSBindings()); + int result = resolver.SetPacScript(SCRIPT(B_147664838_JS)); + EXPECT_EQ(OK, result); + + // Execute FindProxyForURL(). + result = resolver.GetProxyForURL(kQueryUrl, kQueryHost, &kResults); + + EXPECT_EQ(OK, result); + std::vector proxies = string16ToProxyList(kResults); + EXPECT_EQ(1U, proxies.size()); + EXPECT_EQ("DIRECT", proxies[0]); +} } // namespace } // namespace net diff --git a/test/proxy_test_script.h b/test/proxy_test_script.h index bb8502c..0deb19f 100644 --- a/test/proxy_test_script.h +++ b/test/proxy_test_script.h @@ -33,6 +33,30 @@ " return \"DIRECT\";\n" \ "}\n" \ +#define B_147664838_JS \ + u""\ + "function FindProxyForURL(url, host){\n" \ + " let re = /x/y;\n" \ + " let cnt = 0;\n" \ + " let str = re[Symbol.replace](\"x\", {\n" \ + " toString: () => {\n" \ + " cnt++;\n" \ + " if (cnt == 2) {\n" \ + " re.lastIndex = {valueOf: () => {\n" \ + " re.x = 42;\n" \ + " return 0;\n" \ + " }};\n" \ + " }\n" \ + " return 'y$';\n" \ + " }\n" \ + " });\n" \ + " if (str != \"y$\") {\n" \ + " throw \"regex mutated\";\n" \ + " return \"FAIL\";\n" \ + " }\n" \ + " return \"DIRECT\";\n" \ + "}\n" \ + #define BINDING_FROM_GLOBAL_JS \ "// Calls a bindings outside of FindProxyForURL(). This causes the code to\n" \ "// get exercised during initialization.\n" \ -- cgit v1.2.3