Backed out 4 changesets (bug 1728934) for causing Mochitest failures. CLOSED TREE

  description: rlbox integration for the wasm2c sandboxed code

  url: https://github.com/PLSysSec/rlbox_wasm2c_sandbox

  release: commit 95b0e954c9d140a22dfe1755e747ddc132ae82ac (2021-09-29T22:50:14Z).

  revision: 95b0e954c9d140a22dfe1755e747ddc132ae82ac

  release: commit a7b7233cf1845bc2548ffc7ea06f27e8a024b851 (2021-08-24T08:37:28Z).

  revision: a7b7233cf1845bc2548ffc7ea06f27e8a024b851

  license: MIT

  license-file: LICENSE

  description: wasm2c fork used for rlbox sandboxing

  url: https://github.com/PLSysSec/wasm2c_sandbox_compiler

  release: commit 32a8ad683fe2390200cc3b7c8e5ffb55b071e781 (2021-09-29T22:48:37Z).

  revision: 32a8ad683fe2390200cc3b7c8e5ffb55b071e781

  release: commit 551fd0e7d8f0349562d4402bc626a689e7ecde4f (2021-09-09T00:19:32Z).

  revision: 551fd0e7d8f0349562d4402bc626a689e7ecde4f

  license: Apache-2.0

  license-file: LICENSE

static Atomic<uint32_t> sStreamSourceID(0u);

OggDemuxer::nsAutoOggSyncState::nsAutoOggSyncState(rlbox_sandbox_ogg* aSandbox)

OggDemuxer::nsAutoOggSyncState::nsAutoOggSyncState(rlbox_sandbox_ogg& aSandbox)

    : mSandbox(aSandbox) {

  if (mSandbox) {

  tainted_ogg<ogg_sync_state*> state =

        mSandbox->malloc_in_sandbox<ogg_sync_state>();

      mSandbox.malloc_in_sandbox<ogg_sync_state>();

  MOZ_RELEASE_ASSERT(state != nullptr);

  mState = state.to_opaque();

    sandbox_invoke(*mSandbox, ogg_sync_init, mState);

  }

  sandbox_invoke(mSandbox, ogg_sync_init, mState);

}

OggDemuxer::nsAutoOggSyncState::~nsAutoOggSyncState() {

  if (mSandbox) {

    sandbox_invoke(*mSandbox, ogg_sync_clear, mState);

    mSandbox->free_in_sandbox(rlbox::from_opaque(mState));

  sandbox_invoke(mSandbox, ogg_sync_clear, mState);

  mSandbox.free_in_sandbox(rlbox::from_opaque(mState));

  tainted_ogg<ogg_sync_state*> null = nullptr;

  mState = null.to_opaque();

}

}

/* static */

rlbox_sandbox_ogg* OggDemuxer::CreateSandbox() {

  rlbox_sandbox_ogg* sandbox = new rlbox_sandbox_ogg();

#ifdef MOZ_WASM_SANDBOXING_OGG

  bool success = sandbox->create_sandbox(mozilla::ipc::GetSandboxedRLBoxPath().get(), false /* infallible */);

  sandbox->create_sandbox(mozilla::ipc::GetSandboxedRLBoxPath().get());

#else

  bool success = sandbox->create_sandbox();

  sandbox->create_sandbox();

#endif

  if (!success) {

    delete sandbox;

    sandbox = nullptr;

  }

  return sandbox;

}

void OggDemuxer::SandboxDestroy::operator()(rlbox_sandbox_ogg* sandbox) {

  if (sandbox) {

  sandbox->destroy_sandbox();

  delete sandbox;

}

}

// Return the corresponding category in aKind based on the following specs.

// (https://www.whatwg.org/specs/web-apps/current-

      mFlacState(nullptr),

      mOpusEnabled(MediaDecoder::IsOpusEnabled()),

      mSkeletonState(nullptr),

      mAudioOggState(aResource, mSandbox.get()),

      mVideoOggState(aResource, mSandbox.get()),

      mAudioOggState(aResource, *mSandbox),

      mVideoOggState(aResource, *mSandbox),

      mIsChained(false),

      mTimedMetadataEvent(nullptr),

      mOnSeekableEvent(nullptr) {

}

RefPtr<OggDemuxer::InitPromise> OggDemuxer::Init() {

  if (!mSandbox) {

    return InitPromise::CreateAndReject(NS_ERROR_OUT_OF_MEMORY, __func__);

  }

  const char RLBOX_OGG_RETURN_CODE_SAFE[] =

      "Return codes only control whether to early exit. Incorrect return codes "

      "will not lead to memory safety issues in the renderer.";

nsresult OggDemuxer::Reset(TrackInfo::TrackType aType) {

  // Discard any previously buffered packets/pages.

  if (mSandbox) {

  sandbox_invoke(*mSandbox, ogg_sync_reset, OggSyncState(aType));

  }

  OggCodecState* trackState = GetTrackCodecState(aType);

  if (trackState) {

    return trackState->Reset();

  // offset is after the end of the media resource, or there's no more cached

  // data after the offset. This loop will run until we've checked every

  // buffered range in the media, in increasing order of offset.

  nsAutoOggSyncState sync(mSandbox.get());

  nsAutoOggSyncState sync(*mSandbox);

  for (uint32_t index = 0; index < ranges.Length(); index++) {

    // Ensure the offsets are after the header pages.

    int64_t startOffset = ranges[index].mStart;

                                    size_t aTrackNumber) const;

  struct nsAutoOggSyncState {

    explicit nsAutoOggSyncState(rlbox_sandbox_ogg* aSandbox);

    explicit nsAutoOggSyncState(rlbox_sandbox_ogg& aSandbox);

    ~nsAutoOggSyncState();

    rlbox_sandbox_ogg* mSandbox;

    rlbox_sandbox_ogg& mSandbox;

    tainted_opaque_ogg<ogg_sync_state*> mState;

  };

  media::TimeIntervals GetBuffered(TrackInfo::TrackType aType);

  // Ogg decoding state.

  struct OggStateContext {

    explicit OggStateContext(MediaResource* aResource,

                             rlbox_sandbox_ogg* aSandbox)

                             rlbox_sandbox_ogg& aSandbox)

        : mOggState(aSandbox), mResource(aResource), mNeedKeyframe(true) {}

    nsAutoOggSyncState mOggState;

    MediaResourceIndex mResource;

This directory contains the rlbox source from the upstream repo:

https://github.com/PLSysSec/rlbox_sandboxing_api/

Current version: [commit e1cb323a00a680c8b29001e485a99252130a6e32]

Current version: [commit fc796e549b3a48e89b9a8db28011dcad06494ba3]

UPDATING: