diff --git a/image/decoders/nsJPEGDecoder.cpp b/image/decoders/nsJPEGDecoder.cpp index bab2e0983e..08b48fa2dc 100644 --- a/image/decoders/nsJPEGDecoder.cpp +++ b/image/decoders/nsJPEGDecoder.cpp @@ -903,12 +903,25 @@ nsJPEGDecoder::ReadJPEGData(const char* aData, size_t aLength) #if defined(PS_SANDBOX_USE_NEW_CPP_API) class ActiveRAIIWrapper{ JPEGProcessSandbox* s; + bool a; public: - ActiveRAIIWrapper(JPEGProcessSandbox* ps) : s(ps) { s->makeActiveSandbox(); } - ~ActiveRAIIWrapper() { s->makeInactiveSandbox(); } + ActiveRAIIWrapper(JPEGProcessSandbox* ps, bool isActive) : s(ps), a(isActive) { + if (a) { + s->makeActiveSandbox(); + } + } + void makeInactive(){ + if (a) { + s->makeInactiveSandbox(); + a = false; + } + } + ~ActiveRAIIWrapper() { + makeInactive(); + } }; #if !defined(PS_SANDBOX_DONT_USE_SPIN) - ActiveRAIIWrapper procSbxActivation(rlbox_jpeg->getSandbox()); + ActiveRAIIWrapper procSbxActivation(rlbox_jpeg->getSandbox(), mImageWidth < 1000); #endif #endif //printf("FF Flag ReadJPEGData\n"); @@ -998,6 +1011,12 @@ nsJPEGDecoder::ReadJPEGData(const char* aData, size_t aLength) } return val; }); + mImageWidth = image_width; + #if defined(PS_SANDBOX_USE_NEW_CPP_API) && !defined(PS_SANDBOX_DONT_USE_SPIN) + if (mImageWidth >= 1000) { + procSbxActivation.makeInactive(); + } + #endif auto image_height = mInfo.image_height #if defined(NACL_SANDBOX_USE_NEW_CPP_API) || defined(WASM_SANDBOX_USE_NEW_CPP_API) || defined(PS_SANDBOX_USE_NEW_CPP_API) .copyAndVerify([this](JDIMENSION val){ diff --git a/image/decoders/nsJPEGDecoder.h b/image/decoders/nsJPEGDecoder.h index eb85625c40..6bfcab6589 100644 --- a/image/decoders/nsJPEGDecoder.h +++ b/image/decoders/nsJPEGDecoder.h @@ -164,6 +164,7 @@ class nsJPEGDecoder : public Decoder J_COLOR_SPACE m_out_color_space; jmp_buf m_jmpBuff; bool m_jmpBuffValid = FALSE; + unsigned int mImageWidth = 0; #elif defined(NACL_SANDBOX_USE_CPP_API) || defined(PROCESS_SANDBOX_USE_CPP_API) unverified_data p_mInfo; unverified_data p_mSourceMgr; diff --git a/image/decoders/nsPNGDecoder.cpp b/image/decoders/nsPNGDecoder.cpp index 86bee94bee..f49b505d2b 100644 --- a/image/decoders/nsPNGDecoder.cpp +++ b/image/decoders/nsPNGDecoder.cpp @@ -1821,6 +1821,7 @@ nsPNGDecoder::FinishedPNGData() freeInPngSandbox(p_params); #endif + // Exclude very small images as the actual impact is very small if(width < 100) { decoder->PngMaybeTooSmall = true; } else { @@ -1834,10 +1835,12 @@ nsPNGDecoder::FinishedPNGData() // }; // ActiveRAIIWrapper procSbxActivation(IsMetadataDecode()? nullptr : ); if (!decoder->IsMetadataDecode()){ - #if !defined(PS_SANDBOX_DONT_USE_SPIN) - (rlbox_png->getSandbox())->makeActiveSandbox(); - #endif - decoder->PngSbxActivated = true; + if (width < 1000) { + #if !defined(PS_SANDBOX_DONT_USE_SPIN) + (rlbox_png->getSandbox())->makeActiveSandbox(); + #endif + decoder->PngSbxActivated = true; + } } #endif } diff --git a/image/decoders/nsPNGDecoder.h b/image/decoders/nsPNGDecoder.h index b4dfb11d59..16454ec17b 100644 --- a/image/decoders/nsPNGDecoder.h +++ b/image/decoders/nsPNGDecoder.h @@ -78,12 +78,22 @@ class SandboxManager private: std::map> sandboxes; std::mutex sandboxMapMutex; - static const bool SandboxEnforceLimits = true; + static std::once_flag SandboxEnforceLimitsSet; + static bool SandboxEnforceLimits; //we can go to higher limits, but this seems fine static const int SandboxSoftLimit = 10; public: + SandboxManager(){ + std::call_once(SandboxEnforceLimitsSet, [&](){ + SandboxEnforceLimits = !PR_GetEnv("MOZ_RLBOX_SANDBOX_NOLIMIT"); + if (!SandboxEnforceLimits){ + printf("RLBox: Not enforcing sandbox limits!\n"); + } + }); + } + inline std::shared_ptr createSandbox(std::string name) { //use a fresh temporary sandbox if we couldn't find the origin if(name == "") { @@ -142,6 +152,11 @@ class SandboxManager } }; +template +std::once_flag SandboxManager::SandboxEnforceLimitsSet; +template +bool SandboxManager::SandboxEnforceLimits = true; + struct RLBench { bool InUse = false; diff --git a/netwerk/streamconv/converters/nsHTTPCompressConv.cpp b/netwerk/streamconv/converters/nsHTTPCompressConv.cpp index b64c6f7e5f..2b50e19ee0 100644 --- a/netwerk/streamconv/converters/nsHTTPCompressConv.cpp +++ b/netwerk/streamconv/converters/nsHTTPCompressConv.cpp @@ -22,6 +22,8 @@ #include "state.h" #include "brotli/decode.h" +#include "prenv.h" + #include #include #include @@ -29,6 +31,7 @@ #include #include #include +#include #if defined(NACL_SANDBOX_USE_NEW_CPP_API) || defined(WASM_SANDBOX_USE_NEW_CPP_API) || defined(PS_SANDBOX_USE_NEW_CPP_API) // RLBoxSandbox* rlbox_zlib = NULL; @@ -114,7 +117,8 @@ class SandboxManager private: std::map> sandboxes; std::mutex sandboxMapMutex; - static const bool SandboxEnforceLimits = true; + static std::once_flag SandboxEnforceLimitsSet; + static bool SandboxEnforceLimits; //we can go to higher limits, but this seems fine // #if defined(PS_SANDBOX_DONT_USE_SPIN) // static const int SandboxSoftLimit = 100; @@ -124,6 +128,15 @@ class SandboxManager public: + SandboxManager(){ + std::call_once(SandboxEnforceLimitsSet, [&](){ + SandboxEnforceLimits = !PR_GetEnv("MOZ_RLBOX_SANDBOX_NOLIMIT"); + if (!SandboxEnforceLimits){ + printf("RLBox: Not enforcing sandbox limits!\n"); + } + }); + } + // inline void checkSandboxCreation(std::shared_ptr ret) { // auto succeeded = ret->initialize(); // if (succeeded) { return; } @@ -208,6 +221,11 @@ class SandboxManager } }; +template +std::once_flag SandboxManager::SandboxEnforceLimitsSet; +template +bool SandboxManager::SandboxEnforceLimits = true; + static SandboxManager zlibSandboxManager; }