[ceph.git] / ceph / src / civetweb / src / third_party / duktape-1.8.0 / examples / sandbox / sandbox.c

/*
 *  Sandboxing example
 *
 *  Uses custom memory allocation functions which keep track of total amount
 *  of memory allocated, imposing a maximum total allocation size.
 */

#include <stdio.h>
#include <stdlib.h>
#include "duktape.h"

/*
 *  Memory allocator which backs to standard library memory functions but
 *  keeps a small header to track current allocation size.
 *
 *  Many other sandbox allocation models are useful, e.g. preallocated pools.
 */

typedef struct {
	/* The double value in the union is there to ensure alignment is
	 * good for IEEE doubles too.  In many 32-bit environments 4 bytes
	 * would be sufficiently aligned and the double value is unnecessary.
	 */
	union {
		size_t sz;
		double d;
	} u;
} alloc_hdr;

static size_t total_allocated = 0;
static size_t max_allocated = 256 * 1024;  /* 256kB sandbox */

static void sandbox_dump_memstate(void) {
#if 0
	fprintf(stderr, "Total allocated: %ld\n", (long) total_allocated);
	fflush(stderr);
#endif
}

static void *sandbox_alloc(void *udata, duk_size_t size) {
	alloc_hdr *hdr;

	(void) udata;  /* Suppress warning. */

	if (size == 0) {
		return NULL;
	}

	if (total_allocated + size > max_allocated) {
		fprintf(stderr, "Sandbox maximum allocation size reached, %ld requested in sandbox_alloc\n",
		        (long) size);
		fflush(stderr);
		return NULL;
	}

	hdr = (alloc_hdr *) malloc(size + sizeof(alloc_hdr));
	if (!hdr) {
		return NULL;
	}
	hdr->u.sz = size;
	total_allocated += size;
	sandbox_dump_memstate();
	return (void *) (hdr + 1);
}

static void *sandbox_realloc(void *udata, void *ptr, duk_size_t size) {
	alloc_hdr *hdr;
	size_t old_size;
	void *t;

	(void) udata;  /* Suppress warning. */

	/* Handle the ptr-NULL vs. size-zero cases explicitly to minimize
	 * platform assumptions.  You can get away with much less in specific
	 * well-behaving environments.
	 */

	if (ptr) {
		hdr = (alloc_hdr *) (((char *) ptr) - sizeof(alloc_hdr));
		old_size = hdr->u.sz;

		if (size == 0) {
			total_allocated -= old_size;
			free((void *) hdr);
			sandbox_dump_memstate();
			return NULL;
		} else {
			if (total_allocated - old_size + size > max_allocated) {
				fprintf(stderr, "Sandbox maximum allocation size reached, %ld requested in sandbox_realloc\n",
				        (long) size);
				fflush(stderr);
				return NULL;
			}

			t = realloc((void *) hdr, size + sizeof(alloc_hdr));
			if (!t) {
				return NULL;
			}
			hdr = (alloc_hdr *) t;
			total_allocated -= old_size;
			total_allocated += size;
			hdr->u.sz = size;
			sandbox_dump_memstate();
			return (void *) (hdr + 1);
		}
	} else {
		if (size == 0) {
			return NULL;
		} else {
			if (total_allocated + size > max_allocated) {
				fprintf(stderr, "Sandbox maximum allocation size reached, %ld requested in sandbox_realloc\n",
				        (long) size);
				fflush(stderr);
				return NULL;
			}

			hdr = (alloc_hdr *) malloc(size + sizeof(alloc_hdr));
			if (!hdr) {
				return NULL;
			}
			hdr->u.sz = size;
			total_allocated += size;
			sandbox_dump_memstate();
			return (void *) (hdr + 1);
		}
	}
}

static void sandbox_free(void *udata, void *ptr) {
	alloc_hdr *hdr;

	(void) udata;  /* Suppress warning. */

	if (!ptr) {
		return;
	}
	hdr = (alloc_hdr *) (((char *) ptr) - sizeof(alloc_hdr));
	total_allocated -= hdr->u.sz;
	free((void *) hdr);
	sandbox_dump_memstate();
}

/*
 *  Sandbox setup and test
 */

static duk_ret_t do_sandbox_test(duk_context *ctx) {
	FILE *f;
	char buf[4096];
	size_t ret;
	const char *globobj;

	/*
	 *  Setup sandbox
	 */

	globobj =
		"({\n"
		"    print: print,\n"
		"    Math: {\n"
		"        max: Math.max\n"
		"    }\n"
		"})\n";
#if 1
	fprintf(stderr, "Sandbox global object:\n----------------\n%s----------------\n", globobj);
	fflush(stderr);
#endif
	duk_eval_string(ctx, globobj);
	duk_set_global_object(ctx);

	/*
	 *  Execute code from specified file
	 */

	f = fopen(duk_require_string(ctx, -1), "rb");
	if (!f) {
		duk_error(ctx, DUK_ERR_ERROR, "failed to open file");
	}

	for (;;) {
		if (ferror(f)) {
			fclose(f);
			duk_error(ctx, DUK_ERR_ERROR, "ferror when reading file");
		}
		if (feof(f)) {
			break;
		}

		ret = fread(buf, 1, sizeof(buf), f);
		if (ret == 0) {
			break;
		}

		duk_push_lstring(ctx, (const char *) buf, ret);
	}

	duk_concat(ctx, duk_get_top(ctx) - 1);  /* -1 for filename */

	/* -> [ ... filename source ] */

	duk_insert(ctx, -2);

	/* -> [ ... source filename ] */

	duk_compile(ctx, 0 /*flags*/);  /* Compile as program */
	duk_call(ctx, 0 /*nargs*/);

	return 0;
}

/*
 *  Main
 */

static void sandbox_fatal(duk_context *ctx, duk_errcode_t code, const char *msg) {
	(void) ctx;  /* Suppress warning. */
	fprintf(stderr, "FATAL %ld: %s\n", (long) code, (msg ? msg : "no message"));
	fflush(stderr);
	exit(1);  /* must not return */
}

int main(int argc, char *argv[]) {
	duk_context *ctx;
	duk_int_t rc;

	if (argc < 2) {
		fprintf(stderr, "Usage: sandbox <test.js>\n");
		fflush(stderr);
		exit(1);
	}

	ctx = duk_create_heap(sandbox_alloc,
	                      sandbox_realloc,
	                      sandbox_free,
	                      NULL,
	                      sandbox_fatal);

	duk_push_string(ctx, argv[1]);
	rc = duk_safe_call(ctx, do_sandbox_test, 1 /*nargs*/, 1 /*nrets*/);
	if (rc) {
		fprintf(stderr, "ERROR: %s\n", duk_safe_to_string(ctx, -1));
		fflush(stderr);
	}

	duk_destroy_heap(ctx);

	/* Should be zero. */
	fprintf(stderr, "Final allocation: %ld\n", (long) total_allocated);
	fflush(stderr);

	return 1;
}
Commit	Line	Data
7c673cae FG	1	/*
	2	* Sandboxing example
	3	*
	4	* Uses custom memory allocation functions which keep track of total amount
	5	* of memory allocated, imposing a maximum total allocation size.
	6	*/
	7
	8	#include <stdio.h>
	9	#include <stdlib.h>
	10	#include "duktape.h"
	11
	12	/*
	13	* Memory allocator which backs to standard library memory functions but
	14	* keeps a small header to track current allocation size.
	15	*
	16	* Many other sandbox allocation models are useful, e.g. preallocated pools.
	17	*/
	18
	19	typedef struct {
	20	/* The double value in the union is there to ensure alignment is
	21	* good for IEEE doubles too. In many 32-bit environments 4 bytes
	22	* would be sufficiently aligned and the double value is unnecessary.
	23	*/
	24	union {
	25	size_t sz;
	26	double d;
	27	} u;
	28	} alloc_hdr;
	29
	30	static size_t total_allocated = 0;
	31	static size_t max_allocated = 256 * 1024; /* 256kB sandbox */
	32
	33	static void sandbox_dump_memstate(void) {
	34	#if 0
	35	fprintf(stderr, "Total allocated: %ld\n", (long) total_allocated);
	36	fflush(stderr);
	37	#endif
	38	}
	39
	40	static void sandbox_alloc(void udata, duk_size_t size) {
	41	alloc_hdr *hdr;
	42
	43	(void) udata; /* Suppress warning. */
	44
	45	if (size == 0) {
	46	return NULL;
	47	}
	48
	49	if (total_allocated + size > max_allocated) {
	50	fprintf(stderr, "Sandbox maximum allocation size reached, %ld requested in sandbox_alloc\n",
	51	(long) size);
	52	fflush(stderr);
	53	return NULL;
	54	}
	55
	56	hdr = (alloc_hdr *) malloc(size + sizeof(alloc_hdr));
	57	if (!hdr) {
	58	return NULL;
	59	}
	60	hdr->u.sz = size;
	61	total_allocated += size;
	62	sandbox_dump_memstate();
	63	return (void *) (hdr + 1);
	64	}
65
66	static void sandbox_realloc(void udata, void *ptr, duk_size_t size) {
67	alloc_hdr *hdr;
68	size_t old_size;
69	void *t;
70
71	(void) udata; /* Suppress warning. */
72
73	/* Handle the ptr-NULL vs. size-zero cases explicitly to minimize
74	* platform assumptions. You can get away with much less in specific
75	* well-behaving environments.
76	*/
77
78	if (ptr) {
79	hdr = (alloc_hdr ) (((char ) ptr) - sizeof(alloc_hdr));
80	old_size = hdr->u.sz;
81
82	if (size == 0) {
83	total_allocated -= old_size;
84	free((void *) hdr);
85	sandbox_dump_memstate();
86	return NULL;
87	} else {
88	if (total_allocated - old_size + size > max_allocated) {
89	fprintf(stderr, "Sandbox maximum allocation size reached, %ld requested in sandbox_realloc\n",
90	(long) size);
91	fflush(stderr);
92	return NULL;
93	}
94
95	t = realloc((void *) hdr, size + sizeof(alloc_hdr));
96	if (!t) {
97	return NULL;
98	}
99	hdr = (alloc_hdr *) t;
100	total_allocated -= old_size;
101	total_allocated += size;
102	hdr->u.sz = size;
103	sandbox_dump_memstate();
104	return (void *) (hdr + 1);
105	}
106	} else {
107	if (size == 0) {
108	return NULL;
109	} else {
110	if (total_allocated + size > max_allocated) {
111	fprintf(stderr, "Sandbox maximum allocation size reached, %ld requested in sandbox_realloc\n",
112	(long) size);
113	fflush(stderr);
114	return NULL;
115	}
116
117	hdr = (alloc_hdr *) malloc(size + sizeof(alloc_hdr));
118	if (!hdr) {
119	return NULL;
120	}
121	hdr->u.sz = size;
122	total_allocated += size;
123	sandbox_dump_memstate();
124	return (void *) (hdr + 1);
125	}
126	}
127	}
128
129	static void sandbox_free(void udata, void ptr) {
130	alloc_hdr *hdr;
131
132	(void) udata; /* Suppress warning. */
133
134	if (!ptr) {
135	return;
136	}
137	hdr = (alloc_hdr ) (((char ) ptr) - sizeof(alloc_hdr));
138	total_allocated -= hdr->u.sz;
139	free((void *) hdr);
140	sandbox_dump_memstate();
141	}
142
143	/*
144	* Sandbox setup and test
145	*/
146
147	static duk_ret_t do_sandbox_test(duk_context *ctx) {
148	FILE *f;
149	char buf[4096];
150	size_t ret;
151	const char *globobj;
152
153	/*
154	* Setup sandbox
155	*/
156
157	globobj =
158	"({\n"
159	" print: print,\n"
160	" Math: {\n"
161	" max: Math.max\n"
162	" }\n"
163	"})\n";
164	#if 1
165	fprintf(stderr, "Sandbox global object:\n----------------\n%s----------------\n", globobj);
166	fflush(stderr);
167	#endif
168	duk_eval_string(ctx, globobj);
169	duk_set_global_object(ctx);
170
171	/*
172	* Execute code from specified file
173	*/
174
175	f = fopen(duk_require_string(ctx, -1), "rb");
176	if (!f) {
177	duk_error(ctx, DUK_ERR_ERROR, "failed to open file");
178	}
179
180	for (;;) {
181	if (ferror(f)) {
182	fclose(f);
183	duk_error(ctx, DUK_ERR_ERROR, "ferror when reading file");
184	}
185	if (feof(f)) {
186	break;
187	}
188
189	ret = fread(buf, 1, sizeof(buf), f);
190	if (ret == 0) {
191	break;
192	}
193
194	duk_push_lstring(ctx, (const char *) buf, ret);
195	}
196
197	duk_concat(ctx, duk_get_top(ctx) - 1); /* -1 for filename */
198
199	/* -> [ ... filename source ] */
200
201	duk_insert(ctx, -2);
202
203	/* -> [ ... source filename ] */
204
205	duk_compile(ctx, 0 /flags/); /* Compile as program */
206	duk_call(ctx, 0 /nargs/);
207
208	return 0;
209	}
210
211	/*
212	* Main
213	*/
214
215	static void sandbox_fatal(duk_context ctx, duk_errcode_t code, const char msg) {
216	(void) ctx; /* Suppress warning. */
217	fprintf(stderr, "FATAL %ld: %s\n", (long) code, (msg ? msg : "no message"));
218	fflush(stderr);
219	exit(1); /* must not return */
220	}
221
222	int main(int argc, char *argv[]) {
223	duk_context *ctx;
224	duk_int_t rc;
225
226	if (argc < 2) {
227	fprintf(stderr, "Usage: sandbox <test.js>\n");
228	fflush(stderr);
229	exit(1);
230	}
231
232	ctx = duk_create_heap(sandbox_alloc,
233	sandbox_realloc,
234	sandbox_free,
235	NULL,
236	sandbox_fatal);
237
238	duk_push_string(ctx, argv[1]);
239	rc = duk_safe_call(ctx, do_sandbox_test, 1 /nargs/, 1 /nrets/);
240	if (rc) {
241	fprintf(stderr, "ERROR: %s\n", duk_safe_to_string(ctx, -1));
242	fflush(stderr);
243	}
244
245	duk_destroy_heap(ctx);
246
247	/* Should be zero. */
248	fprintf(stderr, "Final allocation: %ld\n", (long) total_allocated);
249	fflush(stderr);
250
251	return 1;
252	}