]>
Commit | Line | Data |
---|---|---|
7c673cae FG |
1 | /* |
2 | * Sandboxing example | |
3 | * | |
4 | * Uses custom memory allocation functions which keep track of total amount | |
5 | * of memory allocated, imposing a maximum total allocation size. | |
6 | */ | |
7 | ||
8 | #include <stdio.h> | |
9 | #include <stdlib.h> | |
10 | #include "duktape.h" | |
11 | ||
12 | /* | |
13 | * Memory allocator which backs to standard library memory functions but | |
14 | * keeps a small header to track current allocation size. | |
15 | * | |
16 | * Many other sandbox allocation models are useful, e.g. preallocated pools. | |
17 | */ | |
18 | ||
19 | typedef struct { | |
20 | /* The double value in the union is there to ensure alignment is | |
21 | * good for IEEE doubles too. In many 32-bit environments 4 bytes | |
22 | * would be sufficiently aligned and the double value is unnecessary. | |
23 | */ | |
24 | union { | |
25 | size_t sz; | |
26 | double d; | |
27 | } u; | |
28 | } alloc_hdr; | |
29 | ||
30 | static size_t total_allocated = 0; | |
31 | static size_t max_allocated = 256 * 1024; /* 256kB sandbox */ | |
32 | ||
33 | static void sandbox_dump_memstate(void) { | |
34 | #if 0 | |
35 | fprintf(stderr, "Total allocated: %ld\n", (long) total_allocated); | |
36 | fflush(stderr); | |
37 | #endif | |
38 | } | |
39 | ||
40 | static void *sandbox_alloc(void *udata, duk_size_t size) { | |
41 | alloc_hdr *hdr; | |
42 | ||
43 | (void) udata; /* Suppress warning. */ | |
44 | ||
45 | if (size == 0) { | |
46 | return NULL; | |
47 | } | |
48 | ||
49 | if (total_allocated + size > max_allocated) { | |
50 | fprintf(stderr, "Sandbox maximum allocation size reached, %ld requested in sandbox_alloc\n", | |
51 | (long) size); | |
52 | fflush(stderr); | |
53 | return NULL; | |
54 | } | |
55 | ||
56 | hdr = (alloc_hdr *) malloc(size + sizeof(alloc_hdr)); | |
57 | if (!hdr) { | |
58 | return NULL; | |
59 | } | |
60 | hdr->u.sz = size; | |
61 | total_allocated += size; | |
62 | sandbox_dump_memstate(); | |
63 | return (void *) (hdr + 1); | |
64 | } | |
65 | ||
66 | static void *sandbox_realloc(void *udata, void *ptr, duk_size_t size) { | |
67 | alloc_hdr *hdr; | |
68 | size_t old_size; | |
69 | void *t; | |
70 | ||
71 | (void) udata; /* Suppress warning. */ | |
72 | ||
73 | /* Handle the ptr-NULL vs. size-zero cases explicitly to minimize | |
74 | * platform assumptions. You can get away with much less in specific | |
75 | * well-behaving environments. | |
76 | */ | |
77 | ||
78 | if (ptr) { | |
79 | hdr = (alloc_hdr *) (((char *) ptr) - sizeof(alloc_hdr)); | |
80 | old_size = hdr->u.sz; | |
81 | ||
82 | if (size == 0) { | |
83 | total_allocated -= old_size; | |
84 | free((void *) hdr); | |
85 | sandbox_dump_memstate(); | |
86 | return NULL; | |
87 | } else { | |
88 | if (total_allocated - old_size + size > max_allocated) { | |
89 | fprintf(stderr, "Sandbox maximum allocation size reached, %ld requested in sandbox_realloc\n", | |
90 | (long) size); | |
91 | fflush(stderr); | |
92 | return NULL; | |
93 | } | |
94 | ||
95 | t = realloc((void *) hdr, size + sizeof(alloc_hdr)); | |
96 | if (!t) { | |
97 | return NULL; | |
98 | } | |
99 | hdr = (alloc_hdr *) t; | |
100 | total_allocated -= old_size; | |
101 | total_allocated += size; | |
102 | hdr->u.sz = size; | |
103 | sandbox_dump_memstate(); | |
104 | return (void *) (hdr + 1); | |
105 | } | |
106 | } else { | |
107 | if (size == 0) { | |
108 | return NULL; | |
109 | } else { | |
110 | if (total_allocated + size > max_allocated) { | |
111 | fprintf(stderr, "Sandbox maximum allocation size reached, %ld requested in sandbox_realloc\n", | |
112 | (long) size); | |
113 | fflush(stderr); | |
114 | return NULL; | |
115 | } | |
116 | ||
117 | hdr = (alloc_hdr *) malloc(size + sizeof(alloc_hdr)); | |
118 | if (!hdr) { | |
119 | return NULL; | |
120 | } | |
121 | hdr->u.sz = size; | |
122 | total_allocated += size; | |
123 | sandbox_dump_memstate(); | |
124 | return (void *) (hdr + 1); | |
125 | } | |
126 | } | |
127 | } | |
128 | ||
129 | static void sandbox_free(void *udata, void *ptr) { | |
130 | alloc_hdr *hdr; | |
131 | ||
132 | (void) udata; /* Suppress warning. */ | |
133 | ||
134 | if (!ptr) { | |
135 | return; | |
136 | } | |
137 | hdr = (alloc_hdr *) (((char *) ptr) - sizeof(alloc_hdr)); | |
138 | total_allocated -= hdr->u.sz; | |
139 | free((void *) hdr); | |
140 | sandbox_dump_memstate(); | |
141 | } | |
142 | ||
143 | /* | |
144 | * Sandbox setup and test | |
145 | */ | |
146 | ||
147 | static duk_ret_t do_sandbox_test(duk_context *ctx) { | |
148 | FILE *f; | |
149 | char buf[4096]; | |
150 | size_t ret; | |
151 | const char *globobj; | |
152 | ||
153 | /* | |
154 | * Setup sandbox | |
155 | */ | |
156 | ||
157 | globobj = | |
158 | "({\n" | |
159 | " print: print,\n" | |
160 | " Math: {\n" | |
161 | " max: Math.max\n" | |
162 | " }\n" | |
163 | "})\n"; | |
164 | #if 1 | |
165 | fprintf(stderr, "Sandbox global object:\n----------------\n%s----------------\n", globobj); | |
166 | fflush(stderr); | |
167 | #endif | |
168 | duk_eval_string(ctx, globobj); | |
169 | duk_set_global_object(ctx); | |
170 | ||
171 | /* | |
172 | * Execute code from specified file | |
173 | */ | |
174 | ||
175 | f = fopen(duk_require_string(ctx, -1), "rb"); | |
176 | if (!f) { | |
177 | duk_error(ctx, DUK_ERR_ERROR, "failed to open file"); | |
178 | } | |
179 | ||
180 | for (;;) { | |
181 | if (ferror(f)) { | |
182 | fclose(f); | |
183 | duk_error(ctx, DUK_ERR_ERROR, "ferror when reading file"); | |
184 | } | |
185 | if (feof(f)) { | |
186 | break; | |
187 | } | |
188 | ||
189 | ret = fread(buf, 1, sizeof(buf), f); | |
190 | if (ret == 0) { | |
191 | break; | |
192 | } | |
193 | ||
194 | duk_push_lstring(ctx, (const char *) buf, ret); | |
195 | } | |
196 | ||
197 | duk_concat(ctx, duk_get_top(ctx) - 1); /* -1 for filename */ | |
198 | ||
199 | /* -> [ ... filename source ] */ | |
200 | ||
201 | duk_insert(ctx, -2); | |
202 | ||
203 | /* -> [ ... source filename ] */ | |
204 | ||
205 | duk_compile(ctx, 0 /*flags*/); /* Compile as program */ | |
206 | duk_call(ctx, 0 /*nargs*/); | |
207 | ||
208 | return 0; | |
209 | } | |
210 | ||
211 | /* | |
212 | * Main | |
213 | */ | |
214 | ||
215 | static void sandbox_fatal(duk_context *ctx, duk_errcode_t code, const char *msg) { | |
216 | (void) ctx; /* Suppress warning. */ | |
217 | fprintf(stderr, "FATAL %ld: %s\n", (long) code, (msg ? msg : "no message")); | |
218 | fflush(stderr); | |
219 | exit(1); /* must not return */ | |
220 | } | |
221 | ||
222 | int main(int argc, char *argv[]) { | |
223 | duk_context *ctx; | |
224 | duk_int_t rc; | |
225 | ||
226 | if (argc < 2) { | |
227 | fprintf(stderr, "Usage: sandbox <test.js>\n"); | |
228 | fflush(stderr); | |
229 | exit(1); | |
230 | } | |
231 | ||
232 | ctx = duk_create_heap(sandbox_alloc, | |
233 | sandbox_realloc, | |
234 | sandbox_free, | |
235 | NULL, | |
236 | sandbox_fatal); | |
237 | ||
238 | duk_push_string(ctx, argv[1]); | |
239 | rc = duk_safe_call(ctx, do_sandbox_test, 1 /*nargs*/, 1 /*nrets*/); | |
240 | if (rc) { | |
241 | fprintf(stderr, "ERROR: %s\n", duk_safe_to_string(ctx, -1)); | |
242 | fflush(stderr); | |
243 | } | |
244 | ||
245 | duk_destroy_heap(ctx); | |
246 | ||
247 | /* Should be zero. */ | |
248 | fprintf(stderr, "Final allocation: %ld\n", (long) total_allocated); | |
249 | fflush(stderr); | |
250 | ||
251 | return 1; | |
252 | } |