Check the kernel header magic to determine if a mapping may be a valid kernel blob. (flutter#5997)

chinmaygarde · web-flow · commit 1eefcabe364c · 2018-08-10T15:12:48.000-07:00
diff --git a/runtime/dart_vm.cc b/runtime/dart_vm.cc
@@ -196,6 +196,26 @@ bool DartVM::IsRunningPrecompiledCode() {
   return Dart_IsPrecompiledRuntime();
 }
 
+bool DartVM::IsKernelMapping(const fml::FileMapping* mapping) {
+  if (mapping == nullptr) {
+    return false;
+  }
+
+  const uint8_t kKernelHeaderMagic[] = {0x90, 0xAB, 0xCD, 0xEF};
+  const size_t kKernelHeaderMagicSize = sizeof(kKernelHeaderMagic);
+
+  if (mapping->GetSize() < kKernelHeaderMagicSize) {
+    return false;
+  }
+
+  if (memcmp(kKernelHeaderMagic, mapping->GetMapping(),
+             kKernelHeaderMagicSize) != 0) {
+    return false;
+  }
+
+  return true;
+}
+
 static std::vector<const char*> ProfilingFlags(bool enable_profiling) {
 // Disable Dart's built in profiler when building a debug build. This
 // works around a race condition that would sometimes stop a crash's
diff --git a/runtime/dart_vm.h b/runtime/dart_vm.h
@@ -38,6 +38,8 @@ class DartVM : public fml::RefCountedThreadSafe<DartVM> {
 
   static bool IsRunningPrecompiledCode();
 
+  static bool IsKernelMapping(const fml::FileMapping* mapping);
+
   const Settings& GetSettings() const;
 
   const fml::Mapping& GetPlatformKernel() const;
@@ -47,6 +49,7 @@ class DartVM : public fml::RefCountedThreadSafe<DartVM> {
   IsolateNameServer* GetIsolateNameServer();
 
   fml::RefPtr<DartSnapshot> GetIsolateSnapshot() const;
+
   fml::RefPtr<DartSnapshot> GetSharedSnapshot() const;
 
   fml::WeakPtr<DartVM> GetWeakPtr();
diff --git a/shell/common/shell.cc b/shell/common/shell.cc
@@ -856,19 +856,6 @@ bool Shell::OnServiceProtocolScreenshotSKP(
   return false;
 }
 
-static bool FileNameIsDill(const std::string& name) {
-  const std::string suffix = ".dill";
-
-  if (name.size() < suffix.size()) {
-    return false;
-  }
-
-  if (name.rfind(suffix, name.size()) == name.size() - suffix.size()) {
-    return true;
-  }
-  return false;
-}
-
 // Service protocol handler
 bool Shell::OnServiceProtocolRunInView(
     const blink::ServiceProtocol::Handler::ServiceProtocolMap& params,
@@ -900,10 +887,13 @@ bool Shell::OnServiceProtocolRunInView(
   auto main_script_file =
       fml::paths::AbsolutePath(params.at("mainScript").ToString());
 
+  auto main_script_file_mapping =
+      std::make_unique<fml::FileMapping>(main_script_file, false);
+
   auto isolate_configuration =
-      FileNameIsDill(main_script_file)
+      blink::DartVM::IsKernelMapping(main_script_file_mapping.get())
           ? IsolateConfiguration::CreateForSnapshot(
-                std::make_unique<fml::FileMapping>(main_script_file, false))
+                std::move(main_script_file_mapping))
           : IsolateConfiguration::CreateForSource(
                 main_script_file, params.at("packagesFile").ToString());
 
diff --git a/shell/testing/tester_main.cc b/shell/testing/tester_main.cc
@@ -89,19 +89,6 @@ class ScriptCompletionTaskObserver {
   FML_DISALLOW_COPY_AND_ASSIGN(ScriptCompletionTaskObserver);
 };
 
-static bool FileNameIsDill(const std::string& name) {
-  const std::string suffix = ".dill";
-
-  if (name.size() < suffix.size()) {
-    return false;
-  }
-
-  if (name.rfind(suffix, name.size()) == name.size() - suffix.size()) {
-    return true;
-  }
-  return false;
-}
-
 int RunTester(const blink::Settings& settings, bool run_forever) {
   const auto thread_label = "io.flutter.test";
 
@@ -142,12 +129,13 @@ int RunTester(const blink::Settings& settings, bool run_forever) {
     return EXIT_FAILURE;
   }
 
+  auto main_dart_file_mapping = std::make_unique<fml::FileMapping>(
+      fml::paths::AbsolutePath(settings.main_dart_file_path), false);
+
   auto isolate_configuration =
-      FileNameIsDill(settings.main_dart_file_path)
+      blink::DartVM::IsKernelMapping(main_dart_file_mapping.get())
           ? IsolateConfiguration::CreateForSnapshot(
-                std::make_unique<fml::FileMapping>(
-                    fml::paths::AbsolutePath(settings.main_dart_file_path),
-                    false))
+                std::move(main_dart_file_mapping))
           : IsolateConfiguration::CreateForSource(settings.main_dart_file_path,
                                                   settings.packages_file_path);
 
