Bug 121307

Summary: [Windows] Activate FastMalloc hardening on Windows
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebKit Misc.Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Enhancement CC: benjamin, bfulgham, cmarcelo, commit-queue, oliver, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: PC   
OS: All   
Bug Depends on: 109334    
Bug Blocks:    
Attachments:
Description Flags
Patch oliver: review+

Brent Fulgham
Reported 2013-09-13 10:32:29 PDT
The hardening logic in the FastMalloc implementation works fine on Windows (with a couple of small changes to work around some Visual Studio compiler bugs). Let's turn it on so that we can have comparable safety to our other ports!
Attachments
Patch (2.34 KB, patch)
2013-09-13 10:45 PDT, Brent Fulgham 		oliver: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2013-09-13 10:34:42 PDT
<rdar://problem/14986554>
Brent Fulgham
Comment 2 2013-09-13 10:45:50 PDT
Created attachment 211563 [details] Patch
Oliver Hunt
Comment 3 2013-09-13 10:52:41 PDT
Comment on attachment 211563 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=211563&action=review r=me with comments > Source/WTF/wtf/FastMalloc.cpp:110 > +#if (COMPILER(GCC) || COMPILER(MSVC)) && !PLATFORM(QT) maybe we can just try !PLATFORM(QT) and see what happens? > Source/WTF/wtf/FastMalloc.cpp:840 > +#if COMPILER(MSVC) > + void* tValNext = *(reinterpret_cast<void**>(t.value())); // FIXME: This exists to work around a MSVC bug > + return HardenedSLL::create(XOR_MASK_PTR_WITH_KEY(tValNext, t.value(), entropy)); > +#else > return HardenedSLL::create(XOR_MASK_PTR_WITH_KEY(*(reinterpret_cast<void**>(t.value())), t.value(), entropy)); > +#endif Remove the #if MSVC and just always use that path. It's conceivable that it's a "legitimate" piece of behaviour and it really shouldn't hurt.
Brent Fulgham
Comment 4 2013-09-13 12:40:16 PDT
Committed r155717: <http://trac.webkit.org/changeset/155717>
Note You need to log in before you can comment on or make changes to this bug.