Bug 158888
| Summary: | LinkBuffer should place a nop sled at the end of the code it generates when it generates code into already allocated executable memory and the assembly it memcpy is smaller than the allocated size | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Saam Barati <saam> |
| Component: | JavaScriptCore | Assignee: | Saam Barati <saam> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | benjamin, fpizlo, ggaren, gskachkov, keith_miller, mark.lam, msaboff, oliver, sukolsak, ysuzuki |
| Priority: | P2 | ||
| Version: | WebKit Local Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Saam Barati
I don't think this comes up at all now, but it's probably the right contract for the API to have.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Geoffrey Garen
Can we do a breakpoint sled instead? NOP sleds can be attack vectors because you can jump into the middle of them. But breakpoint sleds crash.
Filip Pizlo
(In reply to comment #1)
> Can we do a breakpoint sled instead? NOP sleds can be attack vectors because
> you can jump into the middle of them. But breakpoint sleds crash.
That would mean that if an IC emits less code than the allowed size, we would crash at a breakpoint.
A nop sled means that if an IC emits less code than the allowed size, it runs correctly.
Geoffrey Garen
I see. OK.
Saam Barati
This will be fixed as part of another bug
*** This bug has been marked as a duplicate of bug 158719 ***