Summary: | LinkBuffer should place a nop sled at the end of the code it generates when it generates code into already allocated executable memory and the assembly it memcpy is smaller than the allocated size | ||
---|---|---|---|
Product: | WebKit | Reporter: | Saam Barati <saam> |
Component: | JavaScriptCore | Assignee: | Saam Barati <saam> |
Status: | RESOLVED DUPLICATE | ||
Severity: | Normal | CC: | benjamin, fpizlo, ggaren, gskachkov, keith_miller, mark.lam, msaboff, oliver, sukolsak, ysuzuki |
Priority: | P2 | ||
Version: | WebKit Local Build | ||
Hardware: | Unspecified | ||
OS: | Unspecified |
Description
Saam Barati
2016-06-17 14:31:39 PDT
Can we do a breakpoint sled instead? NOP sleds can be attack vectors because you can jump into the middle of them. But breakpoint sleds crash. (In reply to comment #1) > Can we do a breakpoint sled instead? NOP sleds can be attack vectors because > you can jump into the middle of them. But breakpoint sleds crash. That would mean that if an IC emits less code than the allowed size, we would crash at a breakpoint. A nop sled means that if an IC emits less code than the allowed size, it runs correctly. I see. OK. This will be fixed as part of another bug *** This bug has been marked as a duplicate of bug 158719 *** |