Bug 158888

Summary: LinkBuffer should place a nop sled at the end of the code it generates when it generates code into already allocated executable memory and the assembly it memcpy is smaller than the allocated size
Product: WebKit Reporter: Saam Barati <saam>
Component: JavaScriptCoreAssignee: Saam Barati <saam>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: benjamin, fpizlo, ggaren, gskachkov, keith_miller, mark.lam, msaboff, oliver, sukolsak, ysuzuki
Priority: P2    
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   

Description Saam Barati 2016-06-17 14:31:39 PDT 
I don't think this comes up at all now, but it's probably the right contract for the API to have.
Comment 1 Geoffrey Garen 2016-06-17 14:33:54 PDT 
Can we do a breakpoint sled instead? NOP sleds can be attack vectors because you can jump into the middle of them. But breakpoint sleds crash.
Comment 2 Filip Pizlo 2016-06-17 14:35:07 PDT 
(In reply to comment #1)
> Can we do a breakpoint sled instead? NOP sleds can be attack vectors because
> you can jump into the middle of them. But breakpoint sleds crash.

That would mean that if an IC emits less code than the allowed size, we would crash at a breakpoint.

A nop sled means that if an IC emits less code than the allowed size, it runs correctly.
Comment 3 Geoffrey Garen 2016-06-17 14:45:40 PDT 
I see. OK.
Comment 4 Saam Barati 2016-06-17 17:35:59 PDT 
This will be fixed as part of another bug

*** This bug has been marked as a duplicate of bug 158719 ***