Bug 179448
| Summary: | Let's make the gigacage runway 32GB | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Saam Barati <saam> |
| Component: | JavaScriptCore | Assignee: | Saam Barati <saam> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | benjamin, fpizlo, ggaren, gskachkov, jfbastien, keith_miller, mark.lam, msaboff, rmorisset, ticaiolima, ysuzuki |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Saam Barati
This will prevent (almost) all buffer overflows from reaching passed other things in the cage. The reason being, is we use 32-bits as indexes for things, and:
2^32 * sizeof(JSValue) = 2^32 * 8 = 32GB
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Saam Barati
*** This bug has been marked as a duplicate of bug 175062 ***