Bug 189247

Summary: CallFrame::unsafeCallee() should use an ASAN suppressed Register::asanUnsafePointer().
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, ddkilzer, fpizlo, keith_miller, msaboff, rmorisset, saam, tzagallo, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
proposed patch.
saam: review+, saam: commit-queue-
proposed patch.
mark.lam: review-
proposed patch. none

Mark Lam
Reported 2018-09-03 10:52:15 PDT
Patch coming.
Attachments
proposed patch. (3.54 KB, patch)
2018-09-03 11:08 PDT, Mark Lam 		saam: review+
saam: commit-queue-
DetailsFormatted DiffDiff
proposed patch. (2.83 KB, patch)
2018-09-03 13:17 PDT, Mark Lam 		mark.lam: review-
DetailsFormatted DiffDiff
proposed patch. (3.42 KB, patch)
2018-09-03 13:45 PDT, Mark Lam 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2018-09-03 11:08:05 PDT
Created attachment 348779 [details] proposed patch.
Saam Barati
Comment 2 2018-09-03 13:06:06 PDT
Comment on attachment 348779 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=348779&action=review > Source/JavaScriptCore/interpreter/Register.h:125 > + return asanUnsafeJSValue(); How does this not remove asan protection?
Mark Lam
Comment 3 2018-09-03 13:11:12 PDT
Comment on attachment 348779 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=348779&action=review >> Source/JavaScriptCore/interpreter/Register.h:125 >> + return asanUnsafeJSValue(); > > How does this not remove asan protection? I was previously thinking that the outer function Register::jsValue() not being a ASAN suppressed function means that this is OK. But I'm wrong: this is a bug. I will undo these call forwardinh changes.
Mark Lam
Comment 4 2018-09-03 13:17:52 PDT
Created attachment 348788 [details] proposed patch.
Mark Lam
Comment 5 2018-09-03 13:27:12 PDT
Comment on attachment 348788 [details] proposed patch. Got a bug.
Mark Lam
Comment 6 2018-09-03 13:45:31 PDT
Created attachment 348789 [details] proposed patch.
WebKit Commit Bot
Comment 7 2018-09-03 16:29:43 PDT
Comment on attachment 348789 [details] proposed patch. Clearing flags on attachment: 348789 Committed r235603: <https://trac.webkit.org/changeset/235603>
WebKit Commit Bot
Comment 8 2018-09-03 16:29:45 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 9 2018-09-03 16:30:17 PDT
<rdar://problem/44079982>
Note You need to log in before you can comment on or make changes to this bug.