Bug 276913

Summary:	Filter out illegal runs of 0-bytes when linking AssemblerBuffer on x86
Product:	WebKit	Reporter:	Marcus Plutowski <marcus_plutowski>
Component:	JavaScriptCore	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified
See Also:	https://bugs.webkit.org/show_bug.cgi?id=278738

Marcus Plutowski

Reported 2024-07-22 15:08:52 PDT

rdar://132273853 Valid x86 assembly should not contain any string of zero-bytes longer than 8B (the maximum possible immediate length). We can therefore detect some cases of memory corruption by looking for runs of 0-bytes longer than that limit, and asserting if any are detected. This will allow us to detect memory corruptions taking place within the AssemblerBuffer prior to executing the linked code.

Attachments
Add attachment proposed patch, testcase, etc.

Marcus Plutowski

Comment 1 2024-07-22 16:22:48 PDT

Pull request: https://github.com/WebKit/WebKit/pull/31087

EWS

Comment 2 2024-08-08 14:55:18 PDT

Committed 282011@main (207db7247e05): <https://commits.webkit.org/282011@main> Reviewed commits have been landed. Closing PR #31087 and removing active labels.

EWS

Comment 3 2024-08-12 14:18:03 PDT

Committed 280938.220@safari-7619-branch (2791efcbcb1a): <https://commits.webkit.org/280938.220@safari-7619-branch> Reviewed commits have been landed. Closing PR #1584 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.