Bug 120901 - [Windows] StructuredExceptionHandlerSuppressor Causes Bad Interactions With Support Libraries
Summary: [Windows] StructuredExceptionHandlerSuppressor Causes Bad Interactions With S...
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC All
: P2 Normal
Assignee: Brent Fulgham
Keywords: InRadar
Depends on: 67510
Blocks: 120906
  Show dependency treegraph
Reported: 2013-09-06 15:30 PDT by Brent Fulgham
Modified: 2013-09-06 16:45 PDT (History)
2 users (show)

See Also:

Patch (17.39 KB, patch)
2013-09-06 15:47 PDT, Brent Fulgham
no flags Details | Formatted Diff | Diff
Patch (17.62 KB, patch)
2013-09-06 15:49 PDT, Brent Fulgham
andersca: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Brent Fulgham 2013-09-06 15:30:34 PDT
The StructuredExceptionHandlerSuppressor was added in Bug 67510 so that WebKit would generate useful stack traces when null pointers or other invalid data were being passed through the WebKit infrastructure. The intention was to allow us to crash when null pointers or other runtime exceptions were generated.

Unfortunately, because Windows C++ exceptions are built on top of the underlying structured-exception-handling infrastructure, this caused valid C++ exception handler to stop working. (For details on this, see http://www.microsoft.com/msj/0197/Exception/Exception.aspx, http://www.microsoft.com/msj/archive/S2CE.aspx, http://www.hexblog.com/wp-content/uploads/2012/06/Recon-2012-Skochinsky-Compiler-Internals.pdf, http://www.codeproject.com/Articles/2126/How-a-C-compiler-implements-exception-handling).

This was observed when a support library was modified to use a C++ exception as part of its handling of certain device setup logic. Although the exception was fully captured and handled inside the support library, our manipulation of the SEH call chain caused the entire exception handling system to break causing a 'normal' code path for our support library to suddenly turn into a critical failure.

This bug revises the StructuredExceptionHandlerSuppressor to apply a filter to the exceptions it chooses to abort. For most exception classes, it passes exception handling up the chain so that the proper handler can be invoked. However, we force a crash for access violations, memory corruption, etc. as desired.
Comment 1 Brent Fulgham 2013-09-06 15:36:14 PDT
Comment 2 Brent Fulgham 2013-09-06 15:47:51 PDT
Created attachment 210806 [details]
Comment 3 Brent Fulgham 2013-09-06 15:49:10 PDT
Created attachment 210808 [details]
Comment 4 Brent Fulgham 2013-09-06 15:56:29 PDT
Note: This logic will need to be extended to support 64-bit Windows. See referenced bug 120906 for this work.
Comment 5 Brent Fulgham 2013-09-06 16:45:08 PDT
Committed r155226: <http://trac.webkit.org/changeset/155226>