Bug 158888 - LinkBuffer should place a nop sled at the end of the code it generates when it generates code into already allocated executable memory and the assembly it memcpy is smaller than the allocated size
Summary: LinkBuffer should place a nop sled at the end of the code it generates when i...
Status: RESOLVED DUPLICATE of bug 158719
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Local Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Saam Barati
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-17 14:31 PDT by Saam Barati
Modified: 2016-06-17 17:35 PDT (History)
10 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Saam Barati 2016-06-17 14:31:39 PDT
I don't think this comes up at all now, but it's probably the right contract for the API to have.
Comment 1 Geoffrey Garen 2016-06-17 14:33:54 PDT
Can we do a breakpoint sled instead? NOP sleds can be attack vectors because you can jump into the middle of them. But breakpoint sleds crash.
Comment 2 Filip Pizlo 2016-06-17 14:35:07 PDT
(In reply to comment #1)
> Can we do a breakpoint sled instead? NOP sleds can be attack vectors because
> you can jump into the middle of them. But breakpoint sleds crash.

That would mean that if an IC emits less code than the allowed size, we would crash at a breakpoint.

A nop sled means that if an IC emits less code than the allowed size, it runs correctly.
Comment 3 Geoffrey Garen 2016-06-17 14:45:40 PDT
I see. OK.
Comment 4 Saam Barati 2016-06-17 17:35:59 PDT
This will be fixed as part of another bug

*** This bug has been marked as a duplicate of bug 158719 ***