WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
174281
Lower the max_protection for the separated heap
https://bugs.webkit.org/show_bug.cgi?id=174281
Summary
Lower the max_protection for the separated heap
AJ Ringer
Reported
2017-07-07 15:45:22 PDT
Lower the max_protection for the separated heap
Attachments
Patch
(3.50 KB, patch)
2017-07-07 15:46 PDT
,
AJ Ringer
no flags
Details
Formatted Diff
Diff
Patch
(3.62 KB, patch)
2017-07-07 16:14 PDT
,
AJ Ringer
no flags
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
AJ Ringer
Comment 1
2017-07-07 15:46:09 PDT
Created
attachment 314886
[details]
Patch
Oliver Hunt
Comment 2
2017-07-07 15:47:16 PDT
<
rdar://problem/27452153
>
Saam Barati
Comment 3
2017-07-07 15:49:31 PDT
Comment on
attachment 314886
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=314886&action=review
> Source/JavaScriptCore/jit/ExecutableAllocator.cpp:224 > + result = vm_protect(mach_task_self(), (vm_address_t)stubBase, stubSize, true, VM_PROT_EXECUTE); > RELEASE_ASSERT(!result); > #endif > > // Prevent writing into the executable JIT mapping. > - result = mprotect(jitBase, jitSize, VM_PROT_READ | VM_PROT_EXECUTE); > + result = vm_protect(mach_task_self(), (vm_address_t)jitBase, jitSize, true, VM_PROT_READ | VM_PROT_EXECUTE); > RELEASE_ASSERT(!result); > > // Prevent execution in the writable JIT mapping. > - result = mprotect((void*)writableAddr, jitSize, VM_PROT_READ | VM_PROT_WRITE); > + result = vm_protect(mach_task_self(), (vm_address_t)writableAddr, jitSize, true, VM_PROT_READ | VM_PROT_WRITE);
Style nit: Please use static_cast instead of C-style casts.
Saam Barati
Comment 4
2017-07-07 15:49:43 PDT
Oops, didn't mean to clear r+
Oliver Hunt
Comment 5
2017-07-07 15:54:45 PDT
(In reply to Saam Barati from
comment #3
)
> Comment on
attachment 314886
[details]
> Patch > > View in context: >
https://bugs.webkit.org/attachment.cgi?id=314886&action=review
> > > Source/JavaScriptCore/jit/ExecutableAllocator.cpp:224 > > + result = vm_protect(mach_task_self(), (vm_address_t)stubBase, stubSize, true, VM_PROT_EXECUTE); > > RELEASE_ASSERT(!result); > > #endif > > > > // Prevent writing into the executable JIT mapping. > > - result = mprotect(jitBase, jitSize, VM_PROT_READ | VM_PROT_EXECUTE); > > + result = vm_protect(mach_task_self(), (vm_address_t)jitBase, jitSize, true, VM_PROT_READ | VM_PROT_EXECUTE); > > RELEASE_ASSERT(!result); > > > > // Prevent execution in the writable JIT mapping. > > - result = mprotect((void*)writableAddr, jitSize, VM_PROT_READ | VM_PROT_WRITE); > > + result = vm_protect(mach_task_self(), (vm_address_t)writableAddr, jitSize, true, VM_PROT_READ | VM_PROT_WRITE); > > Style nit: Please use static_cast instead of C-style casts.
for void*? I think it might need to be reinterpret_cast<> because vmprotect is obnoxious and uses uint66 or some such nonsense
Oliver Hunt
Comment 6
2017-07-07 16:06:52 PDT
Comment on
attachment 314886
[details]
Patch AJ is posting an updated patch
AJ Ringer
Comment 7
2017-07-07 16:14:49 PDT
Created
attachment 314892
[details]
Patch
WebKit Commit Bot
Comment 8
2017-07-07 17:03:31 PDT
Comment on
attachment 314892
[details]
Patch Clearing flags on attachment: 314892 Committed
r219273
: <
http://trac.webkit.org/changeset/219273
>
WebKit Commit Bot
Comment 9
2017-07-07 17:03:32 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug