179392 – We should PROT_NONE the Gigacage runway so OOB accesses crash

Bug 179392 - We should PROT_NONE the Gigacage runway so OOB accesses crash

Summary: We should PROT_NONE the Gigacage runway so OOB accesses crash

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	Safari Technology Preview
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Saam Barati

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2017-11-07 14:14 PST by Saam Barati
Modified:	2017-11-15 12:09 PST (History)
CC List:	13 users (show)

See Also:

Attachments
patch (1.56 KB, patch) 2017-11-07 14:44 PST, Saam Barati	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Saam Barati 2017-11-07 14:14:54 PST

If we operate under the assumption that an attacker will exploit JSC and cause an OOB access, we should make such OOB accesses crash if they're in the gigacage runway.

Comment 1 Saam Barati 2017-11-07 14:44:13 PST

Created attachment 326265 [details]
patch

Comment 2 Mark Lam 2017-11-07 14:45:06 PST

Comment on attachment 326265 [details]
patch

r=me

Comment 3 WebKit Commit Bot 2017-11-07 15:31:25 PST

Comment on attachment 326265 [details]
patch

Clearing flags on attachment: 326265

Committed r224555: <https://trac.webkit.org/changeset/224555>

Comment 4 WebKit Commit Bot 2017-11-07 15:31:27 PST

All reviewed patches have been landed.  Closing bug.

Comment 5 Radar WebKit Bug Importer 2017-11-15 12:09:59 PST

<rdar://problem/35567063>