179392 – We should PROT_NONE the Gigacage runway so OOB accesses crash

RESOLVED FIXED 179392

We should PROT_NONE the Gigacage runway so OOB accesses crash

https://bugs.webkit.org/show_bug.cgi?id=179392

Summary We should PROT_NONE the Gigacage runway so OOB accesses crash

Saam Barati

Reported 2017-11-07 14:14:54 PST

If we operate under the assumption that an attacker will exploit JSC and cause an OOB access, we should make such OOB accesses crash if they're in the gigacage runway.

Attachments
patch (1.56 KB, patch) 2017-11-07 14:44 PST, Saam Barati	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Saam Barati

Comment 1 2017-11-07 14:44:13 PST

Created attachment 326265 [details] patch

Mark Lam

Comment 2 2017-11-07 14:45:06 PST

Comment on attachment 326265 [details] patch r=me

WebKit Commit Bot

Comment 3 2017-11-07 15:31:25 PST

Comment on attachment 326265 [details] patch Clearing flags on attachment: 326265 Committed r224555: <https://trac.webkit.org/changeset/224555>

WebKit Commit Bot

Comment 4 2017-11-07 15:31:27 PST

All reviewed patches have been landed. Closing bug.

Radar WebKit Bug Importer

Comment 5 2017-11-15 12:09:59 PST

<rdar://problem/35567063>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version Safari Technology Preview

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Saam Barati

Reported

2017-11-07 14:14 PST

Modified

2017-11-15 12:09 PST History

CC List

13 users Show

URL

Keywords InRadar

Depends on

Blocks