RESOLVED FIXED 180175
WTF / bmalloc: don't write to 0xbbadbeef when ASAN is looking 
https://bugs.webkit.org/show_bug.cgi?id=180175
Summary WTF / bmalloc: don't write to 0xbbadbeef when ASAN is looking
JF Bastien
Reported 2017-11-29 17:03:28 PST
ASAN knows that 0xbbadbeef is a bbad aaddress, and tells us so when we write to it, say in an assert. That creates bbad error reports where ASAN thinks we write to an invalid address, instead of thinking that we hit an assertion. In some cases, tooling that use fuzzers aggregate similar issues, and think that we just have the one bug and not a bunch of different asserts. At the same time, malloc's version of CRASH just writes to 0xbbadbeef and assumes that's invalid and will crash, which isn't necessarily true on non-Mac platforms. WTF's version then makes sure there's a crash, so bmalloc should do the same.
Attachments
patch (11.49 KB, patch)
2017-11-29 17:05 PST, JF Bastien 		mark.lam: review+
DetailsFormatted DiffDiff
patch (11.48 KB, patch)
2017-11-29 23:21 PST, JF Bastien 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
JF Bastien
Comment 1 2017-11-29 17:05:53 PST
Created attachment 327929 [details] patch
EWS Watchlist
Comment 2 2017-11-29 17:07:51 PST
Attachment 327929 [details] did not pass style-queue: ERROR: Source/WTF/ChangeLog:12: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: fuzzer [changelog/unwantedsecurityterms] [3] ERROR: Source/bmalloc/ChangeLog:12: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: fuzzer [changelog/unwantedsecurityterms] [3] ERROR: Source/bmalloc/bmalloc/BCompiler.h:29: One space before end of line comments [whitespace/comments] [5] ERROR: Source/bmalloc/bmalloc/BCompiler.h:29: Should have a space between // and comment [whitespace/comments] [4] Total errors found: 4 in 8 files If any of these errors are false positives, please file a bug against check-webkit-style.
Mark Lam
Comment 3 2017-11-29 17:11:34 PST
Comment on attachment 327929 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=327929&action=review r=me. Make sure that you also do an ASan build and confirm that it built as expected. > Source/bmalloc/ChangeLog:15 > + At the same time, malloc's version of CRASH just writes to /malloc/bmalloc/
JF Bastien
Comment 4 2017-11-29 23:21:30 PST
Created attachment 327957 [details] patch Address comment. My asan build seems to do the right thing: print a stack trace, then "Illegal instruction: 4" and exit with return code 132.
WebKit Commit Bot
Comment 5 2017-11-29 23:53:25 PST
Comment on attachment 327957 [details] patch Clearing flags on attachment: 327957 Committed r225320: <https://trac.webkit.org/changeset/225320>
WebKit Commit Bot
Comment 6 2017-11-29 23:53:26 PST
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 7 2017-11-29 23:54:25 PST
<rdar://problem/35767562>
Note You need to log in before you can comment on or make changes to this bug.