Bug 180175 - WTF / bmalloc: don't write to 0xbbadbeef when ASAN is looking
Summary: WTF / bmalloc: don't write to 0xbbadbeef when ASAN is looking
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Template Framework (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: JF Bastien
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2017-11-29 17:03 PST by JF Bastien
Modified: 2019-05-02 17:34 PDT (History)
15 users (show)

See Also:

Attachments
patch (11.49 KB, patch)
2017-11-29 17:05 PST, JF Bastien 		mark.lam: review+
Details | Formatted Diff | Diff
patch (11.48 KB, patch)
2017-11-29 23:21 PST, JF Bastien 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description JF Bastien 2017-11-29 17:03:28 PST 
ASAN knows that 0xbbadbeef is a bbad aaddress, and tells us so when we write to it, say in an assert. That creates bbad error reports where ASAN thinks we write to an invalid address, instead of thinking that we hit an assertion. In some cases, tooling that use fuzzers aggregate similar issues, and think that we just have the one bug and not a bunch of different asserts.

At the same time, malloc's version of CRASH just writes to 0xbbadbeef and assumes that's invalid and will crash, which isn't necessarily true on non-Mac platforms. WTF's version then makes sure there's a crash, so bmalloc should do the same.
Comment 1 JF Bastien 2017-11-29 17:05:53 PST 
Created attachment 327929 [details]
patch
Comment 2 EWS Watchlist 2017-11-29 17:07:51 PST 
Attachment 327929 [details] did not pass style-queue:


ERROR: Source/WTF/ChangeLog:12:  Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: fuzzer  [changelog/unwantedsecurityterms] [3]
ERROR: Source/bmalloc/ChangeLog:12:  Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: fuzzer  [changelog/unwantedsecurityterms] [3]
ERROR: Source/bmalloc/bmalloc/BCompiler.h:29:  One space before end of line comments  [whitespace/comments] [5]
ERROR: Source/bmalloc/bmalloc/BCompiler.h:29:  Should have a space between // and comment  [whitespace/comments] [4]
Total errors found: 4 in 8 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 3 Mark Lam 2017-11-29 17:11:34 PST 
Comment on attachment 327929 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=327929&action=review

r=me.  Make sure that you also do an ASan build and confirm that it built as expected.

> Source/bmalloc/ChangeLog:15
> +        At the same time, malloc's version of CRASH just writes to

/malloc/bmalloc/
Comment 4 JF Bastien 2017-11-29 23:21:30 PST 
Created attachment 327957 [details]
patch

Address comment.

My asan build seems to do the right thing: print a stack trace, then "Illegal instruction: 4" and exit with return code 132.
Comment 5 WebKit Commit Bot 2017-11-29 23:53:25 PST 
Comment on attachment 327957 [details]
patch

Clearing flags on attachment: 327957

Committed r225320: <https://trac.webkit.org/changeset/225320>
Comment 6 WebKit Commit Bot 2017-11-29 23:53:26 PST 
All reviewed patches have been landed.  Closing bug.
Comment 7 Radar WebKit Bug Importer 2017-11-29 23:54:25 PST 
<rdar://problem/35767562>