189247 – CallFrame::unsafeCallee() should use an ASAN suppressed Register::asanUnsafePointer().

RESOLVED FIXED 189247

CallFrame::unsafeCallee() should use an ASAN suppressed Register::asanUnsafePointer().

https://bugs.webkit.org/show_bug.cgi?id=189247

Summary CallFrame::unsafeCallee() should use an ASAN suppressed Register::asanUnsafeP...

Mark Lam

Reported 2018-09-03 10:52:15 PDT

Patch coming.

Attachments
proposed patch. (3.54 KB, patch) 2018-09-03 11:08 PDT, Mark Lam	saam: review+ saam: commit-queue-	Details Formatted Diff Diff
proposed patch. (2.83 KB, patch) 2018-09-03 13:17 PDT, Mark Lam	mark.lam: review-	Details Formatted Diff Diff
proposed patch. (3.42 KB, patch) 2018-09-03 13:45 PDT, Mark Lam	no flags	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Mark Lam

Comment 1 2018-09-03 11:08:05 PDT

Created attachment 348779 [details] proposed patch.

Saam Barati

Comment 2 2018-09-03 13:06:06 PDT

Comment on attachment 348779 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=348779&action=review > Source/JavaScriptCore/interpreter/Register.h:125 > + return asanUnsafeJSValue(); How does this not remove asan protection?

Mark Lam

Comment 3 2018-09-03 13:11:12 PDT

Comment on attachment 348779 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=348779&action=review >> Source/JavaScriptCore/interpreter/Register.h:125 >> + return asanUnsafeJSValue(); > > How does this not remove asan protection? I was previously thinking that the outer function Register::jsValue() not being a ASAN suppressed function means that this is OK. But I'm wrong: this is a bug. I will undo these call forwardinh changes.

Mark Lam

Comment 4 2018-09-03 13:17:52 PDT

Created attachment 348788 [details] proposed patch.

Mark Lam

Comment 5 2018-09-03 13:27:12 PDT

Comment on attachment 348788 [details] proposed patch. Got a bug.

Mark Lam

Comment 6 2018-09-03 13:45:31 PDT

Created attachment 348789 [details] proposed patch.

WebKit Commit Bot

Comment 7 2018-09-03 16:29:43 PDT

Comment on attachment 348789 [details] proposed patch. Clearing flags on attachment: 348789 Committed r235603: <https://trac.webkit.org/changeset/235603>

WebKit Commit Bot

Comment 8 2018-09-03 16:29:45 PDT

All reviewed patches have been landed. Closing bug.

Radar WebKit Bug Importer

Comment 9 2018-09-03 16:30:17 PDT

<rdar://problem/44079982>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Mark Lam

Reported

2018-09-03 10:52 PDT

Modified

2018-09-03 16:30 PDT History

CC List

10 users Show

URL

Keywords InRadar

Depends on

Blocks