RESOLVED WONTFIX 195476
Randomize the LocalAllocator free list. 
https://bugs.webkit.org/show_bug.cgi?id=195476
Summary Randomize the LocalAllocator free list.
Mark Lam
Reported 2019-03-08 12:42:45 PST
<rdar://problem/48722162>
Attachments
proposed patch. (3.60 KB, patch)
2019-03-08 12:48 PST, Mark Lam 		no flags
DetailsFormatted DiffDiff
proposed patch. (3.71 KB, patch)
2019-03-08 13:28 PST, Mark Lam 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2019-03-08 12:48:22 PST
Created attachment 364052 [details] proposed patch.
Mark Lam
Comment 2 2019-03-08 12:55:07 PST
Comment on attachment 364052 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=364052&action=review > Source/JavaScriptCore/heap/MarkedBlockInlines.h:308 > // This produces a free list that is ordered in reverse through the block. > // This is fine, since the allocation code makes no assumptions about the > // order of the free list. I should also fix this comment.
Mark Lam
Comment 3 2019-03-08 13:28:18 PST
Created attachment 364054 [details] proposed patch.
Filip Pizlo
Comment 4 2019-03-08 13:29:10 PST
Since this does not randomize bump pointer, I'm not sure there is much protection here.
Mark Lam
Comment 5 2019-03-08 14:34:35 PST
Comment on attachment 364054 [details] proposed patch. Taking this out of review while I do some A/B testing.
Mark Lam
Comment 6 2024-12-06 11:36:14 PST
We decided we're not going to do this. It is of questionable value.
Note You need to log in before you can comment on or make changes to this bug.