RESOLVED FIXED Bug 199372
PACCage should first cage leaving PAC bits intact then authenticate 
https://bugs.webkit.org/show_bug.cgi?id=199372
Summary PACCage should first cage leaving PAC bits intact then authenticate
Keith Miller
Reported 2019-07-01 13:43:45 PDT
PACCage should first cage leaving PAC bits intact then authenticate
Attachments
Patch (9.45 KB, patch)
2019-07-01 13:46 PDT, Keith Miller 		no flags
DetailsFormatted DiffDiff
Patch (18.41 KB, patch)
2019-07-01 17:37 PDT, Keith Miller 		no flags
DetailsFormatted DiffDiff
Patch (18.83 KB, patch)
2019-07-03 13:24 PDT, Keith Miller 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Keith Miller
Comment 1 2019-07-01 13:46:56 PDT
Created attachment 373254 [details] Patch
Saam Barati
Comment 2 2019-07-01 15:36:59 PDT
Comment on attachment 373254 [details] Patch You need to change the LLint and WTF too. Otherwise, LGTM
Saam Barati
Comment 3 2019-07-01 15:37:32 PDT
Comment on attachment 373254 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=373254&action=review > Source/JavaScriptCore/ChangeLog:11 > + This ordering prevents someone from taking a signed pointer from > + outside the gigacage and using it in a struct that expects a caged > + pointer. Previously, the PACCaging just double checked that the PAC > + bits were valid for the original pointer. Might be worth spending a few more sentences explaining why this is. It's kinda subtle. Maybe an example would help
Keith Miller
Comment 4 2019-07-01 17:37:47 PDT
Created attachment 373289 [details] Patch
Keith Miller
Comment 5 2019-07-01 23:29:29 PDT
Comment on attachment 373289 [details] Patch gtk build failure seems unrelated.
WebKit Commit Bot
Comment 6 2019-07-02 00:00:20 PDT
Comment on attachment 373289 [details] Patch Clearing flags on attachment: 373289 Committed r247041: <https://trac.webkit.org/changeset/247041>
WebKit Commit Bot
Comment 7 2019-07-02 00:00:22 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 8 2019-07-02 00:01:18 PDT
<rdar://problem/52506922>
WebKit Commit Bot
Comment 9 2019-07-02 16:24:28 PDT
Re-opened since this is blocked by bug 199425
Keith Miller
Comment 10 2019-07-03 13:24:34 PDT
Created attachment 373409 [details] Patch
Keith Miller
Comment 11 2019-07-03 13:25:21 PDT
Committed r247101: <https://trac.webkit.org/changeset/247101>
Note You need to log in before you can comment on or make changes to this bug.