WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
209632
Clear the entropy bits in the encodedStructureBits when deallocating a structureID.
https://bugs.webkit.org/show_bug.cgi?id=209632
Summary
Clear the entropy bits in the encodedStructureBits when deallocating a struct...
Mark Lam
Reported
2020-03-26 17:14:20 PDT
We currently only use a 32-bit offset in the StructureIDTable's StructureOrOffset. Though we will never store an offset value that is near 32-bit in size, let alone 64-bit, there's no reason why we can't just use all 64-bits for the offset. Doing so will also have the benefit of zero'ing out the entropy bits in the old encodedStructureBits. This guarantees there's no chance of coalition between a "freed" structureID's entropy bits and the entropy bits in a dead cell due to GC bugs.
Attachments
proposed patch.
(1.68 KB, patch)
2020-03-26 17:21 PDT
,
Mark Lam
saam
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2020-03-26 17:14:46 PDT
<
rdar://problem/60943876
>
Mark Lam
Comment 2
2020-03-26 17:21:20 PDT
Created
attachment 394681
[details]
proposed patch.
Mark Lam
Comment 3
2020-03-26 23:38:46 PDT
Thanks for the review. Landed in
r259107
: <
http://trac.webkit.org/r259107
>.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug