[Webkit-unassigned] [Bug 76724] ENABLE(ASSEMBLER_WX_EXCLUSIVE): LinkBuffer can leave pages not marked as executable.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Feb 9 08:57:43 PST 2012
https://bugs.webkit.org/show_bug.cgi?id=76724
Yong Li <yong.li.webkit at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|MetaAllocator conflicts |ENABLE(ASSEMBLER_WX_EXCLUSI
|with |VE): LinkBuffer can leave
|ENABLE(ASSEMBLER_WX_EXCLUSI |pages not marked as
|VE) |executable.
Status|NEW |ASSIGNED
AssignedTo|webkit-unassigned at lists.web |yong.li.webkit at gmail.com
|kit.org |
--- Comment #6 from Yong Li <yong.li.webkit at gmail.com> 2012-02-09 08:57:43 PST ---
Found a bug in LinkedBuffer. The size used to call makeExecutable can be smaller than the one that was used for makeWritable. So it can leave pages that are not set back to default flags. When an assembly on that page is executed or JIT returns to that page in the case it was already executing that page, the software will crash.
Patch is on the way.
But I'm not sure MetaAllocator is safe with ENABLE(ASSEMBLER_WX_EXCLUSIVE) even with this fix. Geoffrey, do you see potential problems with MetaAllocator + ENABLE(ASSEMBLER_WX_EXCLUSIVE) + Workers?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list