[Webkit-unassigned] [Bug 196533] [META] Undefined behavior bugs
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Apr 11 11:54:17 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=196533
--- Comment #10 from Filip Pizlo <fpizlo at apple.com> ---
(In reply to Brent Fulgham from comment #8)
> I think that Sony's goals here are really well aligned with Apple's. WebKit
> is the primary source of system exploits on our systems, too, so anything we
> can do to deny attackers an avenue for exploit should be taken.
There's a cost/benefit trade-off. Running sanitizers on a VM seems like a lot of cost.
>
> I support the idea of getting WebKit to be UBSAN clean, just like we want to
> be ASAN clean, Guard Malloc clean, etc. We should clean all the SANs!
JavaScriptCore relies on features on the C/C++ language that are sometimes considered UB, depending on who you ask.
>
> Currently we are prioritizing things with probably paths to exploit, but I
> am in favor of making code changes to silence ASAN/TSAN/UBSAN warnings if it
> reduces noise so we can identify real problems or new regressions.
I think that if we find a significant amount of UB in JSC then we should use compiler flags to simply turn that UB off.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190411/aa7967a7/attachment.html>
More information about the webkit-unassigned
mailing list