[Webkit-unassigned] [Bug 209236] REGRESSION(r249808): [GTK] Crash in JSC Config::permanentlyFreeze() on architectures ppc64el/s390x

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Mar 18 17:45:37 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=209236

--- Comment #22 from Mark Lam <mark.lam at apple.com> ---
(In reply to Michael Catanzaro from comment #20)
> Sebastien, you told me there was no crash. :( A crash makes everything way
> easier!
> 
> (In reply to Carlos Alberto Lopez Perez from comment #18)
> > Do you mean it lacks support for mprotect() with PROT_READ ?
> 
> errno is set on failure, so WebKit should check errno and print a proper
> error using strerror(errno) to give us an idea of what's going wrong. But
> I'm pretty sure it's going to be EINVAL. Look:
> 
> EINVAL addr is not a valid pointer, or not a  multiple  of  the  system
>               page size.
> 
> And I see we have in JSCConfig.h:
> 
> #if !OS(WINDOWS)
> constexpr size_t ConfigSizeToProtect = 16 * KB;
> #else
> constexpr size_t ConfigSizeToProtect = 4 * KB;
> #endif
> 
> which is definitely incorrect. This is reminiscent of bug #182923, fixed in
> r232909. Note that in that revision, the task was to find a block size that
> was *at least as big* as the actual page size, so it was not a precise fix:
> we just guessed 64 KB was big enough for strange architectures without
> attempting to be precise about it. Hopefully the same approach would work
> here?

I was surprised that this could be the issue because there's an assert in Config::permanentlyFreeze() that ensures that ConfigSizeToProtect is an integral multiple of page size.  However, checking the code, I see:

#if PLATFORM(COCOA)
    RELEASE_ASSERT(roundUpToMultipleOf(vmPageSize(), ConfigSizeToProtect) == ConfigSizeToProtect);
#endif

It's a pity that vmPageSize() is not available on non-cocoa ports, or this issue would be more clearly identified.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200319/7efb6d53/attachment-0001.htm>

More information about the webkit-unassigned mailing list