[Webkit-unassigned] [Bug 209236] REGRESSION(r249808): [GTK] Crash in JSC Config::permanentlyFreeze() on architecture ppc64el
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 19 11:34:43 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=209236
--- Comment #37 from Carlos Alberto Lopez Perez <clopez at igalia.com> ---
(In reply to Mark Lam from comment #36)
> (In reply to Mark Lam from comment #35)
> > (In reply to Carlos Alberto Lopez Perez from comment #34)
> > > (In reply to Michael Catanzaro from comment #28)
> > > > The best solution is to get page size at runtime using
> > > > sysconf(_SC_PAGESIZE), but it looks like the code really wants a
> > > > compile-time solution. So maybe just hardcode 64 KB for these CPUs and for
> > > > CPU(UNKNOWN)? Ideally we would share the value with MarkedBlock.h? clopez,
> > > > what do you think?
> > > >
> >
> > Hardcoding to 64K is a good approach in addition to the check below.
>
> I should qualify this statement: hardcoding to 64K is a better workaround
> than disabling this feature outright.
>
> The feature is a security mitigation. If preventing the crash is a higher
> priority, the proposed check is good at the price of disabling this
> mitigation.
I have to admit I don't understand the attack/mitigation scenario, neither what "Harden JSC against the abuse of runtime options." really means (even after reading the changelog of r249808 ).
How this options are supposed to be abused? Can that be done by a malicious website?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200319/eb4d16b4/attachment.htm>
More information about the webkit-unassigned
mailing list