| Summary: | CallFrame::unsafeCallee() should use an ASAN suppressed Register::asanUnsafePointer(). | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Mark Lam <mark.lam> | ||||||||
| Component: | JavaScriptCore | Assignee: | Mark Lam <mark.lam> | ||||||||
| Status: | RESOLVED FIXED | ||||||||||
| Severity: | Normal | CC: | commit-queue, ddkilzer, fpizlo, keith_miller, msaboff, rmorisset, saam, tzagallo, webkit-bug-importer, ysuzuki | ||||||||
| Priority: | P2 | Keywords: | InRadar | ||||||||
| Version: | WebKit Nightly Build | ||||||||||
| Hardware: | Unspecified | ||||||||||
| OS: | Unspecified | ||||||||||
| Attachments: |
|
||||||||||
|
Description
Mark Lam
2018-09-03 10:52:15 PDT
Created attachment 348779 [details]
proposed patch.
Comment on attachment 348779 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=348779&action=review > Source/JavaScriptCore/interpreter/Register.h:125 > + return asanUnsafeJSValue(); How does this not remove asan protection? Comment on attachment 348779 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=348779&action=review >> Source/JavaScriptCore/interpreter/Register.h:125 >> + return asanUnsafeJSValue(); > > How does this not remove asan protection? I was previously thinking that the outer function Register::jsValue() not being a ASAN suppressed function means that this is OK. But I'm wrong: this is a bug. I will undo these call forwardinh changes. Created attachment 348788 [details]
proposed patch.
Comment on attachment 348788 [details]
proposed patch.
Got a bug.
Created attachment 348789 [details]
proposed patch.
Comment on attachment 348789 [details] proposed patch. Clearing flags on attachment: 348789 Committed r235603: <https://trac.webkit.org/changeset/235603> All reviewed patches have been landed. Closing bug. |