Status: Accepted
Owner: [email protected]
Labels: Type-FeatureRequest Priority-Medium
New issue 908 by [email protected]: Replace constant splitting with
constant cookies.
http://code.google.com/p/v8/issues/detail?id=908
Immediate 32-bit constants in emitted JIT code are split into two 16-bit
halves. This is done to mitigate the use of emitted JIT code in exploits.
However, more effective approach is the following:
1. Generate a random 32-bit value at compilation time.
2. XOR the 32-bit constant with the random value.
3. Emit the resulting immediate value along with the XOR operation to
generate the original value.
See here for more background:
http://code.google.com/p/chromium/issues/detail?id=48934
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
