[webkit-changes] [269016] trunk/Source/JavaScriptCore

Mon, 26 Oct 2020 18:57:21 -0700

Title: [269016] trunk/Source/_javascript_Core
Revision
269016
Author
[email protected]
Date
2020-10-26 18:56:16 -0700 (Mon, 26 Oct 2020)

Log Message

Validate addresses returned by LinkBuffer::locationOf
https://bugs.webkit.org/show_bug.cgi?id=217786
<rdar://problem/69887913>

Reviewed by Saam Barati.

* assembler/LinkBuffer.h:
(JSC::LinkBuffer::locationOf):
(JSC::LinkBuffer::locationOfNearCall):
(JSC::LinkBuffer::getLinkerAddress):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (269015 => 269016)


--- trunk/Source/_javascript_Core/ChangeLog	2020-10-27 01:13:28 UTC (rev 269015)
+++ trunk/Source/_javascript_Core/ChangeLog	2020-10-27 01:56:16 UTC (rev 269016)
@@ -1,3 +1,16 @@
+2020-10-15  Tadeu Zagallo  <[email protected]>
+
+        Validate addresses returned by LinkBuffer::locationOf
+        https://bugs.webkit.org/show_bug.cgi?id=217786
+        <rdar://problem/69887913>
+
+        Reviewed by Saam Barati.
+
+        * assembler/LinkBuffer.h:
+        (JSC::LinkBuffer::locationOf):
+        (JSC::LinkBuffer::locationOfNearCall):
+        (JSC::LinkBuffer::getLinkerAddress):
+
 2020-10-26  Alex Christensen  <[email protected]>
 
         Inclusive software: Remove instances of "dumb" from the code

Modified: trunk/Source/_javascript_Core/assembler/LinkBuffer.h (269015 => 269016)


--- trunk/Source/_javascript_Core/assembler/LinkBuffer.h	2020-10-27 01:13:28 UTC (rev 269015)
+++ trunk/Source/_javascript_Core/assembler/LinkBuffer.h	2020-10-27 01:56:16 UTC (rev 269016)
@@ -195,7 +195,7 @@
     {
         ASSERT(call.isFlagSet(Call::Linkable));
         ASSERT(!call.isFlagSet(Call::Near));
-        return CodeLocationCall<tag>(MacroAssembler::getLinkerAddress<tag>(code(), applyOffset(call.m_label)));
+        return CodeLocationCall<tag>(getLinkerAddress<tag>(applyOffset(call.m_label)));
     }
 
     template<PtrTag tag>
@@ -203,7 +203,7 @@
     {
         ASSERT(call.isFlagSet(Call::Linkable));
         ASSERT(call.isFlagSet(Call::Near));
-        return CodeLocationNearCall<tag>(MacroAssembler::getLinkerAddress<tag>(code(), applyOffset(call.m_label)),
+        return CodeLocationNearCall<tag>(getLinkerAddress<tag>(applyOffset(call.m_label)),
             call.isFlagSet(Call::Tail) ? NearCallMode::Tail : NearCallMode::Regular);
     }
 
@@ -210,37 +210,37 @@
     template<PtrTag tag>
     CodeLocationLabel<tag> locationOf(PatchableJump jump)
     {
-        return CodeLocationLabel<tag>(MacroAssembler::getLinkerAddress<tag>(code(), applyOffset(jump.m_jump.m_label)));
+        return CodeLocationLabel<tag>(getLinkerAddress<tag>(applyOffset(jump.m_jump.m_label)));
     }
 
     template<PtrTag tag>
     CodeLocationLabel<tag> locationOf(Label label)
     {
-        return CodeLocationLabel<tag>(MacroAssembler::getLinkerAddress<tag>(code(), applyOffset(label.m_label)));
+        return CodeLocationLabel<tag>(getLinkerAddress<tag>(applyOffset(label.m_label)));
     }
 
     template<PtrTag tag>
     CodeLocationDataLabelPtr<tag> locationOf(DataLabelPtr label)
     {
-        return CodeLocationDataLabelPtr<tag>(MacroAssembler::getLinkerAddress<tag>(code(), applyOffset(label.m_label)));
+        return CodeLocationDataLabelPtr<tag>(getLinkerAddress<tag>(applyOffset(label.m_label)));
     }
 
     template<PtrTag tag>
     CodeLocationDataLabel32<tag> locationOf(DataLabel32 label)
     {
-        return CodeLocationDataLabel32<tag>(MacroAssembler::getLinkerAddress<tag>(code(), applyOffset(label.m_label)));
+        return CodeLocationDataLabel32<tag>(getLinkerAddress<tag>(applyOffset(label.m_label)));
     }
     
     template<PtrTag tag>
     CodeLocationDataLabelCompact<tag> locationOf(DataLabelCompact label)
     {
-        return CodeLocationDataLabelCompact<tag>(MacroAssembler::getLinkerAddress<tag>(code(), applyOffset(label.m_label)));
+        return CodeLocationDataLabelCompact<tag>(getLinkerAddress<tag>(applyOffset(label.m_label)));
     }
 
     template<PtrTag tag>
     CodeLocationConvertibleLoad<tag> locationOf(ConvertibleLoadLabel label)
     {
-        return CodeLocationConvertibleLoad<tag>(MacroAssembler::getLinkerAddress<tag>(code(), applyOffset(label.m_label)));
+        return CodeLocationConvertibleLoad<tag>(getLinkerAddress<tag>(applyOffset(label.m_label)));
     }
 
     // This method obtains the return address of the call, given as an offset from
@@ -331,6 +331,15 @@
     
     void allocate(MacroAssembler&, JITCompilationEffort);
 
+    template<PtrTag tag, typename T>
+    void* getLinkerAddress(T src)
+    {
+        void *code = this->code();
+        void* address = MacroAssembler::getLinkerAddress<tag>(code, src);
+        RELEASE_ASSERT(code <= untagCodePtr<tag>(address) && untagCodePtr<tag>(address) <= static_cast<char*>(code) + size());
+        return address;
+    }
+
     JS_EXPORT_PRIVATE void linkCode(MacroAssembler&, JITCompilationEffort);
 #if ENABLE(BRANCH_COMPACTION)
     template <typename InstructionType>

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to