Title: [286969] trunk/Source/_javascript_Core
- Revision
- 286969
- Author
- commit-qu...@webkit.org
- Date
- 2021-12-13 12:25:56 -0800 (Mon, 13 Dec 2021)
Log Message
ExecutableAllocator: Do not store things in g_config when USE(SYSTEM_MALLOC).
https://bugs.webkit.org/show_bug.cgi?id=232165
Patch by waddlesplash <waddlespl...@gmail.com> on 2021-12-13
Reviewed by Yusuke Suzuki.
Following r281910 two additional slots were added
to g_config in order to store these pointers for use in bmalloc and Gigacage. However, when
USE(SYSTEM_MALLOC) is enabled, there are no slots reserved for Gigacage, and so this collided
with g_wtfConfig and overwrote data there instead.
This should fix crashes seen on Haiku, which enables USE(SYSTEM_MALLOC).
* jit/ExecutableAllocator.cpp:
(JSC::initializeJITPageReservation):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (286968 => 286969)
--- trunk/Source/_javascript_Core/ChangeLog 2021-12-13 20:21:18 UTC (rev 286968)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-12-13 20:25:56 UTC (rev 286969)
@@ -1,3 +1,20 @@
+2021-12-13 waddlesplash <waddlespl...@gmail.com>
+
+ ExecutableAllocator: Do not store things in g_config when USE(SYSTEM_MALLOC).
+ https://bugs.webkit.org/show_bug.cgi?id=232165
+
+ Reviewed by Yusuke Suzuki.
+
+ Following r281910 two additional slots were added
+ to g_config in order to store these pointers for use in bmalloc and Gigacage. However, when
+ USE(SYSTEM_MALLOC) is enabled, there are no slots reserved for Gigacage, and so this collided
+ with g_wtfConfig and overwrote data there instead.
+
+ This should fix crashes seen on Haiku, which enables USE(SYSTEM_MALLOC).
+
+ * jit/ExecutableAllocator.cpp:
+ (JSC::initializeJITPageReservation):
+
2021-12-13 Elliott Williams <e...@apple.com>
Deployment target for macOS 11+ does not follow minor version bumps
Modified: trunk/Source/_javascript_Core/jit/ExecutableAllocator.cpp (286968 => 286969)
--- trunk/Source/_javascript_Core/jit/ExecutableAllocator.cpp 2021-12-13 20:21:18 UTC (rev 286968)
+++ trunk/Source/_javascript_Core/jit/ExecutableAllocator.cpp 2021-12-13 20:25:56 UTC (rev 286969)
@@ -403,7 +403,7 @@
g_jscConfig.startExecutableMemory = tagCodePtr<ExecutableMemoryPtrTag>(reservation.base);
g_jscConfig.endExecutableMemory = tagCodePtr<ExecutableMemoryPtrTag>(reservationEnd);
-#if ENABLE(UNIFIED_AND_FREEZABLE_CONFIG_RECORD)
+#if !USE(SYSTEM_MALLOC) && ENABLE(UNIFIED_AND_FREEZABLE_CONFIG_RECORD)
WebConfig::g_config[0] = bitwise_cast<uintptr_t>(reservation.base);
WebConfig::g_config[1] = bitwise_cast<uintptr_t>(reservationEnd);
#endif
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes