Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 46b1aab009a2062d01aa400e945ee22a96256146
https://github.com/WebKit/WebKit/commit/46b1aab009a2062d01aa400e945ee22a96256146
Author: David Kilzer <[email protected]>
Date: 2025-10-29 (Wed, 29 Oct 2025)
Changed paths:
M Source/JavaScriptCore/jit/ExecutableAllocator.cpp
M Source/WTF/wtf/MallocSpan.h
M Source/WTF/wtf/PlatformHave.h
M Source/WTF/wtf/SystemMalloc.h
M Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp
Log Message:
-----------
Re-land: Fix untyped malloc() calls in JavaScriptCore and WebCore
<https://bugs.webkit.org/show_bug.cgi?id=301118>
<rdar://163059754>
Reviewed by Geoff Garen.
The original commit in 302125@main used a
LazyNeverDestroyed<std::array<uint8_t, bufferSize>> which caused
creation of the dyld shared cache to fail. Switch to using
LazyNeverDestroyed<Vector<uint8_t>> instead. Also apply the internal
build fix from 302141@main.
When compiling with type-aware malloc enabled, the compiler has many
hints from which type information may be deduced:
- C-style casts
- reinterpret_cast<>()
- static_cast<>()
- Multiplying a variable by sizeof(TYPE_NAME)
The fix is to find a way to introduce these mechanisms, or to use
WTF_TYPE_AWARE_MALLOC_FUNCTION() when C++ template types aren't
available.
* Source/JavaScriptCore/jit/ExecutableAllocator.cpp:
(JSC::dumpJITMemory):
- Fix untyped malloc() by switching to LazyNeverDestroyed<Vector>.
- Also fix remaining unsafe buffer issues by adopting std::span.
* Source/WTF/wtf/MallocSpan.h:
- Provide specialization for MallocSpan<T, SystemMalloc> that inherits
from MallocSpan<T, SystemMallocBase<T>> so that <typename T> is
available when using SystemMallocBase in order to provide type hints
to malloc() functions via static_cast<T*>(). We use this
specialization so that other classes used with WTF::MallocSpan are not
required to adopt a <typename T> template parameter.
* Source/WTF/wtf/PlatformHave.h:
- Change definition of HAVE_TYPE_AWARE_MALLOC and
WTF_TYPE_AWARE_MALLOC_FUNCTION() to use OS versions. An enablement
check is added to SystemMalloc.h where <malloc/malloc.h> may be
included without affecting preprocesesing of sandbox profiles
(*.sb.in).
* Source/WTF/wtf/SystemMalloc.h:
- Add a build-time enablement check that HAVE_TYPE_AWARE_MALLOC is
enabled when _MALLOC_TYPE_ENABLED is enabled.
- Rename WTF::SystemMalloc to WTF::SystemMallocBase for SystemMalloc
template specialization in MallocSpan.h (see above).
(WTF::SystemMallocBase::malloc):
(WTF::SystemMallocBase::tryMalloc):
(WTF::SystemMallocBase::zeroedMalloc):
(WTF::SystemMallocBase::tryZeroedMalloc):
(WTF::SystemMallocBase::realloc):
(WTF::SystemMallocBase::tryRealloc):
- Add static_cast<T*>() to provide type hint to malloc() and friends,
then change the return type from void* to T*.
(WTF::SystemMalloc::malloc): Rename.
(WTF::SystemMalloc::tryMalloc): Rename.
(WTF::SystemMalloc::zeroedMalloc): Rename.
(WTF::SystemMalloc::tryZeroedMalloc): Rename.
(WTF::SystemMalloc::realloc): Rename.
(WTF::SystemMalloc::tryRealloc): Rename.
(WTF::SystemMalloc::free): Rename.
(WTF::SystemMalloc::nextCapacity): Rename.
* Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp:
(WebCore::xmlMallocHelper):
(WebCore::xmlFreeHelper):
(WebCore::XMLMalloc::malloc):
- When HAVE(TYPE_AWARE_MALLOC) is enabled, just make XMLMalloc an alias
of WTF::SystemMalloc since that's effectively what we were doing
before. This cleans up typed malloc support for this code.
(WebCore::XMLMalloc::WTF_TYPE_AWARE_MALLOC_FUNCTION): Deleted.
Canonical link: https://commits.webkit.org/302295@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
