Closed Bug 1284977 Opened 5 years ago Closed 5 years ago

Use an aligned poison value for SetToCrashOnTouch

Categories

(Core :: JavaScript Engine, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla50
Tracking Status
firefox50 --- fixed

People

(Reporter: terrence, Assigned: terrence)

References

(Blocks 1 open bug)

Details

Attachments

(1 file, 2 obsolete files)

Attached patch ubisan-unaligned-pointer-v0.diff (obsolete) — Splinter Review
SetToCrashOnTouch uses a reasonable literary reference of 0x42 for its poison value. Unfortunately this "pointer" does not have proper alignment for all of the types we want to use with it. I cannot see what this fact would allow a compiler to assume that would result in incorrect code, but I'm not particularly smart C++ compiler. Let's instead err on the side of safety.
Attachment #8768504 - Flags: review?(jdemooij)
Assignee: nobody → terrence
Attached patch ubisan-unaligned-pointer-v1.diff (obsolete) — Splinter Review
Oh, hey, we actually assert on the poisoned value. This should work better.
Attachment #8768504 - Attachment is obsolete: true
Attachment #8768504 - Flags: review?(jdemooij)
Attachment #8768505 - Flags: review?(jdemooij)
And we create ad-hoc poisoned values using a bare constant 0x42. I think this is the only one.
Attachment #8768505 - Attachment is obsolete: true
Attachment #8768505 - Flags: review?(jdemooij)
Attachment #8768563 - Flags: review?(jdemooij)
Component: JavaScript: GC → JavaScript Engine
Attachment #8768563 - Flags: review?(jdemooij) → review+
https://hg.mozilla.org/mozilla-central/rev/80ad0f56e596
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla50
You need to log in before you can comment on or make changes to this bug.