179448 – Let's make the gigacage runway 32GB

RESOLVED DUPLICATE of bug 175062 179448

Let's make the gigacage runway 32GB

https://bugs.webkit.org/show_bug.cgi?id=179448

Summary Let's make the gigacage runway 32GB

Saam Barati

Reported 2017-11-08 14:26:20 PST

This will prevent (almost) all buffer overflows from reaching passed other things in the cage. The reason being, is we use 32-bits as indexes for things, and: 2^32 * sizeof(JSValue) = 2^32 * 8 = 32GB

Attachments
Add attachment proposed patch, testcase, etc.

Saam Barati

Comment 1 2017-11-13 20:56:24 PST

*** This bug has been marked as a duplicate of bug 175062 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 175062

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Saam Barati

Reported

2017-11-08 14:26 PST

Modified

2017-11-13 20:56 PST History

CC List

11 users Show

URL

Keywords

Depends on

Blocks