Title: [265122] trunk/Source
- Revision
- 265122
- Author
- keith_mil...@apple.com
- Date
- 2020-07-30 17:17:53 -0700 (Thu, 30 Jul 2020)
Log Message
Remove UB from nonPACBitsMask computation
https://bugs.webkit.org/show_bug.cgi?id=214996
Reviewed by Tadeu Zagallo.
For non-ARM64E we now set numberOfPACBits to zero, which was causing UB in our computation of the nonPACBitsMask.
Source/_javascript_Core:
* assembler/MacroAssemblerARM64E.h:
Source/WTF:
* wtf/CagedPtr.h:
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (265121 => 265122)
--- trunk/Source/_javascript_Core/ChangeLog 2020-07-31 00:15:53 UTC (rev 265121)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-07-31 00:17:53 UTC (rev 265122)
@@ -1,5 +1,16 @@
2020-07-30 Keith Miller <keith_mil...@apple.com>
+ Remove UB from nonPACBitsMask computation
+ https://bugs.webkit.org/show_bug.cgi?id=214996
+
+ Reviewed by Tadeu Zagallo.
+
+ For non-ARM64E we now set numberOfPACBits to zero, which was causing UB in our computation of the nonPACBitsMask.
+
+ * assembler/MacroAssemblerARM64E.h:
+
+2020-07-30 Keith Miller <keith_mil...@apple.com>
+
Compute number of PAC bits from what the OS says its address space is
https://bugs.webkit.org/show_bug.cgi?id=214986
Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64E.h (265121 => 265122)
--- trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64E.h 2020-07-31 00:15:53 UTC (rev 265121)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64E.h 2020-07-31 00:17:53 UTC (rev 265122)
@@ -40,7 +40,7 @@
class MacroAssemblerARM64E : public MacroAssemblerARM64 {
public:
static constexpr unsigned numberOfPACBits = WTF::maximumNumberOfPointerAuthenticationBits;
- static constexpr uintptr_t nonPACBitsMask = (1ull << (64 - numberOfPACBits)) - 1;
+ static constexpr uintptr_t nonPACBitsMask = static_cast<uintptr_t>(-1) >> numberOfPACBits;
ALWAYS_INLINE void tagReturnAddress()
{
Modified: trunk/Source/WTF/ChangeLog (265121 => 265122)
--- trunk/Source/WTF/ChangeLog 2020-07-31 00:15:53 UTC (rev 265121)
+++ trunk/Source/WTF/ChangeLog 2020-07-31 00:17:53 UTC (rev 265122)
@@ -1,3 +1,14 @@
+2020-07-30 Keith Miller <keith_mil...@apple.com>
+
+ Remove UB from nonPACBitsMask computation
+ https://bugs.webkit.org/show_bug.cgi?id=214996
+
+ Reviewed by Tadeu Zagallo.
+
+ For non-ARM64E we now set numberOfPACBits to zero, which was causing UB in our computation of the nonPACBitsMask.
+
+ * wtf/CagedPtr.h:
+
2020-07-30 Jer Noble <jer.no...@apple.com>
[Cocoa] Adopt -[AVContentKeyRequest willOutputBeObscuredDueToInsufficientExternalProtectionForDisplays:]
Modified: trunk/Source/WTF/wtf/CagedPtr.h (265121 => 265122)
--- trunk/Source/WTF/wtf/CagedPtr.h 2020-07-31 00:15:53 UTC (rev 265121)
+++ trunk/Source/WTF/wtf/CagedPtr.h 2020-07-31 00:17:53 UTC (rev 265122)
@@ -40,7 +40,7 @@
public:
static constexpr Gigacage::Kind kind = passedKind;
static constexpr unsigned numberOfPACBits = maximumNumberOfPointerAuthenticationBits;
- static constexpr uintptr_t nonPACBitsMask = (1ull << ((sizeof(T*) * CHAR_BIT) - numberOfPACBits)) - 1;
+ static constexpr uintptr_t nonPACBitsMask = static_cast<uintptr_t>(-1) >> numberOfPACBits;
CagedPtr() : CagedPtr(nullptr) { }
CagedPtr(std::nullptr_t)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes