Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 9ed0cbc96b8b0afe8c08338e22f7900e55aa89d2
https://github.com/WebKit/WebKit/commit/9ed0cbc96b8b0afe8c08338e22f7900e55aa89d2
Author: Simon Lewis <[email protected]>
Date: 2026-04-17 (Fri, 17 Apr 2026)
Changed paths:
M Source/WebKit/PlatformMac.cmake
Log Message:
-----------
[CMake][ASan] Pass -fsanitize to sandbox-profile preprocessing
https://bugs.webkit.org/show_bug.cgi?id=312617
Reviewed by Geoffrey Garen.
The macOS sandbox profiles gate ASan-required syscalls behind
#if ASAN_ENABLED, which wtf/Compiler.h derives from
__has_feature(address_sanitizer). DerivedSources.make passes
$(SANITIZE_FLAGS) to the clang -E invocation that preprocesses .sb.in
files; the CMake equivalent in WEBKIT_DEFINE_XPC_SERVICES did not, so the
mac-asan preset (312514@main) produced non-ASan sandbox profiles.
The WebContent process then aborts the first time Security.framework
throws a C++ exception during platformInitializeWebProcess: ASan's
__cxa_throw interceptor calls __asan_handle_no_return ->
PlatformUnpoisonStacks -> sigaltstack(NULL, &oss), which returns EPERM
because SYS_sigaltstack is not in the syscall allowlist, and ASan
CHECK-fails.
Append -fsanitize=<each ENABLE_SANITIZERS entry> to the .sb.in
preprocessing flags, mirroring DerivedSources.make.
* Source/WebKit/PlatformMac.cmake:
Canonical link: https://commits.webkit.org/311517@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
