Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 475a14fe40916905ac2f2a20bea842ecfa118843
https://github.com/WebKit/WebKit/commit/475a14fe40916905ac2f2a20bea842ecfa118843
Author: Vassili Bykov <[email protected]>
Date: 2026-04-27 (Mon, 27 Apr 2026)
Changed paths:
M Source/JavaScriptCore/runtime/EvacuatedStack.cpp
M Source/JavaScriptCore/runtime/EvacuatedStack.h
M Source/JavaScriptCore/runtime/PinballCompletion.cpp
Log Message:
-----------
[JSC][JSPI] Change the signing scheme of return PCs in EvacuatedStackSlices
https://bugs.webkit.org/show_bug.cgi?id=312616
rdar://175047995
Reviewed by Mark Lam.
The existing implementation of EvacuatedStackSlice keeps the original return
PCs copied
from the suspended stack unchanged, and recomputes their discriminator SP
values to
authenticate them at the implantation time.
This patch changes the authentication approach so that return PCs stored in the
EvacuatedStackSlice data on the heap are re-signed at the slice creation time
using their
salted storage address.
Covered by existing tests.
Canonical link: https://commits.webkit.org/312101@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
