Mike Hommey
2010-10-31 08:20:01 UTC
Hi,
Firefox uses a technique they call "frame poisoning" to mitigate
dangling pointer bugs. It reserves a poison area at a fixed location
in the address space (and tries other places if that can't be done)
and makes dangling pointers point there so that the application ends
up crashing instead of being exploitable.
There is validation test in their test suite that verifies if that
technique works properly. While upstream version doesn't support s390,
adding support for it is pretty straightforward. The only problem I have
now is that while this works properly on zelenka, it doesn't work on
zandonai during the test suite run part of the build.
Is there a difference in the kernel or hardware that would explain this
behaviour?
I'm attaching the test program in question. It can be simply built with
g++ -o TestPoisonArea TestPoisonArea.cpp
Thanks,
Mike
Firefox uses a technique they call "frame poisoning" to mitigate
dangling pointer bugs. It reserves a poison area at a fixed location
in the address space (and tries other places if that can't be done)
and makes dangling pointers point there so that the application ends
up crashing instead of being exploitable.
There is validation test in their test suite that verifies if that
technique works properly. While upstream version doesn't support s390,
adding support for it is pretty straightforward. The only problem I have
now is that while this works properly on zelenka, it doesn't work on
zandonai during the test suite run part of the build.
Is there a difference in the kernel or hardware that would explain this
behaviour?
I'm attaching the test program in question. It can be simply built with
g++ -o TestPoisonArea TestPoisonArea.cpp
Thanks,
Mike