« Return to Thread: Gnash and aslr-fix
Gnash and aslr-fix
by Christian Apeltauer-3
::
Rate this Message:
Hello hardened-list,
I was playing with gnash-0.8.10 for displaying downloaded swf files.
But I ran in an endless mmap/munmap loop. Of course I remembered bug
#396275 and found the culprit in libbase/jemalloc.c.
The code wasn't exactly the same as expected by firefox's
ff9-aslr-fix.patch, but I was able to port it to gnash. gnash works
now. Nonetheless I would like to have my patch to be reviewed by
someone who has a better understanding of what's going on.
Best regards
Christian Apeltauer
diff -Naur gnash-0.8.10.alt/libbase/jemalloc.c gnash-0.8.10/libbase/jemalloc.c
--- gnash-0.8.10.alt/libbase/jemalloc.c 2012-02-07 09:39:41.000000000 +0100
+++ gnash-0.8.10/libbase/jemalloc.c 2012-02-24 18:36:47.000000000 +0100
@@ -429,7 +429,7 @@
static const bool __isthreaded = true;
#endif
-#if defined(MOZ_MEMORY_SOLARIS) && defined(MAP_ALIGN) && !defined(JEMALLOC_NEVER_USES_MAP_ALIGN)
+#if defined(MOZ_MEMORY_SOLARIS) && defined(MAP_ALIGN) && !defined(JEMALLOC_NEVER_USES_MAP_ALIGN) || defined(MOZ_MEMORY_LINUX)
#define JEMALLOC_USES_MAP_ALIGN /* Required on Solaris 10. Might improve performance elsewhere. */
#endif
@@ -2238,6 +2238,7 @@
* We don't use MAP_FIXED here, because it can cause the *replacement*
* of existing mappings, and we only want to create new mappings.
*/
+#ifndef MOZ_MEMORY_LINUX
#ifdef MALLOC_PAGEFILE
if (pfd != -1) {
ret = mmap((void *)alignment, size, PROT_READ | PROT_WRITE, MAP_PRIVATE |
@@ -2252,6 +2253,31 @@
if (ret == MAP_FAILED)
ret = NULL;
+#else /* MOZ_MEMORY_LINUX */
+#ifdef MALLOC_PAGEFILE
+ if (pfd != -1) {
+ ret = mmap((void *)alignment, size, PROT_READ | PROT_WRITE, MAP_PRIVATE |
+ MAP_NOSYNC, pfd, 0);
+ } else
+#endif
+ {
+ ret = mmap(NULL, size + alignment, PROT_READ | PROT_WRITE, MAP_PRIVATE |
+ MAP_NOSYNC | MAP_ANON, -1, 0);
+ }
+ assert(ret != NULL);
+
+ if (ret == MAP_FAILED)
+ return NULL;
+
+ uintptr_t aligned_ret;
+ size_t extra_size;
+ aligned_ret = (uintptr_t)ret + alignment - 1;
+ aligned_ret &= ~(alignment - 1);
+ extra_size = aligned_ret - (uintptr_t)ret;
+ munmap(ret, extra_size);
+ munmap(ret + extra_size + size, alignment - extra_size);
+ ret = (void*)aligned_ret;
+#endif /* ifndef MOZ_MEMORY_LINUX*/
return (ret);
}
#endif
I was playing with gnash-0.8.10 for displaying downloaded swf files.
But I ran in an endless mmap/munmap loop. Of course I remembered bug
#396275 and found the culprit in libbase/jemalloc.c.
The code wasn't exactly the same as expected by firefox's
ff9-aslr-fix.patch, but I was able to port it to gnash. gnash works
now. Nonetheless I would like to have my patch to be reviewed by
someone who has a better understanding of what's going on.
Best regards
Christian Apeltauer
diff -Naur gnash-0.8.10.alt/libbase/jemalloc.c gnash-0.8.10/libbase/jemalloc.c
--- gnash-0.8.10.alt/libbase/jemalloc.c 2012-02-07 09:39:41.000000000 +0100
+++ gnash-0.8.10/libbase/jemalloc.c 2012-02-24 18:36:47.000000000 +0100
@@ -429,7 +429,7 @@
static const bool __isthreaded = true;
#endif
-#if defined(MOZ_MEMORY_SOLARIS) && defined(MAP_ALIGN) && !defined(JEMALLOC_NEVER_USES_MAP_ALIGN)
+#if defined(MOZ_MEMORY_SOLARIS) && defined(MAP_ALIGN) && !defined(JEMALLOC_NEVER_USES_MAP_ALIGN) || defined(MOZ_MEMORY_LINUX)
#define JEMALLOC_USES_MAP_ALIGN /* Required on Solaris 10. Might improve performance elsewhere. */
#endif
@@ -2238,6 +2238,7 @@
* We don't use MAP_FIXED here, because it can cause the *replacement*
* of existing mappings, and we only want to create new mappings.
*/
+#ifndef MOZ_MEMORY_LINUX
#ifdef MALLOC_PAGEFILE
if (pfd != -1) {
ret = mmap((void *)alignment, size, PROT_READ | PROT_WRITE, MAP_PRIVATE |
@@ -2252,6 +2253,31 @@
if (ret == MAP_FAILED)
ret = NULL;
+#else /* MOZ_MEMORY_LINUX */
+#ifdef MALLOC_PAGEFILE
+ if (pfd != -1) {
+ ret = mmap((void *)alignment, size, PROT_READ | PROT_WRITE, MAP_PRIVATE |
+ MAP_NOSYNC, pfd, 0);
+ } else
+#endif
+ {
+ ret = mmap(NULL, size + alignment, PROT_READ | PROT_WRITE, MAP_PRIVATE |
+ MAP_NOSYNC | MAP_ANON, -1, 0);
+ }
+ assert(ret != NULL);
+
+ if (ret == MAP_FAILED)
+ return NULL;
+
+ uintptr_t aligned_ret;
+ size_t extra_size;
+ aligned_ret = (uintptr_t)ret + alignment - 1;
+ aligned_ret &= ~(alignment - 1);
+ extra_size = aligned_ret - (uintptr_t)ret;
+ munmap(ret, extra_size);
+ munmap(ret + extra_size + size, alignment - extra_size);
+ ret = (void*)aligned_ret;
+#endif /* ifndef MOZ_MEMORY_LINUX*/
return (ret);
}
#endif
« Return to Thread: Gnash and aslr-fix
| Free embeddable forum powered by Nabble | Forum Help |
