Skip to content

Commit b70a1cd

Browse files
swift-ciswift-ci
committed
Merge remote-tracking branch 'origin/master' into master-next
2 parents e40f4fa + 77ed0e1 commit b70a1cd

File tree

1 file changed

+31
-2
lines changed

1 file changed

+31
-2
lines changed

stdlib/public/runtime/MetadataLookup.cpp

Lines changed: 31 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,29 @@ using namespace reflection;
4646
#include <objc/objc.h>
4747
#endif
4848

49+
#if __has_include(<mach-o/dyld_priv.h>)
50+
#include <mach-o/dyld_priv.h>
51+
#define SWIFT_HAS_DYLD_IS_MEMORY_IMMUTABLE
52+
#endif
53+
54+
/// If the target platform has an API for asking whether an address is mapped
55+
/// from immutable pages of an executable image, this returns true if the
56+
/// given address is *not* from an executable image. Otherwise, this always
57+
/// returns false. The intent is to check that this returns false as a defense
58+
/// for APIs that expect to operate on immutable memory to prevent them from
59+
/// being fed untrusted data by an attacker, when the platform makes that
60+
/// possible.
61+
static bool isKnownToBeInMutableMemory(const void *base, size_t size) {
62+
#if defined(SWIFT_HAS_DYLD_IS_MEMORY_IMMUTABLE)
63+
if (__builtin_available(macOS 10.12, iOS 10.0, tvOS 10.0, watchOS 3.0, *))
64+
return !_dyld_is_memory_immutable(base, size);
65+
else
66+
return false;
67+
#else
68+
return false;
69+
#endif
70+
}
71+
4972
/// Produce a Demangler value suitable for resolving runtime type metadata
5073
/// strings.
5174
static Demangler getDemanglerForRuntimeTypeResolution() {
@@ -55,8 +78,14 @@ static Demangler getDemanglerForRuntimeTypeResolution() {
5578
// mangled name we can immediately find the associated metadata.
5679
dem.setSymbolicReferenceResolver([&](int32_t offset,
5780
const void *base) -> NodePointer {
58-
auto absolute_addr = (uintptr_t)detail::applyRelativeOffset(base, offset);
59-
auto reference = dem.createNode(Node::Kind::SymbolicReference, absolute_addr);
81+
// Only read symbolic references out of constant memory.
82+
if (isKnownToBeInMutableMemory(base, sizeof(int)))
83+
return nullptr;
84+
85+
auto absolute_addr = detail::applyRelativeOffset(base, offset);
86+
87+
auto reference = dem.createNode(Node::Kind::SymbolicReference,
88+
(uintptr_t)absolute_addr);
6089
auto type = dem.createNode(Node::Kind::Type);
6190
type->addChild(reference, dem);
6291
return type;

0 commit comments

Comments
 (0)