Runtime: Only demangle symbolic references in constant memory. #17405
Conversation
|
@swift-ci Please test |
|
@swift-ci Please benchmark |
|
Build failed |
Build comment file:Build failed before running benchmark. |
jckarter
force-pushed
the
protect-symbolic-references
branch
from
493ac30 to
515b065
Compare
|
@swift-ci Please test |
jckarter
force-pushed
the
protect-symbolic-references
branch
from
515b065 to
fd3e209
Compare
|
@swift-ci Please test |
|
Build failed |
|
Build failed |
This provides a slight amount of defense against attackers constructing mangled names with offsets crafted to JOP the runtime into attacker-controlled code. (Someone could still find some random code or constant data artifact in a binary that *looks* like a mangled string with symbolic references and theoretically attack that way, but they at least wouldn't be able to construct their own string entirely.)
jckarter
force-pushed
the
protect-symbolic-references
branch
from
fd3e209 to
99842f9
Compare
|
@swift-ci Please test |
|
Build failed |
|
Build failed |
|
Why is this using an availability check instead of a weak import check? Did you verify that the symbol reference to |
|
Ah, I see it's not declared with availability attributes in the dyld headers. I'll fix that. |
This provides a slight amount of defense against attackers constructing mangled names with offsets crafted to JOP the runtime into attacker-controlled code. (Someone could still find some random code or constant data artifact in a binary that looks like a mangled string with symbolic references and theoretically attack that way, but they at least wouldn't be able to construct their own string entirely.)