969bdb55354a486f4d6afba080babf11515660d3 - chromium/src/tools/cfi

commit	969bdb55354a486f4d6afba080babf11515660d3	[log] [tgz]
author	Vlad Tsyrklevich <vtsyrklevich@chromium.org>	Thu Nov 30 20:08:54 2017
committer	Josip Sokcevic <sokcevic@google.com>	Thu Jul 23 17:39:24 2020
tree	2477ac16ff7bdca3534ed58f5f8130179e4f627b
parent	c989b02f5e43ae6bcdfc731a935a0d79d36447ff [diff]

[cfi-icall] Store GTK function in ProtectedMemory

Control Flow Integrity [1] indirect call (cfi-icall) checking can not
verify that dynamically resolved function pointers call their intended
function. Instead we place the pointer for gdk_set_allowed_backends in
ProtectedMemory, a wrapper for keeping variables in read-only memory
except for when they are initialized.  After setting the pointer in
protected memory we can use the UnsanitizedCfiCall wrapper to disable
cfi-icall checking when calling it since we know it can not be tampered
with.

[1] https://www.chromium.org/developers/testing/control-flow-integrity

Bug: 771365
Change-Id: I5c359697c466921084aea17cda655231fdc33a92
Reviewed-on: https://chromium-review.googlesource.com/775617
Reviewed-by: Elliot Glaysher <erg@chromium.org>
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#520657}
GitOrigin-RevId: e683c7e9e0616d33876022da8ebd0a82f341e0b3

blacklist.txt[diff]

1 file changed

tree: 2477ac16ff7bdca3534ed58f5f8130179e4f627b