Bug 1314169: Leave the first VectoredExceptionHandler slot open for ASan. r=luke
☠☠ backed out by b3e1adfb080c ☠ ☠
authorDavid Major <dmajor@mozilla.com>
Thu, 10 Nov 2016 15:00:52 -0600
changeset 322114 d1b9fbbc9710402f0b0da8025819534bb98c9321
parent 322113 3b77e4081775f2122e05a0d4b2577fee893bdd05
child 322115 e4900824c7eba29f5f93949f03fa99d8a738de69
push id21
push usermaklebus@msu.edu
push dateThu, 01 Dec 2016 06:22:08 +0000
reviewersluke
bugs1314169
milestone52.0a1
Bug 1314169: Leave the first VectoredExceptionHandler slot open for ASan. r=luke Win64 ASan relies on a VectoredExceptionHandler to create shadow memory regions on demand. If WasmFaultHandler gets the exception first, it can itself fault while looking at shadow memory, leading to an infinite recursion. MozReview-Commit-ID: 5MVik7kftxX
js/src/wasm/WasmSignalHandlers.cpp
--- a/js/src/wasm/WasmSignalHandlers.cpp
+++ b/js/src/wasm/WasmSignalHandlers.cpp
@@ -1335,17 +1335,18 @@ ProcessHasSignalHandlers()
     {
         MOZ_CRASH("contention for interrupt signal");
     }
 #endif // defined(XP_WIN)
 
     // Install a SIGSEGV handler to handle safely-out-of-bounds asm.js heap
     // access and/or unaligned accesses.
 # if defined(XP_WIN)
-    if (!AddVectoredExceptionHandler(/* FirstHandler = */ true, WasmFaultHandler))
+    // FirstHandler must be false to avoid a conflict with ASan's fault handler
+    if (!AddVectoredExceptionHandler(/* FirstHandler = */ false, WasmFaultHandler))
         return false;
 # elif defined(XP_DARWIN)
     // OSX handles seg faults via the Mach exception handler above, so don't
     // install WasmFaultHandler.
 # else
     // SA_NODEFER allows us to reenter the signal handler if we crash while
     // handling the signal, and fall through to the Breakpad handler by testing
     // handlingSegFault.