From 40417dd678669799edc089eebf4227c87bb77fc0 Mon Sep 17 00:00:00 2001 From: "mark@chromium.org" Date: Mon, 22 Aug 2011 23:27:13 +0000 Subject: Allocate mach_override "reentry islands" in high memory using vm_allocate, rather than putting them in the heap using malloc. Ownership of page protection bits in the heap is dubious. BUG=93736 TEST=Watch the canary crashes tomorrow Review URL: http://codereview.chromium.org/7710011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@97770 0039d316-1c4b-4281-b951-d872f2087c98 --- third_party/mach_override/README.chromium | 8 +++++++- third_party/mach_override/mach_override.c | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/third_party/mach_override/README.chromium b/third_party/mach_override/README.chromium index 0e7e394..96b0cf7 100644 --- a/third_party/mach_override/README.chromium +++ b/third_party/mach_override/README.chromium @@ -19,4 +19,10 @@ implementations at run time. Local Modifications: -None. All local changes have been upstreamed. +reentryIsland is allocated in high memory with vm_allocate rather than the +heap with malloc by changing the allocation policy to kAllocateHigh. It +appears probable that putting the reentry island in the heap causes its page +to lose execute permission at some point under some circumstances, which +results in a crash on Lion. This modification is temoprary to simply test +out the theory. If proven, the code will be improved somewhat. +http://crbug.com/93736. diff --git a/third_party/mach_override/mach_override.c b/third_party/mach_override/mach_override.c index 8a4cf95..4768a57 100644 --- a/third_party/mach_override/mach_override.c +++ b/third_party/mach_override/mach_override.c @@ -267,7 +267,7 @@ mach_override_ptr( // Optionally allocate & return the reentry island. BranchIsland *reentryIsland = NULL; if( !err && originalFunctionReentryIsland ) { - err = allocateBranchIsland( &reentryIsland, kAllocateNormal, NULL); + err = allocateBranchIsland( &reentryIsland, kAllocateHigh, NULL); if( !err ) *originalFunctionReentryIsland = reentryIsland; } -- cgit v1.1