From 7829b7048d5cf13a4f1a806fed57f2440d1b5dec Mon Sep 17 00:00:00 2001 From: Vlad Tsyrklevich Date: Wed, 29 Nov 2017 14:32:19 +0000 Subject: [CFI] Enable type generalization for LCMS Control Flow Integrity [1] indirect call checking verifies that function pointers only call valid functions with a matching type signature. This condition can be too strict, a common form of 'abstraction' relies on function pointers being cast to generalize argument pointer types to void*. In LCMS these failures occur because of casts of function pointers called as both _cmsInterpFn16 (cmsInterpFunction.Lerp16) and _cmsOPTeval16Fn (as an argument to _cmsPipelineSetOptimizationParameters) types making it difficult to refactor out easily. Instead, enabling the type generalization build config weakens the type checking performed for CFI-icall to accomodate this common type of casts. [1] https://www.chromium.org/developers/testing/control-flow-integrity Bug: 785442 Change-Id: Ib42fb1b4e152d5042b170698c2707ebb9e0cc1ee Reviewed-on: https://pdfium-review.googlesource.com/19250 Commit-Queue: dsinclair Reviewed-by: dsinclair --- DEPS | 19 +++++++++++++++---- third_party/BUILD.gn | 1 + 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/DEPS b/DEPS index d66a423d63..b91381ea73 100644 --- a/DEPS +++ b/DEPS @@ -5,10 +5,11 @@ vars = { 'pdfium_git': 'https://pdfium.googlesource.com', 'android_ndk_revision': '26d93ec07f3ce2ec2cdfeae1b21ee6f12ff868d8', - 'build_revision': 'fc826e6c8785c5bf8eefdd9cdf147adba3f97ff9', - 'buildtools_revision': 'f90f6a5af3e8cf843395bfe6243cf606f71b5344', + 'binutils_revision': '338a1641d1aa1f8551b16b19960884df357f56e5', + 'build_revision': '98bba0679c691125ddb81d056cc278c30fb3e677', + 'buildtools_revision': '505de88083136eefd056e5ee4ca0f01fe9b33de8', 'catapult_revision': '0cf3924bab2c2f66a412edda35f6e3572bd57623', - 'clang_revision': '4db585405687222660050d58eb12784fe0852884', + 'clang_revision': '8427dae2b5a769314af722e09000563b5184ba06', 'cygwin_revision': 'c89e446b273697fadf3a10ff1007a97c0b7de6df', 'freetype_revision': 'bec14f688925467be708f01378fbbf82e6b19b42', 'gmock_revision': '29763965ab52f24565299976b936d1265cb6a271', @@ -22,7 +23,7 @@ vars = { 'skia_revision': 'e0e20755f6c09b71038ced2bf4a00b4c4593f504', 'tools_memory_revision': '427f10475e1a8d72424c29d00bf689122b738e5d', 'trace_event_revision': '06294c8a4a6f744ef284cd63cfe54dbf61eea290', - 'v8_revision': '4931eb42e8a934941dc60d8f7dc510c08d7bc2c6', + 'v8_revision': '6bccad8c97667604eb3bbe8098baff8021a9dc95', 'yasm_source_revision': 'b98114e18d8b9b84586b10d24353ab8616d4c5fc', 'zlib_revision': '718f686437b89038ac83525f4f1b1888aadd9bfc', } @@ -48,6 +49,10 @@ deps = { "testing/gtest": Var('chromium_git') + "/external/googletest.git@" + Var('gtest_revision'), + "third_party/binutils": + Var('chromium_git') + '/chromium/src/third_party/binutils.git@' + + Var('binutils_revision'), + "third_party/freetype/src": Var('chromium_git') + '/chromium/src/third_party/freetype2.git@' + Var('freetype_revision'), @@ -236,5 +241,11 @@ hooks = [ 'pattern': '\\.sha1', 'action': ['python', 'pdfium/third_party/instrumented_libraries/scripts/download_binaries.py'], }, + { + 'name': 'binutils', + 'pattern': 'src/third_party/binutils', + 'condition': 'host_os == "linux"', + 'action': [ 'python', 'pdfium/third_party/binutils/download.py', ], + }, ] diff --git a/third_party/BUILD.gn b/third_party/BUILD.gn index a188f56194..863ab9e48b 100644 --- a/third_party/BUILD.gn +++ b/third_party/BUILD.gn @@ -248,6 +248,7 @@ static_library("fx_lcms2") { configs -= [ "//build/config/compiler:chromium_code" ] configs += [ "//build/config/compiler:no_chromium_code", + "//build/config/sanitizers:cfi_icall_generalize_pointers", ":pdfium_third_party_config", # Must be after no_chromium_code for warning flags to be ordered correctly. -- cgit v1.2.3