From 7829b7048d5cf13a4f1a806fed57f2440d1b5dec Mon Sep 17 00:00:00 2001
From: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Wed, 29 Nov 2017 14:32:19 +0000
Subject: [CFI] Enable type generalization for LCMS

Control Flow Integrity [1] indirect call checking verifies that function
pointers only call valid functions with a matching type signature. This
condition can be too strict, a common form of 'abstraction' relies on
function pointers being cast to generalize argument pointer types to
void*.

In LCMS these failures occur because of casts of function pointers called
as both _cmsInterpFn16 (cmsInterpFunction.Lerp16) and _cmsOPTeval16Fn (as
an argument to _cmsPipelineSetOptimizationParameters) types making it
difficult to refactor out easily. Instead, enabling the type
generalization build config weakens the type checking performed for
CFI-icall to accomodate this common type of casts.

[1] https://www.chromium.org/developers/testing/control-flow-integrity

Bug: 785442
Change-Id: Ib42fb1b4e152d5042b170698c2707ebb9e0cc1ee
Reviewed-on: https://pdfium-review.googlesource.com/19250
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
---
 third_party/BUILD.gn | 1 +
 1 file changed, 1 insertion(+)

(limited to 'third_party/BUILD.gn')

diff --git a/third_party/BUILD.gn b/third_party/BUILD.gn
index a188f56194..863ab9e48b 100644
--- a/third_party/BUILD.gn
+++ b/third_party/BUILD.gn
@@ -248,6 +248,7 @@ static_library("fx_lcms2") {
   configs -= [ "//build/config/compiler:chromium_code" ]
   configs += [
     "//build/config/compiler:no_chromium_code",
+    "//build/config/sanitizers:cfi_icall_generalize_pointers",
     ":pdfium_third_party_config",
 
     # Must be after no_chromium_code for warning flags to be ordered correctly.
-- 
cgit v1.2.3