Commit f3b84e2b authored by Alex Gaynor's avatar Alex Gaynor Committed by Georg Koppen
Browse files

Bug 805173 - Enable HeapEnableTerminationOnCorruption for chrome processes on... 

Bug 805173 - Enable HeapEnableTerminationOnCorruption for chrome processes on Windows. r=mhowell,tjr

This is an exploit mitigation which causes the Windows system allocator to abort
in the event it is in a corrupted state, rather than attempt to proceed in a
potentially exploitable state.

Because we use jemalloc, this only affects system libraries or plugins which
still use the system allocator.

The has been enabled on our content processes for a while without incident.

r=mhowell,tjr

MozReview-Commit-ID: 5ctXugtbI1A

--HG--
extra : rebase_source : f6f134404be3b258a8e522c22fa061c32a47e313
parent 178711f2

toolkit/xre/nsAppRunner.cpp

+7 −0
Original line number Diff line number Diff line
@@ -4189,6 +4189,13 @@ XREMain::XRE_mainStartup(bool* aExitFlag) 
  }

#endif /* DEBUG */



#if defined(XP_WIN)

  // Enable the HeapEnableTerminationOnCorruption exploit mitigation. We ignore

  // the return code because it always returns success, although it has no

  // effect on Windows older than XP SP3.

  HeapSetInformation(NULL, HeapEnableTerminationOnCorruption, NULL, 0);

#endif /* XP_WIN */



#if defined(MOZ_WIDGET_GTK) || defined(MOZ_ENABLE_XREMOTE)

  // Stash DESKTOP_STARTUP_ID in malloc'ed memory because gtk_init will clear it.

#define HAVE_DESKTOP_STARTUP_ID