Mailing List Archive: Gentoo: Hardened

Gnash and aslr-fix

Index | Next | Previous | View Threaded

c.apeltauer at gmx

Feb 25, 2012, 1:09 AM

Post #1 of 6 (332 views)
Permalink

Gnash and aslr-fix

Hello hardened-list,
I was playing with gnash-0.8.10 for displaying downloaded swf files.
But I ran in an endless mmap/munmap loop. Of course I remembered bug
#396275 and found the culprit in libbase/jemalloc.c.
The code wasn't exactly the same as expected by firefox's
ff9-aslr-fix.patch, but I was able to port it to gnash. gnash works
now. Nonetheless I would like to have my patch to be reviewed by
someone who has a better understanding of what's going on.
Best regards
Christian Apeltauer

Attachments:

gnash-aslr-fix.patch (1.72 KB)

pageexec at freemail

Feb 25, 2012, 1:06 AM

Post #2 of 6 (320 views)
Permalink

Re: Gnash and aslr-fix [In reply to]

On 25 Feb 2012 at 10:09, Christian Apeltauer wrote:

hi,

> The code wasn't exactly the same as expected by firefox's
> ff9-aslr-fix.patch, but I was able to port it to gnash. gnash works
> now. Nonetheless I would like to have my patch to be reviewed by
> someone who has a better understanding of what's going on.

while the patch looks good me, can't you simply configure gnash to not use
the embedded jemalloc copy but the systemwide one (which was fixed 2 years
ago or so)?

c.apeltauer at gmx

Feb 26, 2012, 2:01 AM

Post #3 of 6 (309 views)
Permalink

Re: Gnash and aslr-fix [In reply to]

On Sat, 25 Feb 2012 11:06:06 +0200
"PaX Team" <pageexec [at] freemail> wrote:

> On 25 Feb 2012 at 10:09, Christian Apeltauer wrote:
>
> hi,
>
> > The code wasn't exactly the same as expected by firefox's
> > ff9-aslr-fix.patch, but I was able to port it to gnash. gnash works
> > now. Nonetheless I would like to have my patch to be reviewed by
> > someone who has a better understanding of what's going on.
>
> while the patch looks good me, can't you simply configure gnash to
> not use the embedded jemalloc copy but the systemwide one (which was
> fixed 2 years ago or so)?
>
>

I added --disable-jemalloc to $myconf and gnash worked without the
patch.
Thanks

--

pageexec at freemail

Feb 26, 2012, 2:44 AM

Post #4 of 6 (308 views)
Permalink

Re: Gnash and aslr-fix [In reply to]

On 26 Feb 2012 at 11:01, Christian Apeltauer wrote:

> > while the patch looks good me, can't you simply configure gnash to
> > not use the embedded jemalloc copy but the systemwide one (which was
> > fixed 2 years ago or so)?
>
> I added --disable-jemalloc to $myconf and gnash worked without the
> patch.

you should probably open a bug about and let the maintainers fix the ebuild for everyone ;).

basile at opensource

Feb 26, 2012, 6:04 AM

Post #5 of 6 (310 views)
Permalink

Re: Gnash and aslr-fix [In reply to]

On 02/26/2012 05:44 AM, PaX Team wrote:
> On 26 Feb 2012 at 11:01, Christian Apeltauer wrote:
>
>>> while the patch looks good me, can't you simply configure gnash to
>>> not use the embedded jemalloc copy but the systemwide one (which was
>>> fixed 2 years ago or so)?
>>
>> I added --disable-jemalloc to $myconf and gnash worked without the
>> patch.
>
> you should probably open a bug about and let the maintainers fix the ebuild for everyone ;).
>

I don't mind discussing bugs on the list, but I strongly encourage
people to open up bug reports because emails come and go, but reports in
bugzilla are organized in a way that makes it convenient for devs to
know what needs to be done next. When my bugs get into the dozens,
there's no way I can fish through emails to find stuff.

http://www.gentoo.org/doc/en/bugzilla-howto.xml

--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197

c.apeltauer at gmx

Feb 29, 2012, 1:34 AM

Post #6 of 6 (301 views)
Permalink

Re: Gnash and aslr-fix [In reply to]

On Sun, 26 Feb 2012 12:44:29 +0200
"PaX Team" <pageexec [at] freemail> wrote:

> On 26 Feb 2012 at 11:01, Christian Apeltauer wrote:
>
> > > while the patch looks good me, can't you simply configure gnash to
> > > not use the embedded jemalloc copy but the systemwide one (which
> > > was fixed 2 years ago or so)?
> >
> > I added --disable-jemalloc to $myconf and gnash worked without the
> > patch.
>
> you should probably open a bug about and let the maintainers fix the
> ebuild for everyone ;).
>
>

Some good news for all PAX users: According to gnash's bucktracker the
patch has been committed to gnash's git repository.
https://savannah.gnu.org/bugs/?35635

--

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads