Bug 805173 - Enable HeapEnableTerminationOnCorruption for chrome processes on Windows.
This is an exploit mitigation which causes the Windows system allocator to abort
in the event it is in a corrupted state, rather than attempt to proceed in a
potentially exploitable state.
Because we use jemalloc, this only affects system libraries or plugins which
still use the system allocator.
The has been enabled on our content processes for a while without incident.
r=mhowell,tjr
MozReview-Commit-ID: 5ctXugtbI1A
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -3708,16 +3708,23 @@ XREMain::XRE_mainStartup(bool* aExitFlag
const char* releaseChannel = NS_STRINGIFY(MOZ_UPDATE_CHANNEL);
if (strcmp(releaseChannel, "nightly") == 0 ||
strcmp(releaseChannel, "default") == 0) {
mozilla::Telemetry::InitIOReporting(gAppData->xreDirectory);
}
}
#endif /* DEBUG */
+#if defined(XP_WIN)
+ // Enable the HeapEnableTerminationOnCorruption exploit mitigation. We ignore
+ // the return code because it always returns success, although it has no
+ // effect on Windows older than XP SP3.
+ HeapSetInformation(NULL, HeapEnableTerminationOnCorruption, NULL, 0);
+#endif /* XP_WIN */
+
#if defined(MOZ_WIDGET_GTK) || defined(MOZ_ENABLE_XREMOTE)
// Stash DESKTOP_STARTUP_ID in malloc'ed memory because gtk_init will clear it.
#define HAVE_DESKTOP_STARTUP_ID
const char* desktopStartupIDEnv = PR_GetEnv("DESKTOP_STARTUP_ID");
if (desktopStartupIDEnv) {
mDesktopStartupID.Assign(desktopStartupIDEnv);
}
#endif