Gigacage runway should immediately follow the primitive cage
authorkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 15 Dec 2018 03:05:59 +0000 (03:05 +0000)
committerkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 15 Dec 2018 03:05:59 +0000 (03:05 +0000)
commita80b400010bd494a2adceacb685add69ccbc21de
tree418d71ff8e0063f249709ed33e7bee420dcbb1e5
parent860483126f31903f75a5a5c34900034bc1953e3b
Gigacage runway should immediately follow the primitive cage
https://bugs.webkit.org/show_bug.cgi?id=192733

Reviewed by Saam Barati.

This patch makes sure that the Gigacage runway is always
immediately after the primitive cage. Since writing outside the
primitive gigacage is likely to be more dangerous than the JSValue
cage. The ordering of the cages is still random however.

* bmalloc/Gigacage.cpp:
(Gigacage::ensureGigacage):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239245 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/bmalloc/ChangeLog
Source/bmalloc/bmalloc/Gigacage.cpp