tests/type_confusion: add dav1d_{alloc,free} instead of IA2_SHARED_DATA and make Dav1dContext opaque
#529
Conversation
kkysen
force-pushed
the
kkysen/type-confusion-clearer-comments
branch
from
f95ed89 to
67d148b
Compare
kkysen
force-pushed
the
kkysen/type-confusion-dav1d_alloc
branch
from
fafd42b to
ae6537d
Compare
kkysen
force-pushed
the
kkysen/type-confusion-clearer-comments
branch
from
67d148b to
5c011ca
Compare
kkysen
force-pushed
the
kkysen/type-confusion-dav1d_alloc
branch
from
ae6537d to
b1b4f96
Compare
kkysen
force-pushed
the
kkysen/type-confusion-clearer-comments
branch
from
5c011ca to
4e542e6
Compare
kkysen
force-pushed
the
kkysen/type-confusion-dav1d_alloc
branch
from
b1b4f96 to
b5ebf18
Compare
kkysen
force-pushed
the
kkysen/type-confusion-clearer-comments
branch
from
4e542e6 to
7ebe5f4
Compare
kkysen
force-pushed
the
kkysen/type-confusion-dav1d_alloc
branch
from
b5ebf18 to
2b58f15
Compare
kkysen
force-pushed
the
kkysen/type-confusion-clearer-comments
branch
from
7ebe5f4 to
7f46f97
Compare
kkysen
force-pushed
the
kkysen/type-confusion-dav1d_alloc
branch
from
2b58f15 to
5d9020b
Compare
kkysen
force-pushed
the
kkysen/type-confusion-clearer-comments
branch
from
7f46f97 to
66f2a9b
Compare
kkysen
force-pushed
the
kkysen/type-confusion-dav1d_alloc
branch
from
5d9020b to
b700442
Compare
fw-immunant
left a comment
fw-immunant
left a comment
There was a problem hiding this comment.
I was suggesting individual wrappers for the dav1d initializer-type functions that would return new, allocated-and-initialized objects and be marked as the constructor for the given type. That said, this also achieves the same memory ownership for the allocated objects, which is the main point: the caller can create objects but can only modify them via the dav1d compartment's API, not by poking at their bytes directly.
Correct me if I'm wrong, but I thought we had settled on a more generic
Is this way good then? Or what changes did you want me to still make? |
kkysen
force-pushed
the
kkysen/type-confusion-dav1d_alloc
branch
from
b700442 to
22950e5
Compare
kkysen
force-pushed
the
kkysen/type-confusion-clearer-comments
branch
from
66f2a9b to
b0c0dbf
Compare
kkysen
force-pushed
the
kkysen/type-confusion-dav1d_alloc
branch
from
22950e5 to
b12bbd9
Compare
kkysen
force-pushed
the
kkysen/type-confusion-clearer-comments
branch
from
b0c0dbf to
1ce0acd
Compare
kkysen
force-pushed
the
kkysen/type-confusion-dav1d_alloc
branch
from
b12bbd9 to
505dd81
Compare
kkysen
force-pushed
the
kkysen/type-confusion-clearer-comments
branch
from
1ce0acd to
40de6dd
Compare
kkysen
force-pushed
the
kkysen/type-confusion-dav1d_alloc
branch
from
505dd81 to
0d8e10e
Compare
kkysen
force-pushed
the
kkysen/type-confusion-clearer-comments
branch
from
40de6dd to
38d6c95
Compare
kkysen
force-pushed
the
kkysen/type-confusion-dav1d_alloc
branch
from
0d8e10e to
ea7cc30
Compare
kkysen
force-pushed
the
kkysen/type-confusion-clearer-comments
branch
from
38d6c95 to
5f25c18
Compare
kkysen
force-pushed
the
kkysen/type-confusion-dav1d_alloc
branch
from
ea7cc30 to
4e3e681
Compare
Given discussions we've had, I think we should probably just merge this approach when tests pass; what I really wanted was going to need something like #485 but that was mostly a matter of aesthetics. |
kkysen
force-pushed
the
kkysen/type-confusion-clearer-comments
branch
from
5f25c18 to
3f30552
Compare
kkysen
force-pushed
the
kkysen/type-confusion-dav1d_alloc
branch
from
4e3e681 to
07c1c28
Compare
…_DATA` This lets us not have to explain `IA2_SHARED_DATA` and better showcases how an untrusted compartment could exploit completely opaque types from another compartment.
kkysen
force-pushed
the
kkysen/type-confusion-dav1d_alloc
branch
from
07c1c28 to
017054a
Compare
donnais down, so I'm testing this in CI.@fw-immunant, is this what you meant?