commit 49d21424d9d25b47a263bacec751742ac7370683 Author: Alex Gaynor <agaynor@mozilla.com> Date: Fri Mar 31 16:15:56 2017 -0400 Bug 805173 - Enable HeapEnableTerminationOnCorruption for chrome processes on Windows. r=mhowell,tjr This is an exploit mitigation which causes the Windows system allocator to abort in the event it is in a corrupted state, rather than attempt to proceed in a potentially exploitable state. Because we use jemalloc, this only affects system libraries or plugins which still use the system allocator. The has been enabled on our content processes for a while without incident. r=mhowell,tjr MozReview-Commit-ID: 5ctXugtbI1A --HG-- extra : rebase_source : f6f134404be3b258a8e522c22fa061c32a47e313 --- toolkit/xre/nsAppRunner.cpp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp index 455b142..721f599 100644 --- a/toolkit/xre/nsAppRunner.cpp +++ b/toolkit/xre/nsAppRunner.cpp @@ -4189,6 +4189,13 @@ XREMain::XRE_mainStartup(bool* aExitFlag) } #endif /* DEBUG */ +#if defined(XP_WIN) + // Enable the HeapEnableTerminationOnCorruption exploit mitigation. We ignore + // the return code because it always returns success, although it has no + // effect on Windows older than XP SP3. + HeapSetInformation(NULL, HeapEnableTerminationOnCorruption, NULL, 0); +#endif /* XP_WIN */ + #if defined(MOZ_WIDGET_GTK) || defined(MOZ_ENABLE_XREMOTE) // Stash DESKTOP_STARTUP_ID in malloc'ed memory because gtk_init will clear it. #define HAVE_DESKTOP_STARTUP_ID