Crashes in hijacked context

Question

Crashes in hijacked context

opened this issue 10 years ago · comments

This is not precisely a bug report but something to wonder about.

I have been experimenting with hijacking the UIWebView's JS context and working in that using the JSC APIs, as described here: http://stackoverflow.com/questions/19664206/access-the-javascriptcore-engine-of-a-uiwebview
Now, this approach works perfectly if I use the built-in JavaScriptCore framework -- the problem is that the typed array functions are not exposed there, which is a showstopper in my project. So I compiled your fork and tried doing the same but it crashes on any object-creation API (JSTypedArrayMake(), among others) with EXC_BAD_ACCESS, either in a Heap::didAllocate or some thread locking code. Needless to say, it works flawlessly in a manually created context.

I should mention that I was able to reproduce a similar crash when running the test against a manually compiled JSC from the original WebKit repo.

Have you perhaps run into this issue and/or know what the reason is?

Dominic Szablewski · Answer 1 · Sun Dec 28 2014 04:48:41 GMT+0800 (China Standard Time)

The internals of JSC change all the time. I believe you'd need to compile the exact same version of JSC that ships with iOS to make it work.

Closing this issue since there doesn't seem to be much interested and it looks unfeasible to me. Please reopen if you ever find a way to make it work :)

Petar Dobrev · Answer 2 · Sun Dec 28 2014 05:49:12 GMT+0800 (China Standard Time)

This actually sounds pretty interesting, especially if it's possible to be done with iOS 8"s jit enabled jsc. However given that as @phoboslab mentioned one would probably need to compile the exact same jsc version, it might break between ios versions.

Dominic Szablewski · Answer 3 · Sun Dec 28 2014 07:42:59 GMT+0800 (China Standard Time)

I doubt it's possible with WKWebView's JSC context.

The JIT in iOS8's WKWebView is only enabled because the WKWebView runs in a different process than your own app. Your own app/process is still not allowed to allocate executable memory. Accessing memory that's not part of your own process should be prevented by iOS and cause a SEGFAULT.

Petar Dobrev · Answer 4 · Sun Dec 28 2014 13:43:19 GMT+0800 (China Standard Time)

I see. Thanks for the clarification.
On Dec 28, 2014 1:43 AM, "Dominic Szablewski" notifications@github.com
wrote:

I doubt it's possible with WKWebView's JSC context.

The JIT in iOS8's WKWebView is only enabled because the WKWebView runs in
a different process than your own app. Your own app/process is still
not allowed to allocate executable memory. Accessing memory that's not part
of your own process should be prevented by iOS and cause a SEGFAULT.

—
Reply to this email directly or view it on GitHub
#21 (comment)
.