Re: wip/cliqz: Request for review

[Santhosh Raju <santhosh.raju%gmail.com@localhost>]

On Thu, Jan 17, 2019 at 9:54 PM Santhosh Raju <santhosh.raju%gmail.com@localhost> wrote:
>
> On Thu, Jan 17, 2019 at 8:36 PM Santhosh Raju <santhosh.raju%gmail.com@localhost> wrote:
> >
> > On Thu, Jan 17, 2019 at 3:34 AM Roland Illig <roland.illig%gmx.de@localhost> wrote:
> > >
> > > The NOT_PAX_MPROTECT_SAFE could need a bit more of an explanation. The
> > > associated Git commit only says "Fixed build in netbsd/amd64". I'd like
> > > to know what exactly the error messages were (if any) or what other
> > > reason makes these lines in the Makefile necessary. An internet browser
> > > written in C/C++ should definitely have all available security measures
> > > enabled by default.
> > >
> >
> > This was taken directly from the www/firefox Makefile[1] lines 35-37,
> > I am not sure why it was done in www/firefox but I have commented out
> > NOT_PAX_MPROTECT_SAFE for now in cliqz to check if anyone has issues
> > running it.
> >
>
> leot@ updated me on this,
>
> "Regarding cliqz/firefox MPROTECT is needed probably because there is
> memory mapped with RWX bit as part of the JavaScript JIT... with
> NOT_PAX_MPROTECT_SAFE commented out it will probably crash and
> run-time"
>
> So I guess I should keep them? Unfortunately I do not have a runtime
> environment at the moment where I can test this out.
>

I tested this out today with NOT_PAX_MPROTECT_SAFE commented out and
it looks like leot@ is right regarding the JavaScript JIT. The program
crashed with the following message

Assertion failure: [unhandlable oom] OOM in createJitRuntime, at
/usr/pkgsrc-current/wip/cliqz/work/browser-f-1.24.0/mozilla-release/js/src/vm/JSContext.cpp:1616

So I am going to uncomment the NOT_PAX_MPROTECT_SAFE for now, I shall
put up the explanation in the wip commit log.

--
Santhosh