Bug 272404

Summary: Addresses may not be persistent across calls to pas_enumerator_reader
Product: WebKit Reporter: David Degazio <d_degazio>
Component: bmallocAssignee: David Degazio <d_degazio>
Status: RESOLVED FIXED    
Severity: Normal CC: ggaren, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description David Degazio 2024-04-09 09:58:04 PDT 
rdar://125072587

In pas_enumerator_read and pas_enumerator_create we invoke the reader (a pas_enumerator_reader, which wraps a call to a function pointer passed in from the embedder) repeatedly to locate the pas_root and other information about the remote process' libPAS structures. However, it's not guaranteed that the returned addresses are persistently mapped across multiple calls to the reader, making it possible for the pas_root or another object to become unmapped during these functions and crash the enumerator's process. We should instead store this information in locally-allocated copies or on the stack.
Comment 1 David Degazio 2024-04-09 10:19:59 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/27036
Comment 2 EWS 2024-04-09 15:39:31 PDT 
Committed 277271@main (8d6284de0e3f): <https://commits.webkit.org/277271@main>

Reviewed commits have been landed. Closing PR #27036 and removing active labels.