272404 – Addresses may not be persistent across calls to pas_enumerator_reader

Bug 272404 - Addresses may not be persistent across calls to pas_enumerator_reader

Summary: Addresses may not be persistent across calls to pas_enumerator_reader

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	bmalloc (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	David Degazio

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2024-04-09 09:58 PDT by David Degazio
Modified:	2024-04-09 15:39 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description David Degazio 2024-04-09 09:58:04 PDT

rdar://125072587

In pas_enumerator_read and pas_enumerator_create we invoke the reader (a pas_enumerator_reader, which wraps a call to a function pointer passed in from the embedder) repeatedly to locate the pas_root and other information about the remote process' libPAS structures. However, it's not guaranteed that the returned addresses are persistently mapped across multiple calls to the reader, making it possible for the pas_root or another object to become unmapped during these functions and crash the enumerator's process. We should instead store this information in locally-allocated copies or on the stack.

Comment 1 David Degazio 2024-04-09 10:19:59 PDT

Pull request: https://github.com/WebKit/WebKit/pull/27036

Comment 2 EWS 2024-04-09 15:39:31 PDT

Committed 277271@main (8d6284de0e3f): <https://commits.webkit.org/277271@main>

Reviewed commits have been landed. Closing PR #27036 and removing active labels.