272404 – Addresses may not be persistent across calls to pas_enumerator_reader

RESOLVED FIXED 272404

Addresses may not be persistent across calls to pas_enumerator_reader

https://bugs.webkit.org/show_bug.cgi?id=272404

Summary Addresses may not be persistent across calls to pas_enumerator_reader

David Degazio

Reported 2024-04-09 09:58:04 PDT

rdar://125072587 In pas_enumerator_read and pas_enumerator_create we invoke the reader (a pas_enumerator_reader, which wraps a call to a function pointer passed in from the embedder) repeatedly to locate the pas_root and other information about the remote process' libPAS structures. However, it's not guaranteed that the returned addresses are persistently mapped across multiple calls to the reader, making it possible for the pas_root or another object to become unmapped during these functions and crash the enumerator's process. We should instead store this information in locally-allocated copies or on the stack.

Attachments
Add attachment proposed patch, testcase, etc.

David Degazio

Comment 1 2024-04-09 10:19:59 PDT

Pull request: https://github.com/WebKit/WebKit/pull/27036

EWS

Comment 2 2024-04-09 15:39:31 PDT

Committed 277271@main (8d6284de0e3f): <https://commits.webkit.org/277271@main> Reviewed commits have been landed. Closing PR #27036 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component bmalloc

Assignee

David Degazio

Reported

2024-04-09 09:58 PDT

Modified

2024-04-09 15:39 PDT History

CC List

2 users Show

URL

Keywords InRadar

Depends on

Blocks