[webkit-changes] [WebKit/WebKit] 673b5e: Set PAGE_NO_ACCESS when calling OSAllocatorWin pro...
Ian
noreply at github.com
Mon Aug 14 14:38:20 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 673b5ea5e903e2863a488e1b5c8a02f945d8c7dc
https://github.com/WebKit/WebKit/commit/673b5ea5e903e2863a488e1b5c8a02f945d8c7dc
Author: Ian Grunert <ian.grunert at gmail.com>
Date: 2023-08-14 (Mon, 14 Aug 2023)
Changed paths:
M Source/WTF/wtf/win/OSAllocatorWin.cpp
Log Message:
-----------
Set PAGE_NO_ACCESS when calling OSAllocatorWin protect rw: false
https://bugs.webkit.org/show_bug.cgi?id=260069
Reviewed by Don Olmstead and Yusuke Suzuki.
In OSAllocatorWin, if you call OSAllocator::protect with readable false
and writeable false, it’ll free the page + decommit. To the caller,
this looks like it does the right thing - attempting to access the
freed page will throw an access violation. However by freeing the page
there’s a risk that we re-allocate that page later.
For WasmMemory we want the pages to remain reserved in the virtual
address space, so if someone tries to access memory in a “red zone”
page it’ll throw an access violation. If that page is re-allocated, we
could overflow WasmMemory and read / write that page.
Switched OSAllocatorWin to set PAGE_NOACCESS instead of freeing the
page when protect is called with readable and writeable false.
* Source/WTF/wtf/win/OSAllocatorWin.cpp:
(WTF::OSAllocator::protect):
Canonical link: https://commits.webkit.org/266876@main
More information about the webkit-changes
mailing list