[webkit-changes] [WebKit/WebKit] 673b5e: Set PAGE_NO_ACCESS when calling OSAllocatorWin pro...

Ian noreply at github.com
Mon Aug 14 14:38:20 PDT 2023


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 673b5ea5e903e2863a488e1b5c8a02f945d8c7dc
      https://github.com/WebKit/WebKit/commit/673b5ea5e903e2863a488e1b5c8a02f945d8c7dc
  Author: Ian Grunert <ian.grunert at gmail.com>
  Date:   2023-08-14 (Mon, 14 Aug 2023)

  Changed paths:
    M Source/WTF/wtf/win/OSAllocatorWin.cpp

  Log Message:
  -----------
  Set PAGE_NO_ACCESS when calling OSAllocatorWin protect rw: false
https://bugs.webkit.org/show_bug.cgi?id=260069

Reviewed by Don Olmstead and Yusuke Suzuki.

In OSAllocatorWin, if you call OSAllocator::protect with readable false
and writeable false, it’ll free the page + decommit. To the caller,
this looks like it does the right thing - attempting to access the
freed page will throw an access violation. However by freeing the page
there’s a risk that we re-allocate that page later.

For WasmMemory we want the pages to remain reserved in the virtual
address space, so if someone tries to access memory in a “red zone”
page it’ll throw an access violation. If that page is re-allocated, we
could overflow WasmMemory and read / write that page.

Switched OSAllocatorWin to set PAGE_NOACCESS instead of freeing the
page when protect is called with readable and writeable false.

* Source/WTF/wtf/win/OSAllocatorWin.cpp:
(WTF::OSAllocator::protect):

Canonical link: https://commits.webkit.org/266876@main




More information about the webkit-changes mailing list