Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Set PAGE_NO_ACCESS when calling OSAllocatorWin protect rw: false
https://bugs.webkit.org/show_bug.cgi?id=260069 Reviewed by Don Olmstead and Yusuke Suzuki. In OSAllocatorWin, if you call OSAllocator::protect with readable false and writeable false, it’ll free the page + decommit. To the caller, this looks like it does the right thing - attempting to access the freed page will throw an access violation. However by freeing the page there’s a risk that we re-allocate that page later. For WasmMemory we want the pages to remain reserved in the virtual address space, so if someone tries to access memory in a “red zone” page it’ll throw an access violation. If that page is re-allocated, we could overflow WasmMemory and read / write that page. Switched OSAllocatorWin to set PAGE_NOACCESS instead of freeing the page when protect is called with readable and writeable false. * Source/WTF/wtf/win/OSAllocatorWin.cpp: (WTF::OSAllocator::protect): Canonical link: https://commits.webkit.org/266876@main
- Loading branch information