Skip to content

fix: improve vtable ownership verification in hasVtable #305

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 16, 2025
Merged

fix: improve vtable ownership verification in hasVtable #305

merged 1 commit into from
Oct 16, 2025

Conversation

@18202781743
Copy link
Contributor

@18202781743 18202781743 commented Oct 16, 2025
edited
Loading

  1. Enhanced hasVtable function to verify vtable pointer matches recorded
    ghost vtable
  2. Added address reuse detection with detailed warning logging
  3. Implemented cleanup of stale mappings when address reuse is detected
  4. Fixed potential false positives when memory addresses are reused by
    different objects

Log: Fixed vtable hook detection reliability when memory addresses are
reused

Influence:

  1. Test vtable hooking with objects that have similar memory addresses
  2. Verify hasVtable returns correct results after object destruction
    and recreation
  3. Test memory reuse scenarios with multiple object allocations
  4. Check warning logs for address reuse detection
  5. Verify no memory leaks when stale mappings are cleaned up
  6. Test vtable hook stability in long-running applications

fix: 改进 hasVtable 函数中的虚表所有权验证

  1. 增强 hasVtable 函数以验证虚表指针是否与记录的 ghost 虚表匹配
  2. 添加地址重用检测和详细的警告日志记录
  3. 在检测到地址重用时实现陈旧映射的清理
  4. 修复当内存地址被不同对象重用时可能出现的误判问题

Log: 修复了内存地址被重用时虚表钩子检测的可靠性问题

Influence:

  1. 测试具有相似内存地址的对象的虚表钩子功能
  2. 验证对象销毁和重新创建后 hasVtable 返回正确结果
  3. 测试多个对象分配时的内存重用场景
  4. 检查地址重用检测的警告日志
  5. 验证清理陈旧映射时没有内存泄漏
  6. 测试长时间运行应用程序中虚表钩子的稳定性

PMS: BUG-329331 BUG-334591

@18202781743 18202781743 requested review from BLumia and mhduiy October 16, 2025 02:03
deepin-ci-robot added a commit to linuxdeepin/qt6platform-plugins that referenced this pull request Oct 16, 2025
@deepin-ci-robot
sync: from linuxdeepin/qt5platform-plugins
5dd8133 
Synchronize source files from linuxdeepin/qt5platform-plugins.

Source-pull-request: linuxdeepin/qt5platform-plugins#305
@deepin-ci-robot deepin-ci-robot mentioned this pull request Oct 16, 2025
Merged
deepin-ci-robot added a commit to linuxdeepin/qt6platform-plugins that referenced this pull request Oct 16, 2025
@deepin-ci-robot
sync: from linuxdeepin/qt5platform-plugins
cfa597c 
Synchronize source files from linuxdeepin/qt5platform-plugins.

Source-pull-request: linuxdeepin/qt5platform-plugins#305
@18202781743 18202781743 changed the title fix: fix hasVtable false positive on address reuse fix: improve vtable ownership verification in hasVtable Oct 16, 2025
@18202781743 18202781743 requested a review from ComixHe October 16, 2025 02:38
ComixHe
ComixHe requested changes Oct 16, 2025
View reviewed changes
@18202781743
fix: improve vtable ownership verification in hasVtable
3abcd7b 
1. Enhanced hasVtable function to verify vtable pointer matches recorded
ghost vtable
2. Added address reuse detection with detailed warning logging
3. Implemented cleanup of stale mappings when address reuse is detected
4. Fixed potential false positives when memory addresses are reused by
different objects

Log: Fixed vtable hook detection reliability when memory addresses are
reused

Influence:
1. Test vtable hooking with objects that have similar memory addresses
2. Verify hasVtable returns correct results after object destruction
and recreation
3. Test memory reuse scenarios with multiple object allocations
4. Check warning logs for address reuse detection
5. Verify no memory leaks when stale mappings are cleaned up
6. Test vtable hook stability in long-running applications

fix: 改进 hasVtable 函数中的虚表所有权验证

1. 增强 hasVtable 函数以验证虚表指针是否与记录的 ghost 虚表匹配
2. 添加地址重用检测和详细的警告日志记录
3. 在检测到地址重用时实现陈旧映射的清理
4. 修复当内存地址被不同对象重用时可能出现的误判问题

Log: 修复了内存地址被重用时虚表钩子检测的可靠性问题

Influence:
1. 测试具有相似内存地址的对象的虚表钩子功能
2. 验证对象销毁和重新创建后 hasVtable 返回正确结果
3. 测试多个对象分配时的内存重用场景
4. 检查地址重用检测的警告日志
5. 验证清理陈旧映射时没有内存泄漏
6. 测试长时间运行应用程序中虚表钩子的稳定性

PMS: BUG-329331 BUG-334591
deepin-ci-robot added a commit to linuxdeepin/qt6platform-plugins that referenced this pull request Oct 16, 2025
@deepin-ci-robot
sync: from linuxdeepin/qt5platform-plugins
4822bd4 
Synchronize source files from linuxdeepin/qt5platform-plugins.

Source-pull-request: linuxdeepin/qt5platform-plugins#305
@18202781743 18202781743 requested a review from ComixHe October 16, 2025 03:21
@deepin-ci-robot
Copy link
Contributor

deepin-ci-robot commented Oct 16, 2025

deepin pr auto review

我来审查这段代码的改进。

语法逻辑

  1. 改进后的代码逻辑更加严谨,增加了对vtable匹配的验证,防止地址重用导致的误判。
  2. 代码结构清晰,先检查ghost_vtable是否存在,再验证vtable指针是否匹配。
  3. 添加了适当的日志记录,有助于调试。

代码质量

  1. 改进很好,增加了对vtable的双重验证,提高了代码的可靠性。
  2. 日志记录使用了qCDebug,符合Qt框架的日志规范。
  3. 代码注释清晰,解释了修复的目的。

代码性能

  1. 增加了一层比较操作,对性能影响极小,因为这是指针比较操作,非常快速。
  2. 避免了潜在的误判导致的错误操作,从整体上提高了系统的稳定性。

代码安全

  1. 改进显著提高了安全性,防止了对象地址重用导致的虚表混淆问题。
  2. 通过验证vtable是否匹配,确保了只有真正被hook的对象才会被识别。
  3. 日志记录有助于追踪潜在的安全问题。

改进建议

  1. 考虑添加一个计数器或标记,记录地址重用的次数,如果频繁发生可能需要系统设计上的调整。
  2. 可以考虑在日志中添加更多的上下文信息,如ghost_vtable的地址,以便更好地调试。
  3. 考虑添加线程安全保护,如果这个函数可能被多线程调用。

总体而言,这是一个很好的改进,显著提高了代码的可靠性和安全性。

@deepin-ci-robot
Copy link
Contributor

deepin-ci-robot commented Oct 16, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: 18202781743, ComixHe

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@18202781743 18202781743 merged commit c9e889f into linuxdeepin:master Oct 16, 2025
21 of 22 checks passed
18202781743 pushed a commit to linuxdeepin/qt6platform-plugins that referenced this pull request Oct 16, 2025
@deepin-ci-robot @18202781743
sync: from linuxdeepin/qt5platform-plugins
8423e36 
Synchronize source files from linuxdeepin/qt5platform-plugins.

Source-pull-request: linuxdeepin/qt5platform-plugins#305
18202781743 added a commit to 18202781743/dtkcore that referenced this pull request Oct 16, 2025
@18202781743
fix: sync with qt5platform-plugins
c743be7 
linuxdeepin/qt5platform-plugins#305
@18202781743 18202781743 mentioned this pull request Oct 16, 2025
Merged
18202781743 added a commit to linuxdeepin/dtkcore that referenced this pull request Oct 16, 2025
@18202781743
fix: sync with qt5platform-plugins
840b931 
linuxdeepin/qt5platform-plugins#305
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ComixHe ComixHe ComixHe approved these changes

@mhduiy mhduiy Awaiting requested review from mhduiy

@BLumia BLumia Awaiting requested review from BLumia

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@18202781743 @deepin-ci-robot @ComixHe