Debugging https://bugs.chromium.org/p/project-zero/issues/detail?id=1534 …, I see a NULL ptr rather than an obvious Use-After-Free. Is @ChakraCore not using the Windows Heap and does page heap therefore not apply to Chakra allocations? Is there a way to force Chakra to use the Windows heap so I can use page heap?
-
-
@MicrosoftEdge Is there any chance of the Edge team (regularly) releasing a debug build for use by external security researchers? External fuzzing has historically contributed greatly to MSIE and Edge security, so facilitating that should have obvious benefits. -
Source code file and line number in the pdb would also be great, as it can easily be mapped to ChakraCore on github.
End of conversation
New conversation -
-
-
@msftsecresponse I have repros for many NULL pointers in regular builds of Edge but root cause could be vuln (see thread). There is no public debug build for me to find out. Should I just report them all to you as potential security issues? Not ideal obviously; please advice. -
Thanks for asking. Please go ahead and report them at secure@ and we'll give them to the product team.
-
I have not recorded NULL pointers/Asserts recently but I used to find a couple every day. I will try to reduce the repros, are you positive this is what you want?
-
On second though this would require a massive investment of time on my side with no benefit other than a slim chance of getting a vuln fixed at some point. I think there are better ways for me to work in security, so I will not be going this route after all.
-
OK. If you find any you want to share, we'll be happy to evaluate.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.