Debugging https://bugs.chromium.org/p/project-zero/issues/detail?id=1534 …, I see a NULL ptr rather than an obvious Use-After-Free. Is @ChakraCore not using the Windows Heap and does page heap therefore not apply to Chakra allocations? Is there a way to force Chakra to use the Windows heap so I can use page heap?
@msftsecresponse I have repros for many NULL pointers in regular builds of Edge but root cause could be vuln (see thread). There is no public debug build for me to find out. Should I just report them all to you as potential security issues? Not ideal obviously; please advice.
-
-
Thanks for asking. Please go ahead and report them at secure@ and we'll give them to the product team.
-
I have not recorded NULL pointers/Asserts recently but I used to find a couple every day. I will try to reduce the repros, are you positive this is what you want?
-
On second though this would require a massive investment of time on my side with no benefit other than a slim chance of getting a vuln fixed at some point. I think there are better ways for me to work in security, so I will not be going this route after all.
-
OK. If you find any you want to share, we'll be happy to evaluate.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.