Debugging https://bugs.chromium.org/p/project-zero/issues/detail?id=1534 …, I see a NULL ptr rather than an obvious Use-After-Free. Is @ChakraCore not using the Windows Heap and does page heap therefore not apply to Chakra allocations? Is there a way to force Chakra to use the Windows heap so I can use page heap?
-
-
Replying to @berendjanwever @ChakraCore
You want -pageheap:2 on test or debug builds.
1 reply 0 retweets 7 likes -
Replying to @spoofyroot @ChakraCore
Is there a test or debug build of Edge? If so where do I find it and how do I pass arguments seeing as UWP apps only accept one argument.
1 reply 0 retweets 0 likes -
Replying to @berendjanwever @ChakraCore
I don't think there are any public debug builds of Edge. Unfortunately if you want pageheap for the chakra heap you are limited to ch.exe.
1 reply 0 retweets 1 like -
Replying to @spoofyroot @ChakraCore
That's bad news as it effectively means that one cannot really debug this issue or any other issue that involves browser APIs. Also, all the null pointers I found are now suspect; any one of them may hide a UAF :/
2 replies 1 retweet 1 like -
@MicrosoftEdge Is there any chance of the Edge team (regularly) releasing a debug build for use by external security researchers? External fuzzing has historically contributed greatly to MSIE and Edge security, so facilitating that should have obvious benefits.1 reply 1 retweet 3 likes
Source code file and line number in the pdb would also be great, as it can easily be mapped to ChakraCore on github.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.