Debugging https://bugs.chromium.org/p/project-zero/issues/detail?id=1534 …, I see a NULL ptr rather than an obvious Use-After-Free. Is @ChakraCore not using the Windows Heap and does page heap therefore not apply to Chakra allocations? Is there a way to force Chakra to use the Windows heap so I can use page heap?
-
-
Replying to @berendjanwever @ChakraCore
You want -pageheap:2 on test or debug builds.
1 reply 0 retweets 7 likes -
Replying to @spoofyroot @ChakraCore
Is there a test or debug build of Edge? If so where do I find it and how do I pass arguments seeing as UWP apps only accept one argument.
1 reply 0 retweets 0 likes -
Replying to @berendjanwever @ChakraCore
I don't think there are any public debug builds of Edge. Unfortunately if you want pageheap for the chakra heap you are limited to ch.exe.
1 reply 0 retweets 1 like -
Replying to @spoofyroot @ChakraCore
That's bad news as it effectively means that one cannot really debug this issue or any other issue that involves browser APIs. Also, all the null pointers I found are now suspect; any one of them may hide a UAF :/
2 replies 1 retweet 1 like -
@msftsecresponse I have repros for many NULL pointers in regular builds of Edge but root cause could be vuln (see thread). There is no public debug build for me to find out. Should I just report them all to you as potential security issues? Not ideal obviously; please advice.1 reply 0 retweets 0 likes -
Thanks for asking. Please go ahead and report them at secure@ and we'll give them to the product team.
1 reply 0 retweets 0 likes -
I have not recorded NULL pointers/Asserts recently but I used to find a couple every day. I will try to reduce the repros, are you positive this is what you want?
1 reply 0 retweets 0 likes
On second though this would require a massive investment of time on my side with no benefit other than a slim chance of getting a vuln fixed at some point. I think there are better ways for me to work in security, so I will not be going this route after all.
-
-
OK. If you find any you want to share, we'll be happy to evaluate.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.