Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Issue 104752 Add guard pages for TCMalloc metadata
Starred by 4 users Project Member Reported by jsc...@chromium.org, Nov 18 2011 Back to list
Status: Fixed
Owner:
Closed: Jan 2012
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug

Restricted
  • Only users with EditIssue permission may comment.



Sign in to add a comment
It's possible to get the TCMalloc metadata pages allocated inline with normal user-controllable data. This means that a buffer overrun in a properly laid out address space could lead to a generic exploit against TCMalloc. This is even more likely on Unix-based system due to how the allocator is implemented. The easiest solution seems to be just adding a guard page in front of the metadata.
 
Comment 2 by k...@google.com, Dec 19 2011
Labels: -Mstone-17 Mstone-18 MovedFrom-17
Moving bugs marked as Started but not blockers from M17 to M18.  Please move back if you think this is a blocker, and add the ReleaseBlock-Stable label.  If you're able.
Comment 3 by jsc...@chromium.org, Jan 19 2012
Status: Fixed
Labels: -Mstone-18 Mstone-17
This made in into M17, nice.
Project Member Comment 5 by bugdroid1@chromium.org, Oct 13 2012
Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Project Member Comment 6 by bugdroid1@chromium.org, Mar 10 2013
Labels: -Area-Internals -Feature-Security -Mstone-17 Cr-Security Cr-Internals M-17
Project Member Comment 7 by bugdroid1@chromium.org, Mar 13 2013
Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue
Sign in to add a comment