Reland "Reland "Only pass executable sections to OnDllLoaded for patching""

This is a reland of afc72427 Same as before but now avoids a hidden memset from auto-var-init that broke during early loading on component builds. We immediately populate the memory so this is safe. Original change's description: > Reland "Only pass executable sections to OnDllLoaded for patching" > > This is a reland of df9e203b > > Original change's description: > > Only pass executable sections to OnDllLoaded for patching > > > > On recent Windows insider builds GetModuleHandleExW loads sections for > > inspection as non-executable images, rather than as files. This leads > > to our hooks detecting the SEC_IMAGE attribute and potentially patching > > functions (e.g. for user32.dll). > > > > This caused content_browsertests to fail as it pinned user32.dll in some > > processes. With this change, the tests run again. > > > > See crbug.com/1143397 for a full discussion. > > > > Bug: 1143397 > > Change-Id: I3b75464d0442160a417e4cb7084306841aaf76f7 > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2511531 > > Reviewed-by: Will Harris <wfh@chromium.org> > > Commit-Queue: Alex Gough <ajgo@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#823354} > > Bug: 1143397 > Change-Id: Ibacc1ba6105665c32ea445a7f63178163585efbc > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2515783 > Auto-Submit: Alex Gough <ajgo@chromium.org> > Commit-Queue: Alex Gough <ajgo@chromium.org> > Commit-Queue: Will Harris <wfh@chromium.org> > Reviewed-by: Will Harris <wfh@chromium.org> > Cr-Commit-Position: refs/heads/master@{#823679} Bug: 1143397,1145558 Change-Id: I06e3f945dc4829a9d8787d787111639e8d655624 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2519835Reviewed-by: Will Harris <wfh@chromium.org> Commit-Queue: Alex Gough <ajgo@chromium.org> Cr-Commit-Position: refs/heads/master@{#824210}

Reland "Reland "Only pass executable sections to OnDllLoaded for patching""
This is a reland of afc72427 Same as before but now avoids a hidden memset from auto-var-init that broke during early loading on component builds. We immediately populate the memory so this is safe. Original change's description: > Reland "Only pass executable sections to OnDllLoaded for patching" > > This is a reland of df9e203b > > Original change's description: > > Only pass executable sections to OnDllLoaded for patching > > > > On recent Windows insider builds GetModuleHandleExW loads sections for > > inspection as non-executable images, rather than as files. This leads > > to our hooks detecting the SEC_IMAGE attribute and potentially patching > > functions (e.g. for user32.dll). > > > > This caused content_browsertests to fail as it pinned user32.dll in some > > processes. With this change, the tests run again. > > > > See crbug.com/1143397 for a full discussion. > > > > Bug: 1143397 > > Change-Id: I3b75464d0442160a417e4cb7084306841aaf76f7 > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2511531 > > Reviewed-by: Will Harris <wfh@chromium.org> > > Commit-Queue: Alex Gough <ajgo@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#823354} > > Bug: 1143397 > Change-Id: Ibacc1ba6105665c32ea445a7f63178163585efbc > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2515783 > Auto-Submit: Alex Gough <ajgo@chromium.org> > Commit-Queue: Alex Gough <ajgo@chromium.org> > Commit-Queue: Will Harris <wfh@chromium.org> > Reviewed-by: Will Harris <wfh@chromium.org> > Cr-Commit-Position: refs/heads/master@{#823679} Bug: 1143397,1145558 Change-Id: I06e3f945dc4829a9d8787d787111639e8d655624 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2519835Reviewed-by: Will Harris <wfh@chromium.org> Commit-Queue: Alex Gough <ajgo@chromium.org> Cr-Commit-Position: refs/heads/master@{#824210}
5cd34161 · Alex Gough · Commit Bot · 9d2e2082 · 5cd34161
Commit 5cd34161 authored Nov 04, 2020 by Alex Gough Committed by Commit Bot Nov 04, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 0 deletions

sandbox/win/src/sandbox_nt_util.cc sandbox/win/src/sandbox_nt_util.cc +15 -0

No files found.
--- a/sandbox/win/src/sandbox_nt_util.cc
+++ b/sandbox/win/src/sandbox_nt_util.cc
@@ -404,6 +404,21 @@ bool IsValidImageSection(HANDLE section,
  if (!(basic_info.Attributes & SEC_IMAGE))
    return false;

+  // Windows 10 2009+ may open PEs as SEC_IMAGE_NO_EXECUTE in non-dll-loading
+  // paths which looks identical to dll-loading unless we check if the section
+  // handle has execute rights.
+  // Avoid memset inserted by -ftrivial-auto-var-init=pattern.
+  STACK_UNINITIALIZED OBJECT_BASIC_INFORMATION obj_info;
+  ULONG obj_size_returned;
+  ret = g_nt.QueryObject(section, ObjectBasicInformation, &obj_info,
+                         sizeof(obj_info), &obj_size_returned);
+
+  if (!NT_SUCCESS(ret) || sizeof(obj_info) != obj_size_returned)
+    return false;
+
+  if (!(obj_info.GrantedAccess & SECTION_MAP_EXECUTE))
+    return false;
+
  return true;
 }