[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit
- From: 김지회 <pascal4847@...>
- Date: Sun, 5 Dec 2021 10:28:41 +0900
forbid any GC operation while running a finalizer.
Oh, that way can solve the problem, obviously.
And, Yes. The patch will be semantically right because finalizers are
not devised to call GC inside of itself as you said.
I think the patch leads to quite a lot of change in source code.... :-(
Thank you for the deep consideration of this problem.
By the way, If you plan the patch to be applied in version 5.4.5 or
later, may I report this crash into MITRE?