-
Bruce Dawson authored
PAGE_TARGETS_INVALID tells CFG (Control Flow Guard) to mark all addresses as invalid indirect branch targets. This makes exploits more difficult. The benefit is minor because most of the code in the Chrome process doesn't use the CFG checks, but this will close off a few weaknesses and is the direction we will want to go in eventually anyway (with specific targets or call sites opted-in to allowing calls, using SetProcessValidCallTargets). PAGE_TARGETS_INVALID may ultimately cause CFG to not allocate memory - that is implied by Windows Internals 7th Edition - and if that is implemented then this change will save some modest amount of memory. PAGE_TARGETS_INVALID was introduced in Windows 10 - according to Windows Internals Part 1 7th Edition - prior to that it will cause VirtualAlloc to fail. Bug: chromium:870054 Change-Id: Ib1784fba37cc0ecb5fe5df595f1519531b3b3a20 Reviewed-on: https://chromium-review.googlesource.com/1186025 Commit-Queue: Bruce Dawson <brucedawson@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55365}
6930df0f
