mimalloc icon indicating copy to clipboard operation
mimalloc copied to clipboard
verified publisher icon microsoft

mimalloc-redirect TLS callback hooking removes execution access to memory page?

Open vid512 opened this issue 8 months ago • 0 comments

After analyzing one very convoluted crash (don't ask...), I suspect following is happening:

It seems that closed-source mimalloc-redirect.dll briefly removes execution access (sets hardcoded read/write access only) for a memory page containing TLS callback pointer(s), while it is hooking onto TLS callbacks. If there is code executing in the same page at the same time in different thread, this can cause crash.

In my tests this seemed to happen only after a second thread was created in the process (probably from second thread's TLS callback?), but I am not 100% positive about that.

If my understanding is correct, then this should be done differently: read/write accesss should be granted only on top of what access there already exists, eg. exec access should be preserved.

This started after updating to mimalloc 2.1.9. Not sure from what version though (I can find out if needed).

vid512 avatar Apr 03 '25 13:04 vid512