1. 24
  1.  

  2. 7

    Isn’t this how pretty much all data works on the OS? If you want to be sure that nobody else will read the values you had there you have to zero it out before giving it back. And let’s not forget the swap…

    1. 5

      Yeah. As someone mentioned in r/netsec (where I found this), it’s really a bug with Chrome.

      What it highlights is a lack of memory safety in video memory that people often forget about. With WebGL this becomes scary stuff for driveby full screen capture/recording.

      1. 1

        Yep, bug with Chrome incognito mode. On Windows is memory cleared before being returned by malloc/new? I thought that was only the behaviour for secure OSs and/or secure alloc alternative functions?

        1. 3

          OS memory management != GPU memory management. Think of the GPU as a completely separate computer, only this one is designed and optimized purely for speed (and benchmarks are super important) with very very basic security. This means that the constant cost of zeroing out when malloc’d or some other GPU/driver imposed changes to the API are seen as large negatives.

          1. 1

            Yeah I know the gpu and system memory are separate, I was going off on a tangent :)

            1. 1

              Re-reading your comment I see what you were saying. I was probably looking for an excuse to write that heh.

              1. 1

                In hindsight i would have made them separate paragraphs and used clearer language :)

      2. 4

        It is possible to get back pages that process itself has already used, but never pages from other processes. Of course kernel does what is required for this (map all pages to zero page and when actually accessed give back zeroed page). This also is the reason why bugs caused by reading uninitialized memory rarely happen during unit-test runs or the short duration manual testing that developer does: all memory that proess initially get is zeroed.

      3. 5

        This also happens during rebooting. Sometimes when I reboot from Windows to Linux, I get portion of the last frame under windows before first refresh from xrandr.

        1. 3

          I love how completely unashamed the dude is he was watching porn. Did no one else notice that?

          1. 2

            Not only that but he still showed the title too