Okay, I've got a consistent repro of this crash. If we start Gecko Profiler when the rdd process is running (e.g. opening youtube.com is enough), this crash 100% occurs. The reason why the trampoline area was not writable was [this call to `VirtualProtect`](https://searchfox.org/mozilla-central/source/mozglue/misc/interceptor/Trampoline.h#33) failed. And the reason was `ProcessDynamicCodePolicy` is enabled in the rdd process [when it started](https://hg.mozilla.org/mozilla-central/file/tip/security/sandbox/chromium/sandbox/win/src/process_mitigations.cc#l199). The purpose of `ProcessDynamicCodePolicy` is to precisely prevent this kind of detour behavior. At least out detour should just fail without crash if `VirtualProtect` failed for whatever reason. I think it's not a difficult fix. Bob, I think you're an export of this sandbox code. Do you have any suggestion/idea about how we should deal with a profiler in a sandbox process?
Bug 1599015 Comment 3 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Okay, I've got a consistent repro of this crash. If we start Gecko Profiler when the rdd process is running (e.g. opening youtube.com is enough), this crash 100% occurs. The reason why the trampoline area was not writable was [this call to `VirtualProtect`](https://searchfox.org/mozilla-central/source/mozglue/misc/interceptor/Trampoline.h#33) failed. And the reason was `ProcessDynamicCodePolicy` is enabled in the rdd process [when it started](https://hg.mozilla.org/mozilla-central/file/tip/security/sandbox/chromium/sandbox/win/src/process_mitigations.cc#l199). The purpose of `ProcessDynamicCodePolicy` is to precisely prevent this kind of detour behavior. At least out detour should just fail without crash if `VirtualProtect` failed for whatever reason. I think it's not a difficult fix. Bob, I think you're an expert of this sandbox code. Do you have any suggestion/idea about how we should deal with a profiler in a sandbox process?