From 8e5b22e0db4e915287a964affe3b12f8540d708d Mon Sep 17 00:00:00 2001
From: David Wrighton <davidwr@microsoft.com>
Date: Mon, 19 May 2025 14:28:16 -0700
Subject: [PATCH 1/2] Fix enumerating loaded process modules on Apple platforms
 - This logic always assumed that the lowest address of a mapped file was its
 "base address", but in the presence of #114462 that is no longer correct. We
 may map stubs at lower addresses. - Fix by checking the start of the mapped
 region for the magic value for the start of a MachO binary

---
 src/shared/pal/src/thread/process.cpp | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/shared/pal/src/thread/process.cpp b/src/shared/pal/src/thread/process.cpp
index 6eee73cec2..5926bf40a6 100644
--- a/src/shared/pal/src/thread/process.cpp
+++ b/src/shared/pal/src/thread/process.cpp
@@ -2371,7 +2371,27 @@ CreateProcessModules(
             }
         }
 
-        if (!dup)
+        // Does the offset in the module correspond to a valid MachO header?
+        bool isMachO = false;
+        int fd = open(moduleName, O_RDONLY);
+        if (fd != -1)
+        {
+            if (lseek(fd, rwpi.prp_prinfo.pri_offset, SEEK_SET) != (off_t)-1)
+            {
+                uint32_t magic = 0;
+                ssize_t bytesRead = read(fd, &magic, sizeof(magic));
+                if (bytesRead == sizeof(magic))
+                {
+                    if (magic == 0xFEEDFACF)
+                    {
+                        isMachO = true;
+                    }
+                }
+            }
+            close(fd);
+        }
+
+        if (!dup && isMachO)
         {
             int cbModuleName = strlen(moduleName) + 1;
             ProcessModules *entry = (ProcessModules *)malloc(sizeof(ProcessModules) + cbModuleName);

From 2ca010cadf4b636671e596fd6d77bd92adb69a51 Mon Sep 17 00:00:00 2001
From: David Wrighton <davidwr@microsoft.com>
Date: Mon, 19 May 2025 16:12:06 -0700
Subject: [PATCH 2/2] Try a less risky fix

---
 src/shared/pal/src/thread/process.cpp | 21 ++-------------------
 1 file changed, 2 insertions(+), 19 deletions(-)

diff --git a/src/shared/pal/src/thread/process.cpp b/src/shared/pal/src/thread/process.cpp
index 5926bf40a6..a8dcc09414 100644
--- a/src/shared/pal/src/thread/process.cpp
+++ b/src/shared/pal/src/thread/process.cpp
@@ -2372,26 +2372,9 @@ CreateProcessModules(
         }
 
         // Does the offset in the module correspond to a valid MachO header?
-        bool isMachO = false;
-        int fd = open(moduleName, O_RDONLY);
-        if (fd != -1)
-        {
-            if (lseek(fd, rwpi.prp_prinfo.pri_offset, SEEK_SET) != (off_t)-1)
-            {
-                uint32_t magic = 0;
-                ssize_t bytesRead = read(fd, &magic, sizeof(magic));
-                if (bytesRead == sizeof(magic))
-                {
-                    if (magic == 0xFEEDFACF)
-                    {
-                        isMachO = true;
-                    }
-                }
-            }
-            close(fd);
-        }
+        bool mightBeMachOHeader = rwpi.prp_prinfo.pri_offset == 0;
 
-        if (!dup && isMachO)
+        if (!dup && mightBeMachOHeader)
         {
             int cbModuleName = strlen(moduleName) + 1;
             ProcessModules *entry = (ProcessModules *)malloc(sizeof(ProcessModules) + cbModuleName);