This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Additional malloc hardening
- From: OndÅej BÃlka <neleai at seznam dot cz>
- To: Florian Weimer <fweimer at redhat dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>
- Date: Fri, 19 Sep 2014 14:16:39 +0200
- Subject: Re: Additional malloc hardening
- Authentication-results: sourceware.org; auth=none
- References: <53F20559 dot 7040209 at redhat dot com>
On Mon, Aug 18, 2014 at 03:53:29PM +0200, Florian Weimer wrote:
> I would like to add a few more heap consistency checks to the malloc
> implementation.
>
> My initial focus is on allocation from the unsorted_chunks list.
> There seem to be a few invariants which are cheap to check for each
> chunk:
>
> - The PREV_INUSE bit is set.
> - The PREV_INUSE bit of the chunk after the foot is unset.
> - The size in the foot is equal to the size in the head.
> - The size of a chunk not in the main arena is less than HEAP_MAX_SIZE.
>
> The first two might not actually be true at the borders. Is it
> possible to cheaply identify these conditions?
>
You do not need for detecting userspace errors. A better way is to add a
checksum that will detect corruption. Even if it takes one byte with
randomization it could detect error 50% of time after ten errors its
1/1024 chance.
You could make much stronger checks but its tradeoff between that and
slowdown.
For example you could if request does not fill entire chunk write to
remaining bytes a pseudorandom sequence and check if its same on free.
That will detect off-by one writes. Disadvantage is that you need extra
byte to save exact size.
Or if you do not mind minor slowdown you could detect any invalid writes
and probably cause crash with invalid reads, when you free a chunk write
a psuedorandom sequence into it and check if its intact when you do
allocation. Finally at end of program check remaining chunks.