Re: enhanced use-after-free detection for malloc v2

2015-11-02 Thread Daniel Micay
> It may also be viable as a security feature in some situations, not just > a way of finding bugs. Depends on how far away the UAF is from the free > call since one other free is all that's needed to lose reliable > detection. It might work better with a FIFO ring buffer rather than the > current

Re: enhanced use-after-free detection for malloc v2

2015-11-02 Thread Daniel Micay
On 02/11/15 06:40 AM, Theo Buehler wrote: > Sorry for this rather long mail: > > I have three small comments on the patch itself > (starting 80 lines below). > > For those who want to try both new features, I attached a patch against > -current that merges the three parts of Daniel's diff (plus t

Re: enhanced use-after-free detection for malloc v2

2015-11-02 Thread Theo Buehler
Sorry for this rather long mail: I have three small comments on the patch itself (starting 80 lines below). For those who want to try both new features, I attached a patch against -current that merges the three parts of Daniel's diff (plus the trivial two of the nits below) at the very end of thi

Re: enhanced use-after-free detection for malloc v2

2015-11-01 Thread Daniel Micay
(without mangling it this time...) diff --git a/stdlib/malloc.c b/stdlib/malloc.c index 424dd77..c408594 100644 --- a/stdlib/malloc.c +++ b/stdlib/malloc.c @@ -182,6 +182,7 @@ struct malloc_readonly { int malloc_freeunmap; /* mprotect free pages PROT_NONE? */ int mall

Re: enhanced use-after-free detection for malloc v2

2015-11-01 Thread Otto Moerbeek
On Fri, Oct 30, 2015 at 11:51:17PM -0400, Daniel Micay wrote: > On 26/10/15 04:19 PM, Daniel Micay wrote: > > This is an improved revision of my earlier patch. > > > > It now validates the junk data in the delayed_chunks array in an atexit > > handler > > too, rather than just when allocations a

Re: enhanced use-after-free detection for malloc v2

2015-10-30 Thread Daniel Micay
On 26/10/15 04:19 PM, Daniel Micay wrote: > This is an improved revision of my earlier patch. > > It now validates the junk data in the delayed_chunks array in an atexit > handler > too, rather than just when allocations are swapped out. > > It will now catch this simple UAF 100% of the time: >

enhanced use-after-free detection for malloc v2

2015-10-26 Thread Daniel Micay
This is an improved revision of my earlier patch. It now validates the junk data in the delayed_chunks array in an atexit handler too, rather than just when allocations are swapped out. It will now catch this simple UAF 100% of the time: #include #include int main(void) { size_t i; char *