On Thu, Sep 08, 2016 at 06:42:33PM -0400, Daniel Micay wrote:
> On Wed, 2016-09-07 at 18:29 -0400, Ted Unangst wrote:
> > Instead of always using a fixed byte pattern, I think malloc should
> > use a
> > random pattern. Now, this sometimes means it's harder to identify
> > exactly
> > what's used after free, so we should provide a means to get the old
> > 0xdf
> > pattern back.
> >
> > Since we already have two junk modes, I thought I'd carry on along
> > those
> > lines. The default junk behavior, for free chunks only, is more of a
> > security
> > measure. I think this means we want random junk. The second level 'J'
> > junk is
> > more of a debugging tool, so that retains 0xdf.
>
> A bit off-topic: 'J' enables junk-on-init which is for debugging, but it
> also currently has security improvements for large allocations. There's
> only partial junk-on-free by default (half a page), and 'U' disables
> large allocation junk-on-free without 'J'. I think it would make sense
> to remove those optimizations since it's fine if the cost scales up with
> larger allocations and losing the guarantee of not leaking data via
> uninitialized memory with 'U' is not great. Using 'U' is quite expensive
> regardless, and adds some pathological performance cases for small size
> allocations which is more important. I ended up removing both of those
> optimizations for the CopperheadOS port.
I would prefer to see a diff with this. For me, that should be easier
to understand than you description.
-Otto
