* Additional malloc hardening
@ 2014-08-18 13:53 Florian Weimer
2014-09-19 12:16 ` Ondřej Bílka
0 siblings, 1 reply; 3+ messages in thread
From: Florian Weimer @ 2014-08-18 13:53 UTC (permalink / raw)
To: GNU C Library
I would like to add a few more heap consistency checks to the malloc
implementation.
My initial focus is on allocation from the unsorted_chunks list. There
seem to be a few invariants which are cheap to check for each chunk:
- The PREV_INUSE bit is set.
- The PREV_INUSE bit of the chunk after the foot is unset.
- The size in the foot is equal to the size in the head.
- The size of a chunk not in the main arena is less than HEAP_MAX_SIZE.
The first two might not actually be true at the borders. Is it possible
to cheaply identify these conditions?
--
Florian Weimer / Red Hat Product Security
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Additional malloc hardening
2014-08-18 13:53 Additional malloc hardening Florian Weimer
@ 2014-09-19 12:16 ` Ondřej Bílka
2014-09-23 11:23 ` Florian Weimer
0 siblings, 1 reply; 3+ messages in thread
From: Ondřej Bílka @ 2014-09-19 12:16 UTC (permalink / raw)
To: Florian Weimer; +Cc: GNU C Library
On Mon, Aug 18, 2014 at 03:53:29PM +0200, Florian Weimer wrote:
> I would like to add a few more heap consistency checks to the malloc
> implementation.
>
> My initial focus is on allocation from the unsorted_chunks list.
> There seem to be a few invariants which are cheap to check for each
> chunk:
>
> - The PREV_INUSE bit is set.
> - The PREV_INUSE bit of the chunk after the foot is unset.
> - The size in the foot is equal to the size in the head.
> - The size of a chunk not in the main arena is less than HEAP_MAX_SIZE.
>
> The first two might not actually be true at the borders. Is it
> possible to cheaply identify these conditions?
>
You do not need for detecting userspace errors. A better way is to add a
checksum that will detect corruption. Even if it takes one byte with
randomization it could detect error 50% of time after ten errors its
1/1024 chance.
You could make much stronger checks but its tradeoff between that and
slowdown.
For example you could if request does not fill entire chunk write to
remaining bytes a pseudorandom sequence and check if its same on free.
That will detect off-by one writes. Disadvantage is that you need extra
byte to save exact size.
Or if you do not mind minor slowdown you could detect any invalid writes
and probably cause crash with invalid reads, when you free a chunk write
a psuedorandom sequence into it and check if its intact when you do
allocation. Finally at end of program check remaining chunks.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Additional malloc hardening
2014-09-19 12:16 ` Ondřej Bílka
@ 2014-09-23 11:23 ` Florian Weimer
0 siblings, 0 replies; 3+ messages in thread
From: Florian Weimer @ 2014-09-23 11:23 UTC (permalink / raw)
To: Ondřej Bílka; +Cc: GNU C Library
On 09/19/2014 02:16 PM, OndÅ™ej BÃlka wrote:
> You do not need for detecting userspace errors. A better way is to add a
> checksum that will detect corruption. Even if it takes one byte with
> randomization it could detect error 50% of time after ten errors its
> 1/1024 chance.
Do you propose to fit this into the existing size field?
--
Florian Weimer / Red Hat Product Security
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-09-23 11:23 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-08-18 13:53 Additional malloc hardening Florian Weimer
2014-09-19 12:16 ` Ondřej Bílka
2014-09-23 11:23 ` Florian Weimer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).