Vulnerability Development mailing list archives
RE: vulndev-1 and a suggestion about the ensuing discussion
From: Michael Wojcik <Michael.Wojcik () microfocus com>
Date: Thu, 15 May 2003 15:48:54 -0700
From: xenophi1e [mailto:oliver.lavery () sympatico ca] Sent: Thursday, May 15, 2003 12:47 PM
3) How could the layout of malloc()s bookeeping info be smarter? Are there any platforms that have allocators that are more robust against overruns?
To answer the second question first: there are platforms like C/400 on the AS/400, where C programs in essence run under a virtual machine, and most out-of-bounds accesses will immediately trap. To answer the first: malloc could certainly keep its information somewhere other than adjacent to user buffers. For example, it might instead use a list of separately-allocated records (or better a list of blocks of records, where each block was a data structure suitable for relatively fast access, probably a hashtable keyed on a hash of the address returned by malloc). With help from mprotect or equivalent these areas could further be protected with guard pages. There'd be a performance penalty for such a scheme (versus having each malloc'd area carry its own information, as is typical), but besides making the heap harder to corrupt, it'd let the implementation catch invalid and duplicate free's. -- Michael Wojcik Principal Software Systems Developer, Micro Focus
Current thread:
- vulndev-1 and a suggestion about the ensuing discussion Bernie Cosell (May 15)
- <Possible follow-ups>
- Re: vulndev-1 and a suggestion about the ensuing discussion xenophi1e (May 15)
- possible format string in ultra edit 8.00 Thijs Dalhuijsen (May 16)
- safe mallocs (was Re: vulndev-1 and a suggestion about the ensuing discussion) Bennett Todd (May 16)
- RE: vulndev-1 and a suggestion about the ensuing discussion Michael Wojcik (May 15)
- Re: vulndev-1 and a suggestion about the ensuing discussion xenophi1e (May 16)
- Re: vulndev-1 and a suggestion about the ensuing discussion Valdis . Kletnieks (May 17)