RE: vulndev-1 and a suggestion about the ensuing discussion

[Michael Wojcik <Michael.Wojcik () microfocus com>]

> From: xenophi1e [mailto:oliver.lavery () sympatico ca] 
> Sent: Thursday, May 15, 2003 12:47 PM

> 3) How could the layout of malloc()s bookeeping info be smarter? Are 
> there any platforms that have allocators that are more robust against 
> overruns?

To answer the second question first: there are platforms like C/400 on the
AS/400, where C programs in essence run under a virtual machine, and most
out-of-bounds accesses will immediately trap.

To answer the first: malloc could certainly keep its information somewhere
other than adjacent to user buffers.  For example, it might instead use a
list of separately-allocated records (or better a list of blocks of records,
where each block was a data structure suitable for relatively fast access,
probably a hashtable keyed on a hash of the address returned by malloc).
With help from mprotect or equivalent these areas could further be protected
with guard pages.  There'd be a performance penalty for such a scheme
(versus having each malloc'd area carry its own information, as is typical),
but besides making the heap harder to corrupt, it'd let the implementation
catch invalid and duplicate free's.

-- 
Michael Wojcik
Principal Software Systems Developer, Micro Focus