Git-Mirrors/hardened_malloc
1
0
Fork 0
mirror of https://github.com/GrapheneOS/hardened_malloc.git synced 2024-06-29 08:02:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

clarify write-after-free detection feature

Browse Source
This commit is contained in:
Daniel Micay 2018-11-16 03:26:07 -05:00
parent a617f7604d
commit 315415acf2
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -195,6 +195,8 @@ was a bit less important and if a core goal was finding latent bugs.
* [in-progress] Randomized choice of slabs * [in-progress] Randomized choice of slabs
* [in-progress] Randomized allocation of slabs * [in-progress] Randomized allocation of slabs
* Slab allocations are zeroed on free * Slab allocations are zeroed on free
* Detection of write-after-free for slab allocations by verifying zero filling
is intact at allocation time
* Large allocations are purged and memory protected on free with the memory * Large allocations are purged and memory protected on free with the memory
mapping kept reserved in a quarantine to detect use-after-free mapping kept reserved in a quarantine to detect use-after-free
* The quarantine is primarily based on a FIFO ring buffer, with the oldest * The quarantine is primarily based on a FIFO ring buffer, with the oldest
@ -203,7 +205,6 @@ was a bit less important and if a core goal was finding latent bugs.
* Another layer of the quarantine swaps with a random slot in an array to * Another layer of the quarantine swaps with a random slot in an array to
randomize the number of large deallocations required to push mappings out randomize the number of large deallocations required to push mappings out
of the quarantine of the quarantine
* Detection of write-after-free by verifying zero filling is intact
* Memory in fresh allocations is consistently zeroed due to it either being * Memory in fresh allocations is consistently zeroed due to it either being
fresh pages or zeroed on free after previous usage fresh pages or zeroed on free after previous usage
* Delayed free via a combination of FIFO and randomization for slab allocations * Delayed free via a combination of FIFO and randomization for slab allocations