On Sat, 10 Feb 2007, Jean-Daniel Beaubien wrote:
> I was hoping re-re-re-reading Theo's slide would help me understand,
> but unfortunately it only raised another question to which I can't
> find an answer:
>
> On slide 27 (http://www.openbsd.org/papers/ven05-deraadt/mgp00027.html) it
> says:
>
> If you try to read/write beyond the end of an object,
> maybe there is a guard page there?
>
> So is there a guard page or not? :) If the G option of malloc is used
> I'm under the impression that every object will be surrounded by guard
> pages. But if the G option is not used, will there be any guard pages
> at all? If so how are they allocated?
malloc gets pages from the system at random locations. If 'G' is not
used, sometimes nothing is mapped beyond the object, and sometimes a
page from another object is mapped. Objects larger than certain sizes
get a whole page. In that case the tail end will be unused, but mapped.
BTW, G is not default and AFAIK, there are not plans to make it default.
-Otto
