On Wed, 2016-09-07 at 18:29 -0400, Ted Unangst wrote: > Instead of always using a fixed byte pattern, I think malloc should > use a > random pattern. Now, this sometimes means it's harder to identify > exactly > what's used after free, so we should provide a means to get the old > 0xdf > pattern back. > > Since we already have two junk modes, I thought I'd carry on along > those > lines. The default junk behavior, for free chunks only, is more of a > security > measure. I think this means we want random junk. The second level 'J' > junk is > more of a debugging tool, so that retains 0xdf.
A bit off-topic: 'J' enables junk-on-init which is for debugging, but it also currently has security improvements for large allocations. There's only partial junk-on-free by default (half a page), and 'U' disables large allocation junk-on-free without 'J'. I think it would make sense to remove those optimizations since it's fine if the cost scales up with larger allocations and losing the guarantee of not leaking data via uninitialized memory with 'U' is not great. Using 'U' is quite expensive regardless, and adds some pathological performance cases for small size allocations which is more important. I ended up removing both of those optimizations for the CopperheadOS port.
