On Sat, Sep 23, 2017 at 05:28:57AM -0400, Ted Unangst wrote:
> Otto Moerbeek wrote:
> > Hi,
> >
> > Malloc maintains a list if 16 slots of chunks to be freed. On free a
> > chunk is put in a random slot and the existing chunk in that slot is
> > actually freed. Currently, the code only checks the slot selected for
> > a double free.
> >
> > This diff adds code to check all slots. It also removes the option to
> > disable delayed free.
>
> I thought we were already doing this, so ok. :)
And here's the manpage diff.
-Otto
Index: malloc.conf.5
===================================================================
RCS file: /cvs/src/share/man/man5/malloc.conf.5,v
retrieving revision 1.11
diff -u -p -r1.11 malloc.conf.5
--- malloc.conf.5 31 Oct 2016 10:07:18 -0000 1.11
+++ malloc.conf.5 23 Sep 2017 14:04:14 -0000
@@ -56,18 +56,11 @@ at exit.
This option requires the library to have been compiled with -DMALLOC_STATS in
order to have any effect.
.It Cm F
-.Dq Freeguard .
-Enable use after free detection.
+.Dq Freecheck .
+Enable more extenisve double free and use after free detection.
+All chunks in the delayed free list will be checked for double frees.
Unused pages on the freelist are read and write protected to
cause a segmentation fault upon access.
-This will also switch off the delayed freeing of chunks,
-reducing random behaviour but detecting double
-.Xr free 3
-calls as early as possible.
-This option is intended for debugging rather than improved security
-(use the
-.Cm U
-option for security).
.It Cm G
.Dq Guard .
Enable guard pages.
