On Sat, Sep 23, 2017 at 05:28:57AM -0400, Ted Unangst wrote: > Otto Moerbeek wrote: > > Hi, > > > > Malloc maintains a list if 16 slots of chunks to be freed. On free a > > chunk is put in a random slot and the existing chunk in that slot is > > actually freed. Currently, the code only checks the slot selected for > > a double free. > > > > This diff adds code to check all slots. It also removes the option to > > disable delayed free. > > I thought we were already doing this, so ok. :)
And here's the manpage diff. -Otto Index: malloc.conf.5 =================================================================== RCS file: /cvs/src/share/man/man5/malloc.conf.5,v retrieving revision 1.11 diff -u -p -r1.11 malloc.conf.5 --- malloc.conf.5 31 Oct 2016 10:07:18 -0000 1.11 +++ malloc.conf.5 23 Sep 2017 14:04:14 -0000 @@ -56,18 +56,11 @@ at exit. This option requires the library to have been compiled with -DMALLOC_STATS in order to have any effect. .It Cm F -.Dq Freeguard . -Enable use after free detection. +.Dq Freecheck . +Enable more extenisve double free and use after free detection. +All chunks in the delayed free list will be checked for double frees. Unused pages on the freelist are read and write protected to cause a segmentation fault upon access. -This will also switch off the delayed freeing of chunks, -reducing random behaviour but detecting double -.Xr free 3 -calls as early as possible. -This option is intended for debugging rather than improved security -(use the -.Cm U -option for security). .It Cm G .Dq Guard . Enable guard pages.