Hosting Provided By

RE: vulndev-1 and a suggestion about the ensuing discussion

From: Michael Wojcik <Michael.Wojcik(at)microfocus.com>
Date: Thu May 15 2003 - 18:48:54 EDT

> From: xenophi1e [mailto:oliver.lavery@sympatico.ca]
> Sent: Thursday, May 15, 2003 12:47 PM

> 3) How could the layout of malloc()s bookeeping info be smarter? Are

To answer the second question first: there are platforms like C/400 on the AS/400, where C programs in essence run under a virtual machine, and most out-of-bounds accesses will immediately trap.

To answer the first: malloc could certainly keep its information somewhere other than adjacent to user buffers. For example, it might instead use a list of separately-allocated records (or better a list of blocks of records, where each block was a data structure suitable for relatively fast access, probably a hashtable keyed on a hash of the address returned by malloc). With help from mprotect or equivalent these areas could further be protected with guard pages. There'd be a performance penalty for such a scheme (versus having each malloc'd area carry its own information, as is typical), but besides making the heap harder to corrupt, it'd let the implementation catch invalid and duplicate free's.

-- 
Michael Wojcik
Principal Software Systems Developer, Micro Focus

Received on Thu May 15 19:03:13 2003

This message: [ Message body ]
Next message: Cameron Brown: "RE: MSIE integer overflows"
Maybe in reply to: Bernie Cosell: "vulndev-1 and a suggestion about the ensuing discussion"
In reply to xenophi1e: "Re: vulndev-1 and a suggestion about the ensuing discussion"
Next in thread: xenophi1e: "Re: vulndev-1 and a suggestion about the ensuing discussion"
Reply: xenophi1e: "Re: vulndev-1 and a suggestion about the ensuing discussion"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:39 EDT