RE: vulndev-1 and a suggestion about the ensuing discussion
From: Michael Wojcik (Michael.Wojcik_at_microfocus.com)
To: firstname.lastname@example.org Date: Thu, 15 May 2003 15:48:54 -0700
> From: xenophi1e [mailto:email@example.com]
> Sent: Thursday, May 15, 2003 12:47 PM
> 3) How could the layout of malloc()s bookeeping info be smarter? Are
> there any platforms that have allocators that are more robust against
To answer the second question first: there are platforms like C/400 on the
AS/400, where C programs in essence run under a virtual machine, and most
out-of-bounds accesses will immediately trap.
To answer the first: malloc could certainly keep its information somewhere
other than adjacent to user buffers. For example, it might instead use a
list of separately-allocated records (or better a list of blocks of records,
where each block was a data structure suitable for relatively fast access,
probably a hashtable keyed on a hash of the address returned by malloc).
With help from mprotect or equivalent these areas could further be protected
with guard pages. There'd be a performance penalty for such a scheme
(versus having each malloc'd area carry its own information, as is typical),
but besides making the heap harder to corrupt, it'd let the implementation
catch invalid and duplicate free's.
-- Michael Wojcik Principal Software Systems Developer, Micro Focus