RE: vulndev-1 and a suggestion about the ensuing discussion

From: Michael Wojcik (
Date: 05/16/03

  • Next message: Thijs Dalhuijsen: "possible format string in ultra edit 8.00"
    Date: Thu, 15 May 2003 15:48:54 -0700

    > From: xenophi1e []
    > Sent: Thursday, May 15, 2003 12:47 PM

    > 3) How could the layout of malloc()s bookeeping info be smarter? Are
    > there any platforms that have allocators that are more robust against
    > overruns?

    To answer the second question first: there are platforms like C/400 on the
    AS/400, where C programs in essence run under a virtual machine, and most
    out-of-bounds accesses will immediately trap.

    To answer the first: malloc could certainly keep its information somewhere
    other than adjacent to user buffers. For example, it might instead use a
    list of separately-allocated records (or better a list of blocks of records,
    where each block was a data structure suitable for relatively fast access,
    probably a hashtable keyed on a hash of the address returned by malloc).
    With help from mprotect or equivalent these areas could further be protected
    with guard pages. There'd be a performance penalty for such a scheme
    (versus having each malloc'd area carry its own information, as is typical),
    but besides making the heap harder to corrupt, it'd let the implementation
    catch invalid and duplicate free's.

    Michael Wojcik
    Principal Software Systems Developer, Micro Focus

  • Next message: Thijs Dalhuijsen: "possible format string in ultra edit 8.00"