romenskiy2012/jemalloc
1
0
Fork 0
mirror of https://github.com/jemalloc/jemalloc.git synced 2026-06-19 10:25:38 +03:00
Code Issues Projects Releases Packages Wiki Activity

Implement use-after-free detection using junk and stash.

Browse source 
On deallocation, sampled pointers (specially aligned) get junked and stashed
into tcache (to prevent immediate reuse).  The expected behavior is to have
read-after-free corrupted and stopped by the junk-filling, while
write-after-free is checked when flushing the stashed pointers.
This commit is contained in:
Qi Wang 2021-10-18 17:33:15 -07:00 committed by Qi Wang
parent 06aac61c4b
commit b75822bc6e
22 changed files with 793 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

6
test/include/test/arena_util.h
View file

@ -26,6 +26,12 @@ do_arena_create(ssize_t dirty_decay_ms, ssize_t muzzy_decay_ms) {
static inline void
do_arena_destroy(unsigned arena_ind) {
/*
* For convenience, flush tcache in case there are cached items.
* However not assert success since the tcache may be disabled.
*/
mallctl("thread.tcache.flush", NULL, NULL, NULL, 0);
size_t mib[3];
size_t miblen = sizeof(mib)/sizeof(size_t);
expect_d_eq(mallctlnametomib("arena.0.destroy", mib, &miblen), 0,