romenskiy2012/jemalloc
1
0
Fork 0
mirror of https://github.com/jemalloc/jemalloc.git synced 2026-06-18 09:55:39 +03:00
Code Issues Projects Releases Packages Wiki Activity
No description
3762 commits 4 branches 47 tags 46 MiB
Find a file
Slobodan Predolac dfb276f035 Speculative fix for Veracode integer overflow/underflow in sz.h 
Veracode flags CWE-190/191 on the `size + mask` round-ups in
sz_s2u_compute_using_delta, sz_s2u_compute and sz_sa2u. We believe these are
false positives: the arithmetic is unsigned size_t (overflow is well-defined in
C, not UB), `size` is already bounded by the SC_LARGE_MAXCLASS guard, and the
masks are tiny, so the additions cannot actually overflow.

CodeQL's security-extended suite (CWE-190/191) does not flag these. Its
uncontrolled-arithmetic query only reports *signed* overflow ("unsigned overflow
is well-defined"), and its tainted-arithmetic query credits the existing
upper-bound guard. Veracode instead treats the public-API size/alignment as
tainted and ignores guards placed above the expression, so piling on more
pre-checks does not satisfy it.

Effect on the malloc/free hot path is zero instructions as verified with
clang -O3 and ThinLTO objdump
2026-06-16 21:02:51 -04:00
.github/workflows Add CI coverage for --enable-cxx-infallible-new 2026-06-06 09:50:37 -04:00
bin Updated jeprof with more symbols to filter. 2024-10-14 10:31:58 -07:00
build-aux Update config.guess and config.sub to the latest versions 2026-03-10 18:14:33 -07:00
doc Replace experimental_infallible_new with compile-time flag 2026-06-06 09:50:37 -04:00
doc_internal update PROFILING_INTERNALS.md 2022-10-03 10:48:29 -07:00
include Speculative fix for Veracode integer overflow/underflow in sz.h 2026-06-16 21:02:51 -04:00
m4 Support C++17 over-aligned allocation 2019-11-22 10:14:16 -08:00
msvc Move malloc routing into new malloc_dispatch module 2026-06-04 11:32:53 -04:00
scripts Add CI coverage for --enable-cxx-infallible-new 2026-06-06 09:50:37 -04:00
src Cap the base-block growth heuristic 2026-06-16 10:20:15 -07:00
test De-export test-only helpers via JET_EXTERN / #ifdef JEMALLOC_JET; declare in unit tests, not headers 2026-06-11 11:45:05 -04:00
.appveyor.yml Update msys to vs2022 for appveyor 2026-04-19 22:49:25 -07:00
.autom4te.cfg Disable autom4te cache. 2014-09-02 17:49:29 -07:00
.clang-format Modify .clang-format to have declarations aligned 2025-05-28 19:22:21 -07:00
.git-blame-ignore-revs Ignore the clang-format changes in the git blame. 2026-03-10 18:14:33 -07:00
.gitattributes fix git handling of newlines on windows 2014-05-07 18:48:39 -04:00
.gitignore Adding trace analysis in preparation for page allocator microbenchmark. 2026-03-10 18:14:33 -07:00
.travis.yml Remove Travis Windows CI for now since it has infra failures. 2026-03-10 18:14:33 -07:00
autogen.sh build: Make autogen.sh accept quoted extra options 2024-01-03 14:20:34 -08:00
ChangeLog Update ChangeLog for release 5.3.1 2026-04-13 17:12:37 -07:00
config.stamp.in Move repo contents in jemalloc/ to top level. 2011-03-31 20:36:17 -07:00
configure.ac Replace experimental_infallible_new with compile-time flag 2026-06-06 09:50:37 -04:00
COPYING Update copyright dates. 2019-01-25 13:25:20 -08:00
INSTALL.md Replace experimental_infallible_new with compile-time flag 2026-06-06 09:50:37 -04:00
jemalloc.pc.in Expose jemalloc_prefix via pkg-config 2023-09-05 14:30:21 -07:00
Makefile.in Replace experimental_infallible_new with compile-time flag 2026-06-06 09:50:37 -04:00
README switch to https 2023-03-09 11:44:02 -08:00
run_tests.sh Introduce scripts to run all possible tests 2017-01-30 17:51:57 -08:00
TUNING.md switch to https 2023-03-09 11:44:02 -08:00

README 

jemalloc is a general purpose malloc(3) implementation that emphasizes
fragmentation avoidance and scalable concurrency support.  jemalloc first came
into use as the FreeBSD libc allocator in 2005, and since then it has found its
way into numerous applications that rely on its predictable behavior.  In 2010
jemalloc development efforts broadened to include developer support features
such as heap profiling and extensive monitoring/tuning hooks.  Modern jemalloc
releases continue to be integrated back into FreeBSD, and therefore versatility
remains critical.  Ongoing development efforts trend toward making jemalloc
among the best allocators for a broad range of demanding applications, and
eliminating/mitigating weaknesses that have practical repercussions for real
world applications.

The COPYING file contains copyright and licensing information.

The INSTALL file contains information on how to configure, build, and install
jemalloc.

The ChangeLog file contains a brief summary of changes for each release.

URL: https://jemalloc.net/