This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Patch to further harden glibc malloc metadata against 1-byte overflows
- From: Chris Evans <scarybeasts at gmail dot com>
- To: DJ Delorie <dj at redhat dot com>
- Cc: libc-alpha at sourceware dot org, Florian Weimer <fweimer at redhat dot com>
- Date: Tue, 21 Mar 2017 16:07:12 -0700
- Subject: Re: Patch to further harden glibc malloc metadata against 1-byte overflows
- Authentication-results: sourceware.org; auth=none
- References: <CAMnK33V+MoMcspX0QSAL_1U+WVNhQo7YL6dH=wTg7u1kuRyuew@mail.gmail.com> <xninn7y9d8.fsf@greed.delorie.com>
Thanks! What a nice treat to read upon surviving the boonies :-)
As a follow up question: is there any appetite for any additional
glibc malloc metadata checks? While studying the code, I noticed a few
extra checks that could be added here and there. I don't think any of
them would be as useful as security defenses, but maybe they could
trap heap corruptions closer to the time they occurred. Any interest?
Cheers
Chris
On Fri, Mar 17, 2017 at 12:46 PM, DJ Delorie <dj@redhat.com> wrote:
>
> Chris Evans <scarybeasts@gmail.com> writes:
>> I'm traveling in the boonies for a few days and will address these
>> items upon return.
>
> In that case, I've checked it in for you. Enjoy the boonies :-)