This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Patch to further harden glibc malloc metadata against 1-byte overflows

From: Chris Evans <scarybeasts at gmail dot com>
To: DJ Delorie <dj at redhat dot com>
Cc: libc-alpha at sourceware dot org, Florian Weimer <fweimer at redhat dot com>
Date: Tue, 21 Mar 2017 16:07:12 -0700
Subject: Re: Patch to further harden glibc malloc metadata against 1-byte overflows
Authentication-results: sourceware.org; auth=none
References: <CAMnK33V+MoMcspX0QSAL_1U+WVNhQo7YL6dH=wTg7u1kuRyuew@mail.gmail.com> <xninn7y9d8.fsf@greed.delorie.com>

Thanks! What a nice treat to read upon surviving the boonies :-)

As a follow up question: is there any appetite for any additional
glibc malloc metadata checks? While studying the code, I noticed a few
extra checks that could be added here and there. I don't think any of
them would be as useful as security defenses, but maybe they could
trap heap corruptions closer to the time they occurred. Any interest?

Cheers
Chris

On Fri, Mar 17, 2017 at 12:46 PM, DJ Delorie <dj@redhat.com> wrote:
>
> Chris Evans <scarybeasts@gmail.com> writes:
>> I'm traveling in the boonies for a few days and will address these
>> items upon return.
>
> In that case, I've checked it in for you.  Enjoy the boonies :-)

Follow-Ups:
- Re: Patch to further harden glibc malloc metadata against 1-byte overflows
  - From: DJ Delorie

References:
- Re: Patch to further harden glibc malloc metadata against 1-byte overflows
  - From: Chris Evans
- Re: Patch to further harden glibc malloc metadata against 1-byte overflows
  - From: DJ Delorie

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]