Re: Malloc and security

To: debian-devel@lists.debian.org
Subject: Re: Malloc and security
From: Goswin von Brederlow <goswin-v-b@web.de>
Date: Tue, 19 Jun 2012 12:31:23 +0200
Message-id: <[🔎] 87mx3zd24k.fsf@frosties.localnet>
In-reply-to: <[🔎] 20120618203815.GM2753@decadent.org.uk> (Ben Hutchings's message of "Mon, 18 Jun 2012 21:38:15 +0100")
References: <[🔎] 4FDF8ECF.4030404@jatos.co.uk> <[🔎] 20120618203815.GM2753@decadent.org.uk>

Ben Hutchings <ben@decadent.org.uk> writes:

> On Mon, Jun 18, 2012 at 09:25:51PM +0100, Jamie White wrote:
>> Hiya
>> 
>> Just a quick question, which malloc, is there anyway that this
>> function (used in C) could allocate memory into already allocated
>> memory, such as the stack - or code space!
>  
> Assuming that the program uses memory correctly, no.  But if the
> program has a bug that causes it to write to unallocated memory, it
> could corrupt the memory allocator's state so that malloc later
> returns memory that has already been allocated.

Actually I believe this is undefined in C. Malloc may verry well oveflow
the heap region and run into the stack or code going by the C standard.

But eglibc malloc uses sbrk() and mmap() to get memory from the kernel
and those functions will not return space already allocated by the stack
or code. That is probably true for every libc on every modern Unix system.

MfG
        Goswin

Reply to:

References:
- Malloc and security
  - From: Jamie White <jamie@jatos.co.uk>
- Re: Malloc and security
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Re: Announce: script to automatically restart services after update of dependencies
Next by Date: Re: Summary: Moving /tmp to tmpfs makes it useless
Previous by thread: Re: Malloc and security
Next by thread: Re: Malloc and security
Index(es):
- Date
- Thread