From ec2c1fcefb200c6cb7e09553f3c6af8815013d83 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Wed, 30 Aug 2017 16:39:41 +0200 Subject: malloc: Abort on heap corruption, without a backtrace [BZ #21754] The stack trace printing caused deadlocks and has been itself been targeted by code execution exploits. --- manual/memory.texi | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) (limited to 'manual/memory.texi') diff --git a/manual/memory.texi b/manual/memory.texi index 82f4738..13cce7a 100644 --- a/manual/memory.texi +++ b/manual/memory.texi @@ -1309,17 +1309,15 @@ The block was already freed. Another possibility to check for and guard against bugs in the use of @code{malloc}, @code{realloc} and @code{free} is to set the environment -variable @code{MALLOC_CHECK_}. When @code{MALLOC_CHECK_} is set, a -special (less efficient) implementation is used which is designed to be -tolerant against simple errors, such as double calls of @code{free} with -the same argument, or overruns of a single byte (off-by-one bugs). Not -all such errors can be protected against, however, and memory leaks can -result. If @code{MALLOC_CHECK_} is set to @code{0}, any detected heap -corruption is silently ignored; if set to @code{1}, a diagnostic is -printed on @code{stderr}; if set to @code{2}, @code{abort} is called -immediately. This can be useful because otherwise a crash may happen -much later, and the true cause for the problem is then very hard to -track down. +variable @code{MALLOC_CHECK_}. When @code{MALLOC_CHECK_} is set to a +non-zero value, a special (less efficient) implementation is used which +is designed to be tolerant against simple errors, such as double calls +of @code{free} with the same argument, or overruns of a single byte +(off-by-one bugs). Not all such errors can be protected against, +however, and memory leaks can result. + +Any detected heap corruption results in immediate termination of the +process. There is one problem with @code{MALLOC_CHECK_}: in SUID or SGID binaries it could possibly be exploited since diverging from the normal programs -- cgit v1.1