On Fri, Mar 16, 2018 at 7:45 PM, Evgenii Stepanov <eugenis@xxxxxxxxxx> wrote: > On Fri, Mar 16, 2018 at 11:24 AM, Andrey Konovalov > <andreyknvl@xxxxxxxxxx> wrote: >> Right, by redzones in this case I meant the metadata that is stored >> right after the object (which includes alloc and free stack handles >> and perhaps some other allocator stuff). > > Oh, I did not realize we have free (as in beer, not as in > use-after-free) redzones between allocations. Yes, reserving a color > sounds > like a good idea. OK, I'll do that then. > >> >>> As for use-after-free, to catch it with >>> 100% probability one would need infinite memory for the quarantine. As for the second part of Andrey's suggestion (as far as I understand it): reserve a color for freed objects. Without quarantine, this should give us a precise use-after-free-but-without-someone-else-allocating-the-same-object detection. What do you think about that? >>> It >>> is possible to guarantee 100% detection of linear buffer overflow by >>> giving live adjacent chunks distinct tags. I'll add that to the TODO list as well.
