On Fri, Mar 16, 2018 at 12:06 PM, Andrey Konovalov <andreyknvl@xxxxxxxxxx> wrote: > On Fri, Mar 16, 2018 at 7:45 PM, Evgenii Stepanov <eugenis@xxxxxxxxxx> wrote: >> On Fri, Mar 16, 2018 at 11:24 AM, Andrey Konovalov >> <andreyknvl@xxxxxxxxxx> wrote: >>> Right, by redzones in this case I meant the metadata that is stored >>> right after the object (which includes alloc and free stack handles >>> and perhaps some other allocator stuff). >> >> Oh, I did not realize we have free (as in beer, not as in >> use-after-free) redzones between allocations. Yes, reserving a color >> sounds >> like a good idea. > > OK, I'll do that then. > >> >>> >>>> As for use-after-free, to catch it with >>>> 100% probability one would need infinite memory for the quarantine. > > As for the second part of Andrey's suggestion (as far as I understand > it): reserve a color for freed objects. Without quarantine, this > should give us a precise > use-after-free-but-without-someone-else-allocating-the-same-object > detection. What do you think about that? Still non-deterministic, but we can use the same color we reserved for the redzones, why not. > >>>> It >>>> is possible to guarantee 100% detection of linear buffer overflow by >>>> giving live adjacent chunks distinct tags. > > I'll add that to the TODO list as well.
