[cfe-dev] [RFC] Linux bots should set MALLOC_PERTURB_

[Alexander Potapenko]

IIUC this flag does not make glibc invalidate the _pointers_ to freed
memory, it just overwrites the contents of the freed memory with
garbage.
Picking different flag values results in different garbage values,
which may affect the behavior of buggy programs and thus help detect
the presence of a read-after-free (not a write-after-free or
double-free - the latter is handled by MALLOC_CHECK_).
This flag can't be used together with ASan, because ASan replaces the
libc allocator with its own one. ASan's use-after-free/double-free
detection is far more reliable.

Yet it might be a good idea to turn this flag on the regular Linux
bots to harden them a bit if this doesn't impact the performance much
(it actually may). CCing Galina as I've no idea who is in charge of
the Linux buildbots.

On Tue, Jul 22, 2014 at 1:57 PM, İsmail Dönmez <ismail at donmez.ws> wrote:
> I guess noone is interested in discovering double frees? This is just a one
> line change for the buildbots and it will at least uncover one real
> double-free now. See http://llvm.org/bugs/show_bug.cgi?id=20228
>
> At least Asan folks should be interested in this.
>
>
> On Mon, Jul 14, 2014 at 12:43 PM, İsmail Dönmez <ismail at donmez.ws> wrote:
>>
>> Gentle ping.
>>
>>
>> On Mon, Jul 7, 2014 at 9:50 PM, İsmail Dönmez <ismail at donmez.ws> wrote:
>>>
>>> Hi,
>>>
>>> glibc has a lightweight use-after-free detector which can be used by
>>> setting MALLOC_PERTURB_  [0]. Thanks to this flag I found a possible
>>> use-after-free bug in clang code. See
>>> http://llvm.org/bugs/show_bug.cgi?id=20228
>>>
>>> I suggest Linux bots make use of this flag to find possible
>>> use-after-free bugs.
>>>
>>> [0] http://udrepper.livejournal.com/11429.html
>>>
>>
>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>



-- 
Alexander Potapenko
Software Engineer
Google Moscow