> Have you thought about mprotecting the guard pages with > mprotect(PROT_NONE) so the application crashes in case of a stray memory > access?
Yes, rats. My message implied that we do that. And I then posted the wrong version of the code. :( Here's the right version of cmm_init. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
void * cmm_init(int size, int mem_min_unit, int overrun_bytes) { int i; size_t pgsize = (size_t)sysconf(_SC_PAGE_SIZE); size_t aligned = (pgsize + size + (pgsize - 1)) & ~(pgsize - 1); mem_arena_size = size; Mem_min_unit = mem_min_unit, Overrun_bytes = overrun_bytes; /* make sure mem_arena_size and Mem_min_unit are powers of 2 */ assert(mem_arena_size > 0); assert(mem_min_unit > 0); assert(0 == ((mem_arena_size-1)&mem_arena_size)); assert(0 == ((Mem_min_unit-1)&Mem_min_unit)); cmm_bittable_size = (mem_arena_size/Mem_min_unit) * 2; i = cmm_bittable_size; cmm_max_free_lists = -1; while(i) { i>>=1; cmm_max_free_lists++; } cmm_free_list = malloc(cmm_max_free_lists * sizeof(void *)); assert(cmm_free_list); memset(cmm_free_list, 0, cmm_max_free_lists*sizeof(void *)); cmm_bittable = malloc(cmm_bittable_size>>3); assert(cmm_bittable); memset(cmm_bittable, 0, cmm_bittable_size>>3); cmm_bitmalloc = malloc(cmm_bittable_size>>3); assert(cmm_bitmalloc); memset(cmm_bitmalloc, 0, cmm_bittable_size>>3); cmm_arena = mmap(NULL, pgsize + mem_arena_size + pgsize, PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, 0, 0); assert(MAP_FAILED != cmm_arena); mprotect(cmm_arena, pgsize, PROT_NONE); mprotect(cmm_arena + aligned, pgsize, PROT_NONE); set_bit(cmm_arena, 0, cmm_bittable); cmm_add_to_list(&cmm_free_list[0], cmm_arena); /* first bit means that table is in use, multi-arena management */ /* SETBIT(cmm_bittable, 0); */ return cmm_arena; }