On Thu, May 01, 2014 at 15:57, Damien Miller wrote: > On Thu, 1 May 2014, Ted Unangst wrote: > >> What's better than a freelist? Four freelists! > > Apart from moar = better, what's the motivation? Do you have a particular > attack in mind? The only thing I can think of where this change might help > is an attack that speculatively spams small offsets from the overflow and > hopes it doesn't run off the end of the page, and this seems fairly > contrived...
Nope, I can't tell you exactly how this would help, but it seems cheap enough. Guiding philosophy is simply to make a list of everything "known" about malloc, and then make it unknown or less certain.
