On Wed, Jul 03, 2013 at 17:21, Theo de Raadt wrote: >> + int pval = 0xd0d0caca; > > Can you explain the choice of this?
I thought it sounded clever. > There are arguments to make this MI; other arguments to make it MD; > and other arguments to introduce a bit of randomness. > > I'd like to know which arguments you have Since libc doesn't do free list integrity checking, I'm currently leaning towards a random value. (even with random, we could still check that all words of a free chunk are the same.) Somebody also noticed that we don't have separate values for allocated and freed memory. I suppose this makes debugging harder since you can't obviously identify freed memory? I lean towards prioritizing finding more bugs, which implies we need more variability, since any one value may allow a program to work where a different value would not.