Conversation

Have found a few C++14 sized deallocation bugs in the wild due by using it for adding an extra sanity check in github.com/AndroidHardeni. It's meant to be used as an optimization... fatal allocator error: sized deallocation mismatch (small) 0x787cfeb14c00, real: 192, claimed: 32

github.com

GitHub - GrapheneOS/hardened_malloc: Hardened allocator designed for modern systems. It has...

Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-base...

5:48 AM · Oct 5, 2018Twitter Web Client

Replying to

A mismatch like this is a memory corruption bug. However, libc++ / libstdc++ don't pass the hint through to the default system allocator and many would have no use for it. It's used by jemalloc to avoid reading out-of-line metadata for sizes as intended: github.com/jemalloc/jemal

Daniel Micay

@DanielMicay

Oct 5, 2018

This case happens when Krita exits and would lead to the allocation ending up in the wrong thread cache. It would be harmless in jemalloc since an 192 byte allocation could pass as 32 bytes. It might handle it correctly as 192 bytes if it gets flushed out of the thread cache...