I'm going to need rounding for large allocation sizes like jemalloc to work around poorly written applications and libraries with element-by-element realloc growth loops. GTK+ / Qt ecosystems are full of memory corruption & inefficient patterns like this.
github.com/AndroidHardeni
Conversation
It's all fine with server and command-line applications and on Android, but GTK+ and Qt applications often take a ridiculously long time to load because applications feel like reallocating 32 bytes to 32 MiB via realloc loops in increments of 32 bytes. Krita is particularly bad.
2
2
8
Epiphany does a lot of this but it's also packed full of memory corruption so it's hard to test performance... not that anyone should be using such an insecure browser anyway. Even Firefox's lack of meaningful sandboxing and other issues are way less bad than the WebKitGTK mess.
2
4
I find it shocking how poorly desktop Linux applications other than Firefox/Chromium hold up to being run with memory corruption mitigations. It's ridiculous to use C or C++ without any ASan/UBSan testing in 2019. Qt forces lots of undefined behavior in the framework itself...
2
6
13
Replying to
(1) making lots of undefined C++ casts (incompatible with type-based CFI) leading to (2) calling delete with a type not matching the one used for new which is undefined and incompatible with some forms of allocator hardening. It's not a one-off thing but rather fairly pervasive.
They also reinvent a lot of the C++ standard libraries in their own libraries, and it's often done via undefined behavior. A lot of this is historical, since they wanted richer capabilities long before they were standard and used all kinds of awful hacks to provide the features.
1
I think it would be difficult to fix a lot of it, since it's part of the APIs. In other cases they're just doing nonsense things for no particular reason. They started fixing a subset caught by ASan in regular use but it's far from finished and what ASan catches is a tiny subset.