Conversation

It will trigger the -fsanitize=object-size (included in -fsanitize=undefined) and _FORTIFY_SOURCE checks. Using malloc_object_size is also not efficient. In modern malloc implementations, it usually requires reading out-of-line metadata since they avoid per-allocation metadata.
1
2
Extended malloc/realloc APIs providing the size as an output parameter is more efficient but it's still not ideal and runs into the same alloc_size issue. The best way to do it is really just having the collection types be aware of the malloc size classes to choose good sizes.
1
Replying to and
Makes sense. I deal in small allocations so much I forgot about large ones 😂 thanks for the info! (And yeah, I’ve been looking into tuning collection growth strategies specifically to avoid the overhead of asking for the size. It’s particularly steep for us for silly reasons)
1
2
hardened_malloc reserves the whole slab allocation region with a randomized sub-region for each size class in advance, which sounds somewhat similar. There's also a metadata region reserved in advance for all the mutable state including for slab allocations and large allocations.
2
I don’t think caching interferes with hardening. There’s very little you can do in practice against a UaF our double free in an allocator. An attacker can always “spray more” to exhaust quarantines. It’s a lost battle and cost used that way is lost to more meaningful defenses.