It's fully dealt with for OpenBSD malloc in CopperheadOS and the alternative AOSP dlmalloc allocator since they don't merge mmap regions.
-
-
Replying to @CopperheadOS
Not doing this leads to various classes of bugs: end - start will overflow, ptr + size is undefined/broken in GCC and Clang and there are...
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS
... many API signatures (read, write, pread, [...]) and internal implementation details where ssize_t and ptrdiff_t fall short without this.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS
The PTRDIFF_MAX checks in
@musllibc are by far the sanest way of dealing with these issues and should be adopted elsewhere. Not just Bionic.1 reply 2 retweets 0 likes -
Replying to @CopperheadOS
Changing all code using end - start, ptr + size, ptrdiff_t and similar patterns for arbitrary objects is unrealistic. Just fix it in libc.
1 reply 1 retweet 0 likes -
Replying to @CopperheadOS
@CopperheadSec why not just fix the bugs? You’re actually advocating leave bugs in the wild????!!!!?2 replies 0 retweets 0 likes -
Replying to @thegrugq
@thegrugq@CopperheadSec There's not even a clear party to blame for the "bug". Overflows in reasonable pointer arith. = hopelessly bad QoI.1 reply 0 retweets 0 likes -
Replying to @RichFelker
@RichFelker@thegrugq The standard should really just forbid objects larger than PTRDIFF_MAX but they're too afraid of breaking anything.1 reply 0 retweets 1 like -
Replying to @CopperheadOS
@RichFelker@thegrugq Could be done on the kernel's side of the syscalls but that's never going to happen on Linux (maybe in@grsecurity).1 reply 0 retweets 0 likes -
Replying to @CopperheadOS
@RichFelker@thegrugq@grsecurity The merging of memory spans in jemalloc is a case where the kernel doing it wouldn't be enough though.1 reply 0 retweets 0 likes
@CopperheadSec @thegrugq @grsecurity Kernel could ensure it never maps >PTRDIFF_MAX worth of contiguous virtual memory.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.