perturb byte in _int_malloc( ) in glibc

Question

after going through glibc code for malloc() and the actual allocator i.e _int_malloc() function I am not able to figure out the significance of "perturn_byte". Its being used in alloc_perturb macro() at many places in _int_malloc().

i know this this question is just to specific to answer, please pardon me. But in case anybody already knows the anwser will save me some head banging.

thanks

Answer 1

Here is the commit, which adds perturb_byte:

http://repo.or.cz/w/glibc.git/commitdiff/854278dff83a754f1d24a17c1c1068e8ebfe6195

And here is the key comment (and example of turning this feature on):

+  /* Make uses of freed and uninitialized memory known.  */
+  mallopt (M_PERTURB, 42);

So, it is debugging feature to detect misusage of free-d or malloce but not-yet-initialized memory.

Every memory byte which malloc gets from system (via brk or mmap) will be filled with perturb_byte (which is not a zero). I think, free-ed memory will be filled too.

Then user can check, is there still some uninialized in the malloced range or is there some write to free-ed memory.

Here is the documentation: http://www.gnu.org/s/hello/manual/libc/Malloc-Tunable-Parameters.html

M_PERTURB

If non-zero, memory blocks are filled with values depending on some low order bits of this parameter when they are allocated (except when allocated by calloc) and freed. This can be used to debug the use of uninitialized or freed heap memory.

As I see, this can be used only to do manual checks from debugger.