OpenBSD manual page server

Manual Page Search Parameters

MALLOC.CONF(5) File Formats Manual MALLOC.CONF(5)

malloc.confoptions for the memory allocator

Upon the first call to the malloc(3) family of functions, an initialization sequence inspects the symbolic link /etc/malloc.conf, next checks the environment for a variable called MALLOC_OPTIONS, and finally looks at the global variable malloc_options in the program. Each is scanned for the following flags. Flags are single letters. Unless otherwise noted uppercase means on, lowercase means off.

“Canaries”. Add canaries at the end of allocations in order to detect heap overflows. The canary's content is checked when free(3) is called. If it has been corrupted, the process is aborted.
“Dump”. malloc(3) will dump statistics to the file ./malloc.out, if it already exists, at exit. This option requires the library to have been compiled with -DMALLOC_STATS in order to have any effect.
“Freeguard”. Enable use after free detection. Unused pages on the freelist are read and write protected to cause a segmentation fault upon access. This will also switch off the delayed freeing of chunks, reducing random behaviour but detecting double free(3) calls as early as possible. This option is intended for debugging rather than improved security (use the U option for security).
“Guard”. Enable guard pages. Each page size or larger allocation is followed by a guard page that will cause a segmentation fault upon any access.
“More junking”. Increase the junk level by one if it is smaller than 2.
“Less junking”. Decrease the junk level by one if it is larger than 0. Junking writes some junk bytes into the area allocated. Currently junk is bytes of 0xdb when allocating; freed chunks are filled with 0xdf. By default the junk level is 1: small chunks are always junked and the first part of pages is junked after free. After a delay (if not switched off by the F option), the filling pattern is validated and the process is aborted if the pattern was modified. If the junk level is zero, no junking is performed. For junk level 2, junking is done without size restrictions.
“realloc”. Always reallocate when realloc(3) is called, even if the initial allocation was big enough.
Enable all options suitable for security auditing.
“Free unmap”. Enable use after free protection for larger allocations. Unused pages on the freelist are read and write protected to cause a segmentation fault upon access.
“xmalloc”. Rather than return failure, abort(3) the program with a diagnostic message on stderr. It is the intention that this option be set at compile time by including in the source:
extern char *malloc_options;
malloc_options = "X";

Note that this will cause code that is supposed to handle out-of-memory conditions gracefully to abort instead.

“Half the cache size”. Decrease the size of the free page cache by a factor of two.
“Double the cache size”. Increase the size of the free page cache by a factor of two.

If a program changes behavior if any of these options (except X) are used, it is buggy.

The default number of free pages cached is 64 per malloc pool. Multi-threaded programs use multiple pools.

string of option flags

/etc/malloc.conf
symbolic link to filename containing option flags

Set a systemwide reduction of the cache to a quarter of the default size and use guard pages:

# ln -s 'G<<' /etc/malloc.conf

malloc(3)

October 31, 2016 OpenBSD-6.1