options for the memory allocator
Upon the first call to the
family of functions,
an initialization sequence inspects the symbolic link
, next checks the environment for
a variable called
finally looks at the global variable
in the program. Each is
scanned for the following flags. Flags are single letters. Unless otherwise
noted uppercase means on, lowercase means off.
- “Canaries”. Add canaries at the end of
allocations in order to detect heap overflows. The canary's content is
checked when free(3) is
called. If it has been corrupted, the process is aborted.
malloc(3) will dump
statistics to the file ./malloc.out, if it
already exists, at exit. This option requires the library to have been
compiled with -DMALLOC_STATS in order to have any effect.
- “Freeguard”. Enable use after free detection.
Unused pages on the freelist are read and write protected to cause a
segmentation fault upon access. This will also switch off the delayed
freeing of chunks, reducing random behaviour but detecting double
free(3) calls as early as
possible. This option is intended for debugging rather than improved
security (use the U option for
- “Guard”. Enable guard pages. Each page size or
larger allocation is followed by a guard page that will cause a
segmentation fault upon any access.
- “More junking”. Increase the junk level by one
if it is smaller than 2.
- “Less junking”. Decrease the junk level by one
if it is larger than 0. Junking writes some junk bytes into the area
allocated. Currently junk is bytes of 0xdb when allocating; freed chunks
are filled with 0xdf. By default the junk level is 1: small chunks are
always junked and the first part of pages is junked after free. After a
delay (if not switched off by the F option), the filling pattern is
validated and the process is aborted if the pattern was modified. If the
junk level is zero, no junking is performed. For junk level 2, junking is
done without size restrictions.
- “realloc”. Always reallocate when
realloc(3) is called, even
if the initial allocation was big enough.
- Enable all options suitable for security auditing.
- “Free unmap”. Enable use after free protection
for larger allocations. Unused pages on the freelist are read and write
protected to cause a segmentation fault upon access.
- “xmalloc”. Rather than return failure,
abort(3) the program with a
diagnostic message on stderr. It is the intention that this option be set
at compile time by including in the source:
Note that this will cause code that is supposed to handle out-of-memory
conditions gracefully to abort instead.
extern char *malloc_options;
malloc_options = "X";
- “Half the cache size”. Decrease the size of the
free page cache by a factor of two.
- “Double the cache size”. Increase the size of
the free page cache by a factor of two.
If a program changes behavior if any of these options (except
) are used, it is buggy.
The default number of free pages cached is 64 per malloc pool. Multi-threaded
programs use multiple pools.
- string of option flags
- symbolic link to filename containing option flags
Set a systemwide reduction of the cache to a quarter of the default size and use
# ln -s 'G<<'