OpenBSD manual page server

Manual Page Search Parameters

MALLOC.CONF(5) File Formats Manual MALLOC.CONF(5)

malloc.confoptions for the memory allocator

Upon the first call to the malloc(3) family of functions, an initialization sequence inspects the symbolic link /etc/malloc.conf, next checks the environment for a variable called MALLOC_OPTIONS, and finally looks at the global variable malloc_options in the program. Each is scanned for the following flags. Flags are single letters, uppercase means on, lowercase means off.

“Canaries”. Add canaries at the end of allocations in order to detect heap overflows. The canary's content is checked when free(3) is called. If it has been corrupted, the process is aborted.
“Dump”. malloc(3) will dump statistics to the file ./malloc.out, if it already exists, at exit. This option requires the library to have been compiled with -DMALLOC_STATS in order to have any effect.
“Freeguard”. Enable use after free detection. Unused pages on the freelist are read and write protected to cause a segmentation fault upon access. This will also switch off the delayed freeing of chunks, reducing random behaviour but detecting double free(3) calls as early as possible. This option is intended for debugging rather than improved security (use the U option for security).
“Guard”. Enable guard pages. Each page size or larger allocation is followed by a guard page that will cause a segmentation fault upon any access.
“Hint”. Pass a hint to the kernel about pages we don't use. If the machine is paging a lot this may help a bit.
“Junk”. Fill some junk into the area allocated. Currently junk is bytes of 0xd0 when allocating; this is pronounced “Duh”. :-) Freed chunks are filled with 0xdf.
“Don't Junk”. By default, small chunks are always junked, and the first part of pages is junked after free. The reuse of freed memory is delayed. After the delay, the filling pattern is validated and the process is aborted if the pattern was modified. This option ensures that no junking is performed.
“Move allocations within a page.” Allocations larger than half a page but smaller than a page are aligned to the end of a page to catch buffer overruns in more cases. This is the default.
“realloc”. Always reallocate when realloc(3) is called, even if the initial allocation was big enough. This can substantially aid in compacting memory.
Enable all options suitable for security auditing.
“Free unmap”. Enable use after free protection for larger allocations. Unused pages on the freelist are read and write protected to cause a segmentation fault upon access.
“xmalloc”. Rather than return failure, abort(3) the program with a diagnostic message on stderr. It is the intention that this option be set at compile time by including in the source:
extern char *malloc_options;
malloc_options = "X";

Note that this will cause code that is supposed to handle out-of-memory conditions gracefully to abort instead.

“Half the cache size”. Decrease the size of the free page cache by a factor of two.
“Double the cache size”. Increase the size of the free page cache by a factor of two.

The flags are mostly for testing and debugging. If a program changes behavior if any of these options (except X) are used, it is buggy.

The default number of free pages cached is 64.

string of option flags

/etc/malloc.conf
symbolic link to filename containing option flags

Set a systemwide reduction of the cache to a quarter of the default size and use guard pages:

# ln -s 'G<<' /etc/malloc.conf

malloc(3)

February 19, 2016 OpenBSD-5.9