options for the memory
Upon the first call to the
malloc(3) family of functions, an initialization sequence inspects
the symbolic link /etc/malloc.conf, next checks the
environment for a variable called
and finally looks at the global variable
malloc_options in the program. Each is scanned for the
following flags. Flags are single letters, uppercase means on, lowercase
- “Canaries”. Add canaries at the end of allocations in order to detect heap overflows. The canary's content is checked when free(3) is called. If it has been corrupted, the process is aborted.
- “Dump”. malloc(3) will dump statistics to the file ./malloc.out, if it already exists, at exit. This option requires the library to have been compiled with -DMALLOC_STATS in order to have any effect.
- “Freeguard”. Enable use after free detection. Unused pages
on the freelist are read and write protected to cause a segmentation fault
upon access. This will also switch off the delayed freeing of chunks,
reducing random behaviour but detecting double
free(3) calls as early as possible. This option is intended for
debugging rather than improved security (use the
Uoption for security).
- “Guard”. Enable guard pages. Each page size or larger allocation is followed by a guard page that will cause a segmentation fault upon any access.
- “Hint”. Pass a hint to the kernel about pages we don't use. If the machine is paging a lot this may help a bit.
- “Junk”. Fill some junk into the area allocated. Currently junk is bytes of 0xd0 when allocating; this is pronounced “Duh”. :-) Freed chunks are filled with 0xdf.
- “Don't Junk”. By default, small chunks are always junked, and the first part of pages is junked after free. The reuse of freed memory is delayed. After the delay, the filling pattern is validated and the process is aborted if the pattern was modified. This option ensures that no junking is performed.
- “Move allocations within a page.” Allocations larger than half a page but smaller than a page are aligned to the end of a page to catch buffer overruns in more cases. This is the default.
- “realloc”. Always reallocate when realloc(3) is called, even if the initial allocation was big enough. This can substantially aid in compacting memory.
- Enable all options suitable for security auditing.
- “Free unmap”. Enable use after free protection for larger allocations. Unused pages on the freelist are read and write protected to cause a segmentation fault upon access.
- “xmalloc”. Rather than return failure,
abort(3) the program with a diagnostic message on stderr. It is the
intention that this option be set at compile time by including in the
extern char *malloc_options; malloc_options = "X";
Note that this will cause code that is supposed to handle out-of-memory conditions gracefully to abort instead.
- “Half the cache size”. Decrease the size of the free page cache by a factor of two.
- “Double the cache size”. Increase the size of the free page cache by a factor of two.
The flags are mostly for testing and debugging. If a program
changes behavior if any of these options (except
are used, it is buggy.
The default number of free pages cached is 64.
- string of option flags
- symbolic link to filename containing option flags
Set a systemwide reduction of the cache to a quarter of the default size and use guard pages:
# ln -s 'G<<' /etc/malloc.conf