options for the memory
Upon the first call to the
malloc(3) family of functions, an initialization sequence inspects
the symbolic link /etc/malloc.conf, next checks the
environment for a variable called
and finally looks at the global variable
malloc_options in the program. Each is scanned for the
following flags. Flags are single letters. Unless otherwise noted uppercase
means on, lowercase means off.
- “Canaries”. Add canaries at the end of allocations in order to detect heap overflows. The canary's content is checked when free(3) is called. If it has been corrupted, the process is aborted.
- “Dump”. malloc(3) will dump statistics to the file ./malloc.out, if it already exists, at exit. This option requires the library to have been compiled with -DMALLOC_STATS in order to have any effect.
- “Freeguard”. Enable use after free detection. Unused pages
on the freelist are read and write protected to cause a segmentation fault
upon access. This will also switch off the delayed freeing of chunks,
reducing random behaviour but detecting double
free(3) calls as early as possible. This option is intended for
debugging rather than improved security (use the
Uoption for security).
- “Guard”. Enable guard pages. Each page size or larger allocation is followed by a guard page that will cause a segmentation fault upon any access.
- “Hint”. Pass a hint to the kernel about pages we don't use. If the machine is paging a lot this may help a bit.
- “More junking”. Increase the junk level by one if it is smaller than 2.
- “Less junking”. Decrease the junk level by one if it is larger than 0. Junking writes some junk bytes into the area allocated. Currently junk is bytes of 0xd0 when allocating; this is pronounced “Duh”. :-) Freed chunks are filled with 0xdf. By default the junk level is 1: small chunks are always junked and the first part of pages is junked after free. After a delay (if not switched off by the F option), the filling pattern is validated and the process is aborted if the pattern was modified. If the junk level is zero, no junking is performed. For junk level 2, junking is done without size restrictions.
- “Move allocations within a page.” Allocations larger than half a page but smaller than a page are aligned to the end of a page to catch buffer overruns in more cases. This is the default.
- “realloc”. Always reallocate when realloc(3) is called, even if the initial allocation was big enough. This can substantially aid in compacting memory.
- Enable all options suitable for security auditing.
- “Free unmap”. Enable use after free protection for larger allocations. Unused pages on the freelist are read and write protected to cause a segmentation fault upon access.
- “xmalloc”. Rather than return failure,
abort(3) the program with a diagnostic message on stderr. It is the
intention that this option be set at compile time by including in the
extern char *malloc_options; malloc_options = "X";
Note that this will cause code that is supposed to handle out-of-memory conditions gracefully to abort instead.
- “Half the cache size”. Decrease the size of the free page cache by a factor of two.
- “Double the cache size”. Increase the size of the free page cache by a factor of two.
The flags are mostly for testing and debugging. If a program
changes behavior if any of these options (except
are used, it is buggy.
The default number of free pages cached is 64.
- string of option flags
- symbolic link to filename containing option flags
Set a systemwide reduction of the cache to a quarter of the default size and use guard pages:
# ln -s 'G<<' /etc/malloc.conf