Date: Mon, 13 Jun 2005 14:33:55 -0700 From: Mike Hunter <mhunter@ack.berkeley.edu> To: Dag-Erling =?unknown-8bit?Q?Sm=F8rgrav?= <des@des.no>, freebsd-hackers@freebsd.org Subject: Re: unitialized memory is all zeros...why not garbage instead? Message-ID: <20050613213354.GA78702@malcolm.berkeley.edu> In-Reply-To: <20050613195026.GA90010@falcon.midgard.homeip.net> References: <20050610224058.GA11336@malcolm.berkeley.edu> <86vf4lb110.fsf@xps.des.no> <20050613193150.GA75218@malcolm.berkeley.edu> <20050613195026.GA90010@falcon.midgard.homeip.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 13, "Erik Trulsson" wrote: > > Is the pre-zeroing of malloc'd memory documented somewhere? By my reading > > of the malloc manapge... > > > > The calloc() function allocates space for number objects, each size > > bytes in length. The result is identical to calling malloc() with an > > argument of ``number * size'', with the exception that the allocated > > memory is explicitly initialized to zero bytes. > > > > ...it seems like it's saying that malloc (as opposed to calloc) is NOT > > pre-zeroed. Is there a different document I should be reading? > > Note that this pre-zeroing is not done by malloc, but is done by the > kernel before it hands over memory to a process. Memory is not necessarily > returned to the system when free() is called, but is often retained > within the process and reused by the next malloc(). > > > This means that if you have a sequence like the following: > > foo=malloc(1234); > bar=malloc(1234); > /* do something that fills the memory that foo points to with garbage > */ > free(foo); > baz=malloc(1234); > > Then there is no guarantees whatsoever that baz will not point to > garbage. The memory that malloc() returns in the third call to > malloc() will most likely be the same as that previously pointed to by > foo and will still be filled with garbage. > > If your program needs zeroed memory you should use calloc() or do the > zeroing yourself - malloc doesn't do it. > > What is guaranteed is that any garbage in the memory returned by > malloc() will have been created by the same process, so that > information is not leaked from another process in this way. > > In short memory from malloc() may or may not be pre-zeroed, but it is > not a security problem in either case. I got it. Thanks! This all stemmed from a discussion I was having with a coworker about vmware. I wondered aloud if information might leak from one VM to another via malloc. Whatever the answer is to that question (it's a linux VM server), I can now say I understand how FreeBSD behaves. Thanks again! Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050613213354.GA78702>