mirror of
https://github.com/jedisct1/libsodium.git
synced 2024-12-19 18:15:18 -07:00
473e1718cc
ptr = sodium_malloc(size) returns a pointer from which exactly "size" bytes can be accessed. ptr = sodium_allocarray(count, size) allocates enough storage space for "count" pointers or scalars of unit size "size". In both cases, the region is immediately followed by a guard page. As a result, any attempt to access a memory location after ptr[size - 1] will immediately trigger a segmentation fault. The allocated region is mlock()ed and filled with 0xd0 bytes. A read-only page with the size, a guard page, as well as a canary are placed before the returned pointer. The canary is checked by sodium_free(); as a result, altering data right before ptr is likely to cause sodium_free() to kill the process. sodium_free() munlock()s the region and fills it with zeros before actually calling free(). sodium_mprotect_noaccess(), sodium_mprotect_readonly() and sodium_mprotect_readwrite() can be used to change the protection on the set of allocated pages. Reverting the protection to read+write is not required before calling sodium_free().
4 lines
46 B
Plaintext
4 lines
46 B
Plaintext
OK
|
|
Intentional segfault / bus error caught
|
|
OK
|