about summary refs log tree commit diff
path: root/manual/tunables.texi
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2017-08-30 16:39:41 +0200
committerFlorian Weimer <fweimer@redhat.com>2017-08-30 16:39:41 +0200
commitec2c1fcefb200c6cb7e09553f3c6af8815013d83 (patch)
tree6da867b8b565f3d200688016fef68d8de42f9ae1 /manual/tunables.texi
parent9ce673b69e82578044958f66d93dcaddb23f6e95 (diff)
downloadglibc-ec2c1fcefb200c6cb7e09553f3c6af8815013d83.tar.gz
glibc-ec2c1fcefb200c6cb7e09553f3c6af8815013d83.tar.xz
glibc-ec2c1fcefb200c6cb7e09553f3c6af8815013d83.zip
malloc: Abort on heap corruption, without a backtrace [BZ #21754]
The stack trace printing caused deadlocks and has been itself been
targeted by code execution exploits.
Diffstat (limited to 'manual/tunables.texi')
-rw-r--r--manual/tunables.texi28
1 files changed, 7 insertions, 21 deletions
diff --git a/manual/tunables.texi b/manual/tunables.texi
index 3c19567a28..b09e3fe791 100644
--- a/manual/tunables.texi
+++ b/manual/tunables.texi
@@ -71,27 +71,13 @@ following tunables in the @code{malloc} namespace:
 This tunable supersedes the @env{MALLOC_CHECK_} environment variable and is
 identical in features.
 
-Setting this tunable enables a special (less efficient) memory allocator for
-the malloc family of functions that is designed to be tolerant against simple
-errors such as double calls of free with the same argument, or overruns of a
-single byte (off-by-one bugs). Not all such errors can be protected against,
-however, and memory leaks can result.  The following list describes the values
-that this tunable can take and the effect they have on malloc functionality:
-
-@itemize @bullet
-@item @code{0} Ignore all errors.  The default allocator continues to be in
-use, but all errors are silently ignored.
-@item @code{1} Report errors.  The alternate allocator is selected and heap
-corruption, if detected, is reported as diagnostic messages to @code{stderr}
-and the program continues execution.
-@item @code{2} Abort on errors.  The alternate allocator is selected and if
-heap corruption is detected, the program is ended immediately by calling
-@code{abort}.
-@item @code{3} Fully enabled.  The alternate allocator is selected and is fully
-functional.  That is, if heap corruption is detected, a verbose diagnostic
-message is printed to @code{stderr} and the program is ended by calling
-@code{abort}.
-@end itemize
+Setting this tunable to a non-zero value enables a special (less
+efficient) memory allocator for the malloc family of functions that is
+designed to be tolerant against simple errors such as double calls of
+free with the same argument, or overruns of a single byte (off-by-one
+bugs). Not all such errors can be protected against, however, and memory
+leaks can result.  Any detected heap corruption results in immediate
+termination of the process.
 
 Like @env{MALLOC_CHECK_}, @code{glibc.malloc.check} has a problem in that it
 diverges from normal program behavior by writing to @code{stderr}, which could