On Jun 13, "Erik Trulsson" wrote: > > Is the pre-zeroing of malloc'd memory documented somewhere? By my reading > > of the malloc manapge... > > > > The calloc() function allocates space for number objects, each size > > bytes in length. The result is identical to calling malloc() with an > > argument of ``number * size'', with the exception that the allocated > > memory is explicitly initialized to zero bytes. > > > > ...it seems like it's saying that malloc (as opposed to calloc) is NOT > > pre-zeroed. Is there a different document I should be reading? > > Note that this pre-zeroing is not done by malloc, but is done by the > kernel before it hands over memory to a process. Memory is not necessarily > returned to the system when free() is called, but is often retained > within the process and reused by the next malloc(). > > > This means that if you have a sequence like the following: > > foo=malloc(1234); > bar=malloc(1234); > /* do something that fills the memory that foo points to with garbage > */ > free(foo); > baz=malloc(1234); > > Then there is no guarantees whatsoever that baz will not point to > garbage. The memory that malloc() returns in the third call to > malloc() will most likely be the same as that previously pointed to by > foo and will still be filled with garbage. > > If your program needs zeroed memory you should use calloc() or do the > zeroing yourself - malloc doesn't do it. > > What is guaranteed is that any garbage in the memory returned by > malloc() will have been created by the same process, so that > information is not leaked from another process in this way. > > In short memory from malloc() may or may not be pre-zeroed, but it is > not a security problem in either case.
I got it. Thanks! This all stemmed from a discussion I was having with a coworker about vmware. I wondered aloud if information might leak from one VM to another via malloc. Whatever the answer is to that question (it's a linux VM server), I can now say I understand how FreeBSD behaves. Thanks again! Mike _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
