I was hoping re-re-re-reading Theo's slide would help me understand, but unfortunately it only raised another question to which I can't find an answer:
On slide 27 (http://www.openbsd.org/papers/ven05-deraadt/mgp00027.html) it says: If you try to read/write beyond the end of an object, maybe there is a guard page there? So is there a guard page or not? :) If the G option of malloc is used I'm under the impression that every object will be surrounded by guard pages. But if the G option is not used, will there be any guard pages at all? If so how are they allocated? Thanks, -Jd
