[Gc] security issue with libgc ?
mental at rydia.net
Sat Mar 17 11:17:52 PST 2007
On Sat, 2007-03-17 at 18:25 +0100, Christophe Meessen wrote:
> My application is a C++ application where the transmitted may be
> serialized objects and objet agregagtions (with pointers between them).
> From my understanding, this is a use case where a GC is required. People
> who say a GC is not needed in C++ are wrong. There are use cases where
> it is required.
Well, a collector like libgc's isn't specifically required. But it is
true that the alternatives are generally implementing ad-hoc garbage
collection (e.g. using refcounts).
> The way libgc identifies valid pointers from fake or forged one stored
> in the char array is thus a critical point.
It doesn't. If it looks like a pointer to an object in the heap, libgc
conservatively assumes it is. However, you can allocate char
arrays/objects which you know a priori will should not contain pointers
such that libgc will not inspect them.
> How does the valid pointer recognition work ?
It inspects the stack, live objects on the libgc heap (except those
allocated with gc_malloc_atomic), and (depending on configuration)
static/global variables for byte sequences which correspond to valid
Obviously you may need to help libgc out here -- use either
gc_malloc_atomic or plain (non-libgc) malloc for those buffers which are
likely to contain bogus byte patterns that could look like pointers.
> Can the GC be wrong on this recognition ?
Yes. Usually it's not a problem if it is wrong occasionally.
> What would be the possible consequences ? Only memory leak ?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://napali.hpl.hp.com/pipermail/gc/attachments/20070317/19f3dbb6/attachment.pgp
More information about the Gc