[Gc] security issue with libgc ?

MenTaLguY mental at rydia.net
Sat Mar 17 11:17:52 PST 2007


On Sat, 2007-03-17 at 18:25 +0100, Christophe Meessen wrote:
> My application is a C++ application where the transmitted may be
> serialized objects and objet agregagtions (with pointers between them).
> From my understanding, this is a use case where a GC is required. People
> who say a GC is not needed in C++ are wrong. There are use cases where
> it is required.

Well, a collector like libgc's isn't specifically required.  But it is
true that the alternatives are generally implementing ad-hoc garbage
collection (e.g. using refcounts).

> The way libgc identifies valid pointers from fake or forged one stored
> in the char array is thus a critical point.

It doesn't.  If it looks like a pointer to an object in the heap, libgc
conservatively assumes it is.  However, you can allocate char
arrays/objects which you know a priori will should not contain pointers
such that libgc will not inspect them.

> How does the valid pointer recognition work ?

It inspects the stack, live objects on the libgc heap (except those
allocated with gc_malloc_atomic), and (depending on configuration)
static/global variables for byte sequences which correspond to valid
heap locations.

Obviously you may need to help libgc out here -- use either
gc_malloc_atomic or plain (non-libgc) malloc for those buffers which are
likely to contain bogus byte patterns that could look like pointers.

> Can the GC be wrong on this recognition ?

Yes.  Usually it's not a problem if it is wrong occasionally.

> What would be the possible consequences ? Only memory leak ?

Yes.

-mental
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://napali.hpl.hp.com/pipermail/gc/attachments/20070317/19f3dbb6/attachment.pgp


More information about the Gc mailing list