Bounds checking in hmalloc2025-03-21
I've started working on a feature in the GrapheneOS hardened_malloc project that enables system wide buffer over/under-flow detection by overriding common block operation functions (eg. memcpy/memset) and performing size checks against the known sizes available in the malloc's metadata. It works quite well system wide in my testing, but still needs some extra work. @cgzones has been a kind help to me in making it comprehensive and accurate. This feature provides substantial security benefits to traditional (Intel/AMD) systems.
Comment on this: Privacy Guides Forum