diff --git a/Makefile b/Makefile index ba56af5..bf32eb4 100644 --- a/Makefile +++ b/Makefile @@ -7,9 +7,6 @@ CXX = clang++ ## DISABLE_CANARY - Disables the use of canaries, improves performance DISABLE_CANARY = -DDISABLE_CANARY=0 -## Clear user chunks upon free -SANITIZE_CHUNKS = -DSANITIZE_CHUNKS=0 - ## Call verify_all_zones upon alloc/free, never reuse private zones ## Adds significant performance over head FUZZ_MODE = -DFUZZ_MODE=0 @@ -23,9 +20,6 @@ PERM_FREE_REALLOC = -DPERM_FREE_REALLOC=0 ## with ARM MTE and PAC. See MEMORY_TAGGING.md for more information MEMORY_TAGGING = -DMEMORY_TAGGING=0 -## Enable abort() when isoalloc can't gather enough entropy. -ABORT_NO_ENTROPY = -DABORT_NO_ENTROPY=1 - ## This enables Address Sanitizer support for manually ## poisoning and unpoisoning zones. It adds significant ## performance and memory overhead @@ -100,23 +94,6 @@ HUGE_PAGES = -DHUGE_PAGES=1 CPU_PIN = -DCPU_PIN=0 SCHED_GETCPU = -## Enable the allocation sanity feature. This works a lot -## like GWP-ASAN does. It samples calls to iso_alloc and -## randomly swaps them out for raw page allocations that -## are surrounded by guard pages. These pages are unmapped -## upon free. Much like GWP-ASAN this is designed to be -## used in production builds and should not incur too -## much of a performance penalty -ALLOC_SANITY = -DALLOC_SANITY=0 - -## Enable hooking of memcpy/memmove/memset to detect out of bounds -## r/w operations on chunks allocated with IsoAlloc. Does -## not require ALLOC_SANITY is enabled. On MacOS you need -## to set FORTIFY_SOURCE to 0. Leave these commented if -## you aren't enabling them. -MEMCPY_SANITY = -DMEMCPY_SANITY=0 -MEMSET_SANITY = -DMEMSET_SANITY=0 - ## Enable the userfaultfd based uninitialized read detection ## feature. This samples calls to malloc, and allocates raw ## pages of memory with mmap which are registered with the @@ -125,7 +102,7 @@ MEMSET_SANITY = -DMEMSET_SANITY=0 ## previous call to write. Think of it as GWP-ASAN but for ## uninitialized reads. Enabling this feature does incur a ## performance penalty. This requires that both ALLOC_SANITY -## and THREAD_SUPPORT are enabled. Linux only +## option and THREAD_SUPPORT are enabled. Linux only UNINIT_READ_SANITY = -DUNINIT_READ_SANITY=0 ## By default IsoAlloc may select a zone that holds chunks @@ -148,11 +125,6 @@ UAF_PTR_PAGE = -DUAF_PTR_PAGE=0 ## performance penalty VERIFY_FREE_BIT_SLOTS = -DVERIFY_FREE_BIT_SLOTS=0 -## Randomizes the free bit slot list upon creation. This can -## impact perf. You can control the minimum size of the list -## to be randomized with MIN_RAND_FREELIST in conf.h -RANDOMIZE_FREELIST = -DRANDOMIZE_FREELIST=1 - ## Enable experimental features that are not guaranteed to ## compile, or introduce stability and performance bugs EXPERIMENTAL = -DEXPERIMENTAL=0 @@ -290,11 +262,11 @@ else BUILD_ERROR_FLAGS := $(BUILD_ERROR_FLAGS) -Wno-attributes -Wno-unused-variable endif CFLAGS += $(COMMON_CFLAGS) $(DISABLE_CANARY) $(BUILD_ERROR_FLAGS) $(HOOKS) $(HEAP_PROFILER) -fvisibility=hidden \ - -std=$(STDC) $(SANITIZER_SUPPORT) $(ALLOC_SANITY) $(MEMCPY_SANITY) $(UNINIT_READ_SANITY) $(CPU_PIN) $(SCHED_GETCPU) \ + -std=$(STDC) $(SANITIZER_SUPPORT) $(MEMCPY_SANITY) $(UNINIT_READ_SANITY) $(CPU_PIN) $(SCHED_GETCPU) \ $(EXPERIMENTAL) $(UAF_PTR_PAGE) $(VERIFY_FREE_BIT_SLOTS) $(NAMED_MAPPINGS) $(ABORT_ON_NULL) $(NO_ZERO_ALLOCATIONS) \ $(ABORT_NO_ENTROPY) $(ISO_DTOR_CLEANUP) $(RANDOMIZE_FREELIST) $(USE_SPINLOCK) $(HUGE_PAGES) $(USE_MLOCK) \ $(MEMORY_TAGGING) $(STRONG_SIZE_ISOLATION) $(MEMSET_SANITY) $(AUTO_CTOR_DTOR) $(SIGNAL_HANDLER) \ - $(BIG_ZONE_META_DATA_GUARD) $(BIG_ZONE_GUARD) $(PROTECT_UNUSED_BIG_ZONE) $(MASK_PTRS) $(SANITIZE_CHUNKS) $(FUZZ_MODE) \ + $(BIG_ZONE_META_DATA_GUARD) $(BIG_ZONE_GUARD) $(PROTECT_UNUSED_BIG_ZONE) $(MASK_PTRS) $(FUZZ_MODE) \ $(PERM_FREE_REALLOC) CXXFLAGS = $(COMMON_CFLAGS) -DCPP_SUPPORT=1 -std=$(STDCXX) $(SANITIZER_SUPPORT) $(HOOKS) diff --git a/README.md b/README.md index 8208f2c..b03082f 100644 --- a/README.md +++ b/README.md @@ -214,6 +214,13 @@ If all else fails please file an issue on the [github project](https://github.co `size_t iso_zone_chunk_count(iso_alloc_zone_handle *zone)` - Returns the total number of chunks a private zone can hold not including canary chunks. If canaries are disabled this number is absolute, otherwise it is a safe lower bound and actual number may be higher due to canary creation random seed. +### Runtime options APIs + +It is possible to set a handful of global runtime options with the following. + +`uint64_t iso_option_get(iso_option_t id)` - Fetches the current value of the option `id`. +`void iso_option_set(iso_option_t id, uint64_t val)` - Set the current value of the option `id`. + ### Experimental APIs These APIs are exposed via the public header `iso_alloc.h` but are subject to backward breaking changes at any time. diff --git a/android/jni/Android.mk b/android/jni/Android.mk index a714e2c..463e27d 100644 --- a/android/jni/Android.mk +++ b/android/jni/Android.mk @@ -1,25 +1,25 @@ LOCAL_PATH := $(call my-dir) include $(CLEAR_VARS) -LOCAL_CFLAGS := -DTHREAD_SUPPORT=1 -pthread \ - -DPRE_POPULATE_PAGES=0 -DSMALL_MEM_STARTUP=0 -DSANITIZE_CHUNKS=0 \ +LOCAL_CFLAGS := -DTHREAD_SUPPORT=1 -pthread \ + -DPRE_POPULATE_PAGES=0 -DSMALL_MEM_STARTUP=0 \ -DFUZZ_MODE=0 -DPERM_FREE_REALLOC=0 -DDISABLE_CANARY=0 -Werror \ -pedantic -Wno-pointer-arith -Wno-gnu-zero-variadic-macro-arguments \ -Wno-format-pedantic -DMALLOC_HOOK=1 -fvisibility=hidden -std=c11 \ - -DALLOC_SANITY=0 -DUNINIT_READ_SANITY=0 -DCPU_PIN=0 -DEXPERIMENTAL=0 \ + -DUNINIT_READ_SANITY=0 -DCPU_PIN=0 -DEXPERIMENTAL=0 \ -DUAF_PTR_PAGE=0 -DVERIFY_FREE_BIT_SLOTS=0 -DNAMED_MAPPINGS=1 -fPIC \ -shared -DDEBUG=1 -DLEAK_DETECTOR=1 -DMEM_USAGE=1 -DUSE_MLOCK=1 \ -DMEMORY_TAGGING=0 -DSCHED_GETCPU -g -ggdb3 -fno-omit-frame-pointer \ - -DRANDOMIZE_FREELIST=1 -DBIG_ZONE_META_DATA_GUARD=0 -DBIG_ZONE_GUARD=0 \ - -DPROTECT_FREE_BIG_ZONES=0 -DMASK_PTRS=1 -DSIGNAL_HANDLER=0 \ - -DUSE_MLOCK=1 -DNO_ZERO_ALLOCATIONS=1 -DABORT_ON_NULL=0 \ - -DABORT_NO_ENTROPY=1 -DMEMCPY_SANITY=0 -DMEMSET_SANITY=0 \ + -DRANDOMIZE_FREELIST=1 -DBIG_ZONE_META_DATA_GUARD=0 -DBIG_ZONE_GUARD=0 \ + -DPROTECT_FREE_BIG_ZONES=0 -DMASK_PTRS=1 -DSIGNAL_HANDLER=0 \ + -DUSE_MLOCK=1 -DNO_ZERO_ALLOCATIONS=1 -DABORT_ON_NULL=0 \ + -DMEMCPY_SANITY=0 -DMEMSET_SANITY=0 \ -DSTRONG_SIZE_ISOLATION=0 -DISO_DTOR_CLEANUP=0 LOCAL_SRC_FILES := ../../src/iso_alloc.c ../../src/iso_alloc_printf.c ../../src/iso_alloc_random.c \ ../../src/iso_alloc_search.c ../../src/iso_alloc_interfaces.c ../../src/iso_alloc_profiler.c \ ../../src/iso_alloc_sanity.c ../../src/iso_alloc_util.c ../../src/malloc_hook.c \ - ../../src/libc_hook.c ../../src/iso_alloc_mem_tags.c + ../../src/libc_hook.c ../../src/iso_alloc_mem_tags.c ../../src/iso_alloc_options.c LOCAL_C_INCLUDES := ../../include/ diff --git a/include/conf.h b/include/conf.h index fb5dc6b..fbbd3cb 100644 --- a/include/conf.h +++ b/include/conf.h @@ -56,8 +56,8 @@ #define ZONE_ALLOC_RETIRE 32 /* This byte value will overwrite the contents - * of all free'd user chunks if -DSANITIZE_CHUNKS - * is enabled in the Makefile. The value is completely + * of all free'd user chunks if the SANITIZE_CHUNKS + * option is enabled. The value is completely * arbitrary, but non-zero since this could mask * some bugs. */ #define POISON_BYTE 0xde diff --git a/include/iso_alloc.h b/include/iso_alloc.h index 8822082..3d42da0 100644 --- a/include/iso_alloc.h +++ b/include/iso_alloc.h @@ -34,6 +34,27 @@ static_assert(sizeof(size_t) == 8, "IsoAlloc requires 64 bit size_t"); #define UNMASK_ZONE_HANDLE(zone) zone = zone; #endif +typedef enum iso_option { + // Clear user chunks upon free + SANITIZE_CHUNKS, + // Enable the allocation sanity feature. This works a lot + // like GWP-ASAN does. It samples calls to iso_alloc and + // randomly swaps them out for raw page allocations that + // are surrounded by guard pages. These pages are unmapped + // upon free. Much like GWP-ASAN this is designed to be + // used in production builds and should not incur too + // much of a performance penalty + ALLOC_SANITY, + // Randomizes the free bit slot list upon creation. This can + // impact perf. You can control the minimum size of the list + // to be randomized with MIN_RAND_FREELIST in conf.h + RANDOMIZE_FREELIST, + // Enable abort() when isoalloc can't gather enough entropy. + ABORT_NO_ENTROPY, + OPTION_FIRST = SANITIZE_CHUNKS, + OPTION_LAST = ABORT_NO_ENTROPY +} iso_option_t; + typedef void iso_alloc_zone_handle; #if CPP_SUPPORT @@ -112,6 +133,9 @@ EXTERNAL_API void iso_alloc_reset_traces(void); EXTERNAL_API void iso_alloc_search_stack(void *p); #endif +EXTERNAL_API uint64_t iso_option_get(iso_option_t); +EXTERNAL_API void iso_option_set(iso_option_t, uint64_t); + #if CPP_SUPPORT } #endif diff --git a/include/iso_alloc_internal.h b/include/iso_alloc_internal.h index ab00c0a..acda5ae 100644 --- a/include/iso_alloc_internal.h +++ b/include/iso_alloc_internal.h @@ -427,3 +427,6 @@ INTERNAL_HIDDEN void _iso_alloc_search_stack(uint8_t *stack_start); #if UNIT_TESTING EXTERNAL_API iso_alloc_root *_get_root(void); #endif + +INTERNAL_HIDDEN unsigned long _iso_option_get(iso_option_t); +INTERNAL_HIDDEN void _iso_option_set(iso_option_t, unsigned long); diff --git a/include/iso_alloc_sanity.h b/include/iso_alloc_sanity.h index 02f23a6..3726bff 100644 --- a/include/iso_alloc_sanity.h +++ b/include/iso_alloc_sanity.h @@ -5,7 +5,6 @@ #include "iso_alloc_util.h" -#if ALLOC_SANITY #if UNINIT_READ_SANITY #include #include @@ -72,7 +71,6 @@ INTERNAL_HIDDEN void *_iso_alloc_sample(const size_t size); INTERNAL_HIDDEN int32_t _iso_alloc_free_sane_sample(void *p); INTERNAL_HIDDEN int32_t _remove_from_sane_trace(void *p); INTERNAL_HIDDEN _sane_allocation_t *_get_sane_alloc(void *p); -#endif INTERNAL_HIDDEN INLINE void *__iso_memcpy(void *dest, const void *src, size_t n); INTERNAL_HIDDEN void *_iso_alloc_memcpy(void *dest, const void *src, size_t n); diff --git a/include/iso_alloc_util.h b/include/iso_alloc_util.h index 445e94b..7793818 100644 --- a/include/iso_alloc_util.h +++ b/include/iso_alloc_util.h @@ -3,6 +3,9 @@ #pragma once #include "compiler.h" +#include +#include +#include #if !NAMED_MAPPINGS #define SAMPLED_ALLOC_NAME "" diff --git a/src/iso_alloc.c b/src/iso_alloc.c index 1f6fe13..05fec97 100644 --- a/src/iso_alloc.c +++ b/src/iso_alloc.c @@ -142,9 +142,9 @@ INTERNAL_HIDDEN void _iso_alloc_initialize(void) { pthread_mutex_init(&root_busy_mutex, NULL); pthread_mutex_init(&_root->big_zone_free_mutex, NULL); pthread_mutex_init(&_root->big_zone_used_mutex, NULL); -#if ALLOC_SANITY - pthread_mutex_init(&sane_cache_mutex, NULL); -#endif + if(_iso_option_get(ALLOC_SANITY)) { + pthread_mutex_init(&sane_cache_mutex, NULL); + } #endif #if HEAP_PROFILER @@ -159,13 +159,15 @@ INTERNAL_HIDDEN void _iso_alloc_initialize(void) { _root->uaf_ptr_page = mmap_pages(g_page_size, false, NULL, PROT_NONE); #endif -#if ALLOC_SANITY && UNINIT_READ_SANITY - _iso_alloc_setup_userfaultfd(); +#if UNINIT_READ_SANITY + if(_iso_option_get(ALLOC_SANITY)) { + _iso_alloc_setup_userfaultfd(); + } #endif -#if ALLOC_SANITY - _sanity_canary = us_rand_uint64(&_root->seed); -#endif + if(_iso_option_get(ALLOC_SANITY)) { + _sanity_canary = us_rand_uint64(&_root->seed); + } #if SIGNAL_HANDLER struct sigaction sa; @@ -595,19 +597,19 @@ INTERNAL_HIDDEN void fill_free_bit_slots(iso_alloc_zone_t *zone) { } } -#if RANDOMIZE_FREELIST static_assert(MIN_RAND_FREELIST >= 2, "MIN_RAND_FREELIST should be at least 2"); - /* Randomize the list of free bitslots */ - if(free_bit_slots_index > MIN_RAND_FREELIST) { - for(free_bit_slot_t i = free_bit_slots_index - 1; i > 0; i--) { - free_bit_slot_t j = ((free_bit_slot_t) us_rand_uint64(&_root->seed) * i) >> FREE_LIST_SHF; - bit_slot_t t = free_bit_slots[j]; - free_bit_slots[j] = free_bit_slots[i]; - free_bit_slots[i] = t; + if(_iso_option_get(RANDOMIZE_FREELIST)) { + /* Randomize the list of free bitslots */ + if(free_bit_slots_index > MIN_RAND_FREELIST) { + for(free_bit_slot_t i = free_bit_slots_index - 1; i > 0; i--) { + free_bit_slot_t j = ((free_bit_slot_t) us_rand_uint64(&_root->seed) * i) >> FREE_LIST_SHF; + bit_slot_t t = free_bit_slots[j]; + free_bit_slots[j] = free_bit_slots[i]; + free_bit_slots[i] = t; + } } } -#endif zone->free_bit_slots_index = free_bit_slots_index; } @@ -1003,9 +1005,8 @@ INTERNAL_HIDDEN ASSUME_ALIGNED void *_iso_alloc(iso_alloc_zone_t *zone, size_t s #endif } -#if ALLOC_SANITY /* We don't sample if we are allocating from a private zone */ - if(zone != NULL) { + if(_iso_option_get(ALLOC_SANITY) && zone != NULL) { if(size < g_page_size && _sane_sampled < MAX_SANE_SAMPLES) { /* If we chose to sample this allocation then * _iso_alloc_sample will call UNLOCK_ROOT() */ @@ -1016,7 +1017,6 @@ INTERNAL_HIDDEN ASSUME_ALIGNED void *_iso_alloc(iso_alloc_zone_t *zone, size_t s } } } -#endif #if HEAP_PROFILER _iso_alloc_profile(size); @@ -1341,8 +1341,10 @@ INTERNAL_HIDDEN void iso_free_chunk_from_zone(iso_alloc_zone_t *zone, void *rest if(LIKELY(permanent == false)) { UNSET_BIT(b, which_bit); insert_free_bit_slot(zone, bit_slot); -#if !ENABLE_ASAN && SANITIZE_CHUNKS - __iso_memset(p, POISON_BYTE, zone->chunk_size); +#if !ENABLE_ASAN + if(_iso_option_get(SANITIZE_CHUNKS)) { + __iso_memset(p, POISON_BYTE, zone->chunk_size); + } #endif } else { __iso_memset(p, POISON_BYTE, zone->chunk_size); @@ -1434,13 +1436,13 @@ INTERNAL_HIDDEN void _iso_free(void *p, bool permanent) { } #endif -#if ALLOC_SANITY - int32_t r = _iso_alloc_free_sane_sample(p); + if(_iso_option_get(ALLOC_SANITY)) { + int32_t r = _iso_alloc_free_sane_sample(p); - if(r == OK) { - return; + if(r == OK) { + return; + } } -#endif #if HEAP_PROFILER _iso_free_profile(); @@ -1481,13 +1483,13 @@ INTERNAL_HIDDEN void _iso_free_size(void *p, size_t size) { } #endif -#if ALLOC_SANITY - int32_t r = _iso_alloc_free_sane_sample(p); + if(_iso_option_get(ALLOC_SANITY)) { + int32_t r = _iso_alloc_free_sane_sample(p); - if(r == OK) { - return; + if(r == OK) { + return; + } } -#endif if(UNLIKELY(size > SMALL_SIZE_MAX)) { iso_alloc_big_zone_t *big_zone = iso_find_big_zone(p, true); @@ -1662,8 +1664,10 @@ INTERNAL_HIDDEN void iso_free_big_zone(iso_alloc_big_zone_t *big_zone, bool perm LOG_AND_ABORT("Double free of big zone 0x%p has been detected!", big_zone); } -#if !ENABLE_ASAN && SANITIZE_CHUNKS - __iso_memset(big_zone->user_pages_start, POISON_BYTE, big_zone->size); +#if !ENABLE_ASAN + if(_iso_option_get(SANITIZE_CHUNKS)) { + __iso_memset(big_zone->user_pages_start, POISON_BYTE, big_zone->size); + } #endif /* If this isn't a permanent free then all we need * to do is sanitize the mapping and mark it free. @@ -1874,19 +1878,19 @@ INTERNAL_HIDDEN size_t _iso_chunk_size(void *p) { } #endif -#if ALLOC_SANITY - LOCK_SANITY_CACHE(); - _sane_allocation_t *sane_alloc = _get_sane_alloc(p); + if(_iso_option_get(ALLOC_SANITY)) { + LOCK_SANITY_CACHE(); + _sane_allocation_t *sane_alloc = _get_sane_alloc(p); + + if(sane_alloc != NULL) { + size_t orig_size = sane_alloc->orig_size; + UNLOCK_SANITY_CACHE(); + return orig_size; + } - if(sane_alloc != NULL) { - size_t orig_size = sane_alloc->orig_size; UNLOCK_SANITY_CACHE(); - return orig_size; } - UNLOCK_SANITY_CACHE(); -#endif - LOCK_ROOT(); /* We cannot return NULL here, we abort instead */ diff --git a/src/iso_alloc_interfaces.c b/src/iso_alloc_interfaces.c index 7db679e..ed847b7 100644 --- a/src/iso_alloc_interfaces.c +++ b/src/iso_alloc_interfaces.c @@ -319,3 +319,11 @@ EXTERNAL_API FLATTEN void iso_alloc_search_stack(void *p) { _iso_alloc_search_stack(p); } #endif + +EXTERNAL_API uint64_t iso_option_get(iso_option_t id) { + return _iso_option_get(id); +} + +EXTERNAL_API void iso_option_set(iso_option_t id, uint64_t val) { + _iso_option_set(id, val); +} diff --git a/src/iso_alloc_options.c b/src/iso_alloc_options.c new file mode 100644 index 0000000..26d6174 --- /dev/null +++ b/src/iso_alloc_options.c @@ -0,0 +1,21 @@ +/* iso_alloc_util.c - A secure memory allocator + * Copyright 2023 - chris.rohlf@gmail.com */ + +#include "iso_alloc.h" + +static uint64_t iso_options[OPTION_LAST + 1] = { + /* SANITY_CHUNKS */ 0ul, + /* ALLOC_SANITY */ 0ul, + /* RANDOMIZE_FREELIST */ 1ul, + /* ABORT_NO_ENTROPY */ 1ul, +}; + +uint64_t _iso_option_get(iso_option_t id) { + assert(id >= OPTION_FIRST && id <= OPTION_LAST); + return iso_options[id]; +} + +void _iso_option_set(iso_option_t id, uint64_t val) { + assert(id >= OPTION_FIRST && id <= OPTION_LAST); + iso_options[id] = val; +} diff --git a/src/iso_alloc_random.c b/src/iso_alloc_random.c index d074224..5ceef2f 100644 --- a/src/iso_alloc_random.c +++ b/src/iso_alloc_random.c @@ -64,11 +64,11 @@ INTERNAL_HIDDEN INLINE uint64_t rand_uint64(void) { arc4random_buf(&val, sizeof(val)); #endif -#if ABORT_NO_ENTROPY - if(ret != 0) { - LOG_AND_ABORT("Unable to gather enough entropy"); + if(_iso_option_get(ABORT_NO_ENTROPY)) { + if(ret != 0) { + LOG_AND_ABORT("Unable to gather enough entropy"); + } } -#endif return val; } diff --git a/src/iso_alloc_sanity.c b/src/iso_alloc_sanity.c index b36f45b..ed4b933 100644 --- a/src/iso_alloc_sanity.c +++ b/src/iso_alloc_sanity.c @@ -121,8 +121,6 @@ INTERNAL_HIDDEN void _verify_zone(iso_alloc_zone_t *zone) { } #endif -#if ALLOC_SANITY - #if THREAD_SUPPORT #if USE_SPINLOCK atomic_flag sane_cache_flag; @@ -382,7 +380,6 @@ INTERNAL_HIDDEN void *_iso_alloc_sample(const size_t size) { UNLOCK_SANITY_CACHE(); return p; } -#endif INTERNAL_HIDDEN INLINE void *__iso_memcpy(void *restrict dest, const void *restrict src, size_t n) { #if MEMCPY_SANITY diff --git a/tests/rand_freelist.c b/tests/rand_freelist.c index 3ee77d7..13d16a5 100644 --- a/tests/rand_freelist.c +++ b/tests/rand_freelist.c @@ -34,11 +34,11 @@ int main(int argc, char *argv[]) { adj_count++; } -#if RANDOMIZE_FREELIST - if(adj_count > FAIL) { - LOG_AND_ABORT("First allocation %p adjacent to second %p", p, q); + if(iso_option_get(RANDOMIZE_FREELIST)) { + if(adj_count > FAIL) { + LOG_AND_ABORT("First allocation %p adjacent to second %p", p, q); + } } -#endif iso_free(p); iso_free(q); } diff --git a/tests/uaf.c b/tests/uaf.c index ded3172..edd9e97 100644 --- a/tests/uaf.c +++ b/tests/uaf.c @@ -4,7 +4,7 @@ #include "iso_alloc.h" #include "iso_alloc_internal.h" -#if UAF_PTR_PAGE && !ALLOC_SANITY +#if UAF_PTR_PAGE /* This test should be run manually after enabling UAF_PTR_PAGE * and disabling the sampling mechanism before the call to * _iso_alloc_ptr_search in _iso_free_internal_unlocked */ @@ -13,6 +13,7 @@ typedef struct test { } test_t; int main(int argc, char *argv[]) { + iso_option_set(ALLOC_SANITY, 0); void *str = iso_alloc(32); test_t *test = (test_t *) iso_alloc(1024); test->str = str;