From 0a64c7d6a186b7e87030e7c34378c51c1e2bf120 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Fri, 12 Oct 2018 15:10:35 -0400 Subject: [PATCH] document the randomized array in the quarantine --- README.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 41a0a56..2685189 100644 --- a/README.md +++ b/README.md @@ -135,9 +135,12 @@ allocation and then unmapped on free. * Slab allocations are zeroed on free * Large allocations are purged and memory protected on free with the memory mapping kept reserved in a quarantine to detect use-after-free - * The quarantine is a FIFO ring buffer, with the oldest mapping in the - quarantine being unmapped to make room for the most recently freed - mapping + * The quarantine is primarily based on a FIFO ring buffer, with the oldest + mapping in the quarantine being unmapped to make room for the most + recently freed mapping + * Another layer of the quarantine swaps with a random slot in an array to + randomize the number of large deallocations required to push mappings out + of the quarantine * Detection of write-after-free by verifying zero filling is intact * Memory in fresh allocations is consistently zeroed due to it either being fresh pages or zeroed on free after previous usage