Memory Safety, Allocation, And You

[gatoWololo]

As brought up by @rrnewton on #89 the question of memory allocation and (malloc, brk, mmap) and what values it gets filled with is in question. Generally there are two question we want the answer to:

• [ ] Can the user get non-deterministic values by reading the contents of a freshly allocated page, either through libc like malloc, or through some direct system call?
• [ ] Can the user get non-deterministic data by reading out of bounds memory, maybe then catching the segfault?

I believe the answers should be no. I think libc's malloc zero's out the page before handing it over? And when the kernel give us a new page, like mentioned by @devietti on #89 it would be a huge security vulnerability to hand over a page with some unknown contents from another process.

The one case that I am aware of: malloc internally keeps track of pages, so it can quickly return a page without having to call a system call every time. So when people talk about a page being filled with "garbage" it is usually the contents of some previous page in the same process that has since been freed.

It would be great to:

• [ ] Create some experimental tests to check these assumptions.
• [ ] Report back with findings.