Add mitigated bug classes in the security comparison

[jvoisin]

Currently, the security comparison document only lists security features, but it would be nice to list killed/mitigated/… bug classes and primitives, like:

• Cross-chunk linear overflows
• Cross-chunk linear underflows
• Cross-area linear overflows
• Cross-area linear underflows
• Non-linear overflows
• Non-linear underflows
• Double-free
• Invalid free
• User-after-free
• Heap spraying
• Heap feng-shui
• Sized delete mismatch
• Leaks to bypass ASLR
• memcpy/memmove/… underflow/overflow
• …

Bonus for adding test cases in mimalloc-bench

[jvoisin]

Additional readings and materials:

• jemalloc
  • “The Shadow over Android”: https://census-labs.com/media/shadow-infiltrate-2017.pdf
  • “Exploiting the jemalloc Memory Allocator: Owning Firefox's Heap”: https://media.blackhat.com/bh-us-12/Briefings/Argyoudis/BH_US_12_Argyroudis_Exploiting_the_%20jemalloc_Memory_%20Allocator_WP.pdf
• tcmalloc
  • “Attacking the Webkit Heap”: https://infiltratecon.com/archives/webkit_heap.pdf
• Windows heap
  • “Windows 8 Heap Internals”: https://media.blackhat.com/bh-us-12/Briefings/Valasek/BH_US_12_Valasek_Windows_8_Heap_Internals_Slides.pdf
  • “Windows 10 Segment Heap Internals”: https://www.blackhat.com/docs/us-16/materials/us-16-Yason-Windows-10-Segment-Heap-Internals.pdf
• Various
  • “Heap Layout Optimization for Exploitation”: https://www.blackhat.com/docs/eu-17/materials/eu-17-Heelan-Heap-Layout-Optimisation-For-Exploitation.pdf

[struct]

This is an interesting idea. Just like the feature comparison it will require a lot of nuance and links/documentation to support. I would also make it a separate table from the existing one.