Tuesday, September 20, 2022

Zeroing Freed Memory

Apple:

The system memory allocator free operation zeroes out all deallocated blocks in iOS 16.1 beta or later. Invalid accesses to free memory might result in new crashes or corruption, including NULL-pointer dereferences and non-zero memory being returned from calloc.

There’s a corresponding change in macOS Ventura.

David Smith:

malloc folks spent a while optimizing to compensate [for the performance regression]

mvb:

There’s also a performance improvement, because it makes the memory compressor work better

Marco Arment:

I love this, frankly, but I bet it’s going to uncover a good deal of bugs and crashes that worked until now because of luck.

Hopefully you aren’t relying on any abandoned software.

Update (2022-09-22): See also: Hacker News.

David Anson:

Any reason Apple couldn’t restrict the new memory zeroing behavior to newly-compiled binaries to avoid the risk of breaking legacy software?

I was wondering about that, too. Usually, though not always, potentially breaking changes like this are called out in the release notes as taking effect when you compile with a new SDK. That was not the case here, so I assume there’s no linked-on-or-after check.

Update (2022-09-23): cesarb:

I wonder how long until programs start to accidentally depend on it, the same way some programs currently accidentally depend on freeing memory not immediately overwriting it.

For instance, I can imagine a program which accidentally follows a dangling pointer to an already freed structure, and reads another pointer from within that structure, not crashing because it ends up checking this later pointer against NULL… until the stars align and the memory used by the freed structure has been returned to the operating system, or overwritten by a later allocation.

Update (2022-10-27): Apple:

In apps built with the macOS 13 SDK or later[…]

4 Comments RSS · Twitter



> Hopefully you aren’t relying on any abandoned software.

Can’t they make this change only for software linked against the latest SDK?


The documentation now includes "In apps built with the macOS 13 SDK or later[…]", fwiw.


Whoops, that doesn't help the iOS version (and the text in the macOS version might have already been there…).

Leave a Comment