{"id":37091,"date":"2022-09-20T16:09:09","date_gmt":"2022-09-20T20:09:09","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=37091"},"modified":"2022-10-27T16:04:38","modified_gmt":"2022-10-27T20:04:38","slug":"zeroing-freed-memory","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2022\/09\/20\/zeroing-freed-memory\/","title":{"rendered":"Zeroing Freed Memory"},"content":{"rendered":"<p><a href=\"https:\/\/developer.apple.com\/documentation\/ios-ipados-release-notes\/ios-16_1-release-notes\">Apple<\/a>:<\/p>\n<blockquote cite=\"https:\/\/developer.apple.com\/documentation\/ios-ipados-release-notes\/ios-16_1-release-notes\"><p>The system memory allocator free operation zeroes out all deallocated blocks in iOS 16.1 beta or later. Invalid accesses to free memory might result in new crashes or corruption, including <code>NULL<\/code>-pointer dereferences and non-zero memory being returned from <code>calloc<\/code>.<\/p><\/blockquote>\n<p>There&rsquo;s a corresponding change <a href=\"https:\/\/developer.apple.com\/documentation\/macos-release-notes\/macos-13-release-notes\">in macOS Ventura<\/a>.<\/p>\n\n<p><a href=\"https:\/\/twitter.com\/Catfish_Man\/status\/1572297086242271232\">David Smith<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/Catfish_Man\/status\/1572297086242271232\">\n<p><code>malloc<\/code> folks spent a while optimizing to compensate [for the performance regression]<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/twitter.com\/astrange_e\/status\/1572298064039407617\">mvb<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/astrange_e\/status\/1572298064039407617\">\n<p>There&rsquo;s also a performance improvement, because it makes the memory compressor work better<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/twitter.com\/marcoarment\/status\/1572291258386903040\">Marco Arment<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/marcoarment\/status\/1572291258386903040\">\n<p>I love this, frankly, but I bet it&rsquo;s going to uncover a good deal of bugs and crashes that worked until now because of luck.<\/p>\n<\/blockquote>\n\n<p>Hopefully you aren&rsquo;t relying on any abandoned software.<\/p>\n\n<p id=\"zeroing-freed-memory-update-2022-09-22\">Update (2022-09-22): See also: <a href=\"https:\/\/news.ycombinator.com\/item?id=32921910\">Hacker News<\/a>.<\/p>\n\n<p><a href=\"https:\/\/twitter.com\/DavidAns\/status\/1572467498037186560\">David Anson<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/DavidAns\/status\/1572467498037186560\"><p>Any reason Apple couldn&rsquo;t restrict the new memory zeroing behavior to newly-compiled binaries to avoid the risk of breaking legacy software?<\/p><\/blockquote>\n\n<p>I was wondering about that, too. Usually, though <a href=\"https:\/\/mjtsai.com\/blog\/2022\/09\/14\/ios-16-text-view-breakage\/\">not always<\/a>, potentially breaking changes like this are called out in the release notes as taking effect when you compile with a new SDK. That was not the case here, so I assume there&rsquo;s no linked-on-or-after check.<\/p>\n\n<p id=\"zeroing-freed-memory-update-2022-09-23\">Update (2022-09-23): <a href=\"https:\/\/news.ycombinator.com\/item?id=32939642\">cesarb<\/a>:<\/p>\n<blockquote cite=\"https:\/\/news.ycombinator.com\/item?id=32939642\"><p>I wonder how long until programs start to accidentally depend on it, the same way some programs currently accidentally depend on freeing memory not immediately overwriting it.<\/p><p>For instance, I can imagine a program which accidentally follows a dangling pointer to an already freed structure, and reads another pointer from within that structure, not crashing because it ends up checking this later pointer against <code>NULL<\/code>&#8230; until the stars align and the memory used by the freed structure has been returned to the operating system, or overwritten by a later allocation.<\/p><\/blockquote>\n\n<p id=\"zeroing-freed-memory-update-2022-10-27\">Update (2022-10-27): <a href=\"https:\/\/developer.apple.com\/documentation\/macos-release-notes\/macos-13-release-notes\">Apple<\/a>:<\/p>\n<blockquote cite=\"https:\/\/developer.apple.com\/documentation\/macos-release-notes\/macos-13-release-notes\">\n<p>In apps built with the macOS 13 SDK or later[&#8230;]<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Apple: The system memory allocator free operation zeroes out all deallocated blocks in iOS 16.1 beta or later. Invalid accesses to free memory might result in new crashes or corruption, including NULL-pointer dereferences and non-zero memory being returned from calloc. There&rsquo;s a corresponding change in macOS Ventura. David Smith: malloc folks spent a while optimizing [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2022-09-20T20:09:11Z","apple_news_api_id":"3b8ca249-10ee-4efc-98f1-687912280a61","apple_news_api_modified_at":"2022-10-27T20:04:41Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAABA==","apple_news_api_share_url":"https:\/\/apple.news\/AO4yiSRDuTvyY8Wh5EigKYQ","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[4],"tags":[31,2185,30,2223,571,138,71,48],"class_list":["post-37091","post","type-post","status-publish","format-standard","hentry","category-programming-category","tag-ios","tag-ios-16","tag-mac","tag-macos-13-ventura","tag-memory-management","tag-optimization","tag-programming","tag-security"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/37091","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=37091"}],"version-history":[{"count":5,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/37091\/revisions"}],"predecessor-version":[{"id":37478,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/37091\/revisions\/37478"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=37091"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=37091"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=37091"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}