Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 11 Aug 2011 11:43:05 +0400
From: Vasiliy Kulikov <>
Subject: Re: malloc and linux memory layout

On Wed, Aug 10, 2011 at 15:56 -0400, Rich Felker wrote:
> Each process has its own 32- or 64-bit virtual address space.
> Initially, from bottom to top, it looks something like:
> [low unmappable pages]
> [main program text (code) segment]
> [main program data segment]
> [brk segment (heap)]
> [....lots of open virtual address space...]
> [mmap zone]
> [main thread stack]
> [reserved for kernelspace use]
> (Note that there will be small randomized amounts of empty/unused
> address space between these regions if ALSR is enabled.)x
> The brk segment starts just above the program's static data and grows
> upward into the big open space.

Btw, (randomize_va_space):

> The mmap zone (where mmaps are put by
> default) starts just below the stack limit and continues downward as
> more mappings are made.

Not only this zone.  mmap() can return address before main program text if
there is enough space there.

Other minor (Linux-specific) things:

Low unmappable pages region might be absent if the task has CAP_SYS_RAWIO
capability.  But pages before mmap_min_addr will be mmap'ed only by
explicit mmap(addr, ..., MAP_FIXED, ...), no libs will be there.

"Reserved for kernelspace use" region might be absent too for 32-bit
tasks running on 286-64 system.

There could be some specific pages after the stack.  On x86-64 it is
VDSO and vsyscall pages.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.