Brussels / 4 & 5 February 2017


fortification vs memcheck

Making gcc/glibc fortification and valgrind memcheck work better together

gcc/glibc support fortification of some functions by defining FORTIFYSOURCE. This inserts some compile and runtime buffer overflow checks for selected glibc functions. These checks have no or very little runtime overhead and work on the object level (the compiler provides/proofs the size of the object buffer size). valgrind memcheck provides similar memory buffer overflow checks. These checks don't need any compiler help (you won't have to rebuild your code). But they have a much higher runtime overhead. They also work on a different level. valgrind memcheck doesn't know anything about the objects the user is manipulation but has knowledge of all memory blocks allocated. Lets explore how these different mechanisms work and how we can make them work better together.


Mark Wielaard