Preventing Process Heap Corruption Using adiheap
The SPARC M7, SPARC M8, SPARC S7, SPARC T7, and SPARC T8 processors support Application Data Integrity (ADI), a hardware feature that helps prevent software exploitation threats such as linear buffer overflows and stray pointer dereferences.
The adiheap
security extension enables ADI usage by the malloc
family of functions in the libc
and libumem
libraries. adiheap
provides a reliable defense against linear buffer overflows and a valid mitigation against use-after-free issues. adiheap
can also uncover subtle, latent bugs that have not yet affected the binary behavior, but can be triggered by an otherwise innocuous code change.
On systems where ADI is not supported or when adiheap
is disabled, malloc
memory allocation is unaffected. See the "ADI INTERACTION
" section of the
malloc
(3C) man page.
adiheap
is not enabled by default. Applications can enable adiheap
through binary tagging, supported by the following linker option:
-z sx=adiheap[=enable|disable]
The following output indicates that ADI protections are available on your hardware:
$ sxadm status
EXTENSION STATUS FLAGS
adiheap enabled (tagged-files) u-c--
adistack enabled (tagged-files) u-c--
...
Note:
In the sxadm
command, the model=all
property value is currently not allowed for adiheap
.