Randomize zones granularity

[jvoisin]

Currently, isoalloc has zones in increasing power of two, for performance reasons.

Unfortunately, this means that an attacker aiming at exploiting an UAF against an object of size N only needs to find an object of size between the previous and the next power of two, to be able to get it allocated with reasonable confidence (quarantine notwithstanding).

Introducing a bit of randomness in the granularity will make the life of an attacker without the ability to leak too much data a bit harder, since they would have no way to be sure that they managed to allocate the object of their choosing in the same zone as the freed-and-to-be-reused object.

[struct]

Chunk sizes are no longer powers of 2 after #216, they are now multiples of 64. I think the scenario you described above is less likely now but still possible.

[jvoisin]

>>> import itertools
>>> len(list(itertools.takewhile(lambda x: x<4096, (64*i for i in itertools.count(0)))))
64
>>> len(list(itertools.takewhile(lambda x: x<4096, (2**i for i in itertools.count(0)))))
12
>>> 

this indeed significantely increases granularity, nice!

But wouldn't it increase memory fragmentation as well?

[struct]

Yes. I don't think theres an optimum general solution here. It's full of tradeoffs all the way down.