glibc: Disable "corrupted double-linked list" check with MALLOC_CHECK_=0

Question

For experimental purposes, I want to disable all the heap corruptions checks of glibc. In particular, I want to disable this check in the _int_free function:

        /* Check that the top of the bin is not the record we are going to
           add (i.e., double free).  */
        if (__builtin_expect (old == p, 0))
          malloc_printerr ("double free or corruption (fasttop)");

and the following check in the unlink_chunk function:

unlink_chunk()
[...]
  if (__builtin_expect (fd->bk != p || bk->fd != p, 0))
    malloc_printerr ("corrupted double-linked list");

According to this answer, MALLOC_CHECK_=0 disables the runtimes checks. However, when I run MALLOC_CHECK_=0 ./broken_program, I still get the error message:

MALLOC_CHECK_=0 ./broken_program
double free or corruption (out)

What possibilities do I have to disable this unlink protection without recompiling the glibc?

The error logged does not correspond to the source code you listed. — pmacfarlane, Feb 09 '23 at 14:17
Right, thanks -- I edited the question to reflect that I actually want to disable this error message (in fact, _any_ heap checking) — cryptobeginner, Feb 09 '23 at 14:21

score 2 · Accepted Answer · answered Feb 09 '23 at 14:38

According to this answer, MALLOC_CHECK_=0 disables the runtimes checks.

That answer is obsolete. The environment variable it describes, which you are trying to use, is not documented for any recent version of Glibc.

What possibilities do I have to disable this unlink protection without recompiling the glibc?

None, as far as I can tell, other than avoiding glibc's allocator altogether. Note in particular these comments in the "Detecting heap corruption" section of the online documentation of Glibc's allocator:

The common forms of corruption are handled with calls to malloc_printerr; these checks are always included in the code. Further checks use assert and are therefore disabled by building glibc with -DNDEBUG. In current glibc, both kinds of checks terminate the process via a call to __libc_messsage, which eventually calls abort. Very old versions of glibc supported continuing in the present [sic] of heap corruption, but support for that has been removed.

(Emphasis added.)

Note, then, that not only would you need to build your own glibc, you would need to hack glibc to remove the checks or to suppress action when they detect corruption. There is no glibc configuration option available for that purpose.

That clarifies my question -- thank you! – cryptobeginner Feb 09 '23 at 14:41 — cryptobeginner, Feb 09 '23 at 14:41

glibc: Disable "corrupted double-linked list" check with MALLOC_CHECK_=0

1 Answers1