Randomized malloc()


Two types of objects are managed by  malloc()

Smaller than a page
Equal or greater than a page

p = malloc(16);
free(p);
p2 = malloc(16);
if (p != p2)
        Excellent!

For smaller than a page:

  malloc() maintains buckets of "chunks"
Randomize chunk selection out of bucket
Enabled using malloc.conf 'G' option

Equal or greater than a page:

Use randomized mmap()
Unfinished ...

Cheap.  But not as perfect as we want it to be