nixpkgs-suyu/pkgs/development/libraries/graphene-hardened-malloc/default.nix
Joachim Fasting 948d2e317b
graphene-hardened-malloc: 190405.003.2019.04.01.19 -> 1
The initial stable standalone release.

The integer numbered tags are the standalone releases, while the
PQ3B.190705.003.2019.07.01.21 style tags are part of GrapheneOS releases.

For us it probably makes the most sense to track the standalone releases.
2019-07-19 08:16:09 +02:00

57 lines
1.7 KiB
Nix

{ stdenv, fetchurl }:
stdenv.mkDerivation rec {
name = "graphene-hardened-malloc-${version}";
version = "1";
src = fetchurl {
url = "https://github.com/GrapheneOS/hardened_malloc/archive/${version}.tar.gz";
sha256 = "1z3kb9fr6w9fcdc42bh8k5b4r10sn5hrwwk4m691qjdgk5hlj3aa";
};
installPhase = ''
install -Dm444 -t $out/lib libhardened_malloc.so
mkdir -p $out/bin
substitute preload.sh $out/bin/preload-hardened-malloc --replace "\$dir" $out/lib
chmod 0555 $out/bin/preload-hardened-malloc
'';
separateDebugInfo = true;
doInstallCheck = true;
installCheckPhase = ''
pushd test
make
$out/bin/preload-hardened-malloc ./offset
pushd simple-memory-corruption
make
# these tests don't actually appear to generate overflows currently
rm read_after_free_small string_overflow eight_byte_overflow_large
for t in `find . -regex ".*/[a-z_]+"` ; do
echo "Running $t..."
# the program being aborted (as it should be) would result in an exit code > 128
(($out/bin/preload-hardened-malloc $t) && false) \
|| (test $? -gt 128 || (echo "$t was not aborted" && false))
done
popd
popd
'';
meta = with stdenv.lib; {
homepage = https://github.com/GrapheneOS/hardened_malloc;
description = "Hardened allocator designed for modern systems";
longDescription = ''
This is a security-focused general purpose memory allocator providing the malloc API
along with various extensions. It provides substantial hardening against heap
corruption vulnerabilities yet aims to provide decent overall performance.
'';
license = licenses.mit;
maintainers = with maintainers; [ ris ];
platforms = platforms.linux;
};
}