malloc.3 diff - man/malloc.3 - Libmalloc source code libmalloc-374.60.3

man/malloc.3 libmalloc-374.60.3 ⇄ libmalloc-792.60.6
--- libmalloc/libmalloc-374.60.3/man/malloc.3
+++ libmalloc/libmalloc-792.60.6/man/malloc.3
@@ -238,11 +238,15 @@
 .Ev MallocGuardEdges
 environment variable is set.
 .It Ev MallocStackLogging
-The default behavior if this is set is to record all allocation and deallocation events to an on-disk log, along with stacks, so that tools like
+The default behavior when set to 1 is "lite" mode as described below.
+.Pp
+Set to "lite" to record stack traces for current allocations only, without history, so that tools like
 .Xr leaks 1
 and
 .Xr malloc_history 1
-can be used.
+can later use them. These are recorded to in-memory data structures and do not write to the filesystem.
+.Pp
+Set to "full" to record allocation and deallocation events to an on-disk log, along with stacks, for later use by analysis tools. The process must have write access to the pre-existing output directory, which can be specified with MallocStackLoggingDirectory.
 .Pp
 Set to "vm" to record only allocation of virtual memory regions allocated by system calls and mach traps, such as by
 .Xr mmap 1
@@ -252,11 +256,8 @@
 .Xr malloc 3
 and related interfaces, not virtual memory regions.
 .Pp
-Set to "lite" to record current allocations only, not history.   These are recorded by in-memory data structures, instead of an on-disk log.
 .It Ev MallocStackLoggingNoCompact
-If set, record all stacks in a manner that is compatible with the
-.Nm malloc_history
-program.
+If set, implies MallocStackLogging in "full" mode and disables eliding of adjacent malloc/free events operating on the same address.
 .It Ev MallocStackLoggingDirectory
 If set, records stack logs to the directory specified instead of saving them to the default location (/tmp).
 .It Ev MallocScribble
@@ -318,6 +319,26 @@
 but will not abort in out of memory conditions, making it more useful to catch
 only those errors which will cause memory corruption.
 MallocCorruptionAbort is always set on 64-bit processes.
+.It Ev MallocZeroOnFree
+Starting in macOS 13, iOS 16.1 and aligned releases,
+.Xr free 3
+fully zeroes many blocks immediately.
+This may expose some previously-silent bugs in existing applications.
+In particular, read-after-free bugs may now observe zeroes instead of the
+previous content of an allocation, and write-after-free bugs may cause
+.Xr calloc 3
+to return non-zero memory.
+.Ev MallocZeroOnFree
+can be set to 0 or 1 to explicitly disable or enable this zeroing behavior to
+aid in diagnosing such bugs.
+Support for this environment variable will eventually be removed, and it should
+not be used by shipping software.
+.It Ev MallocCheckZeroOnFreeCorruption
+When zero-on-free behavior is active, this environment variable can be set to 1
+to cause the allocator to check that the free block chosen for a given
+allocation remained fully zeroed and was not corrupted by any invalid
+use-after-free writes.
+If corruption is detected, the allocator will abort.
 .It Ev MallocHelp
 If set, print a list of environment variables that are paid heed to by the
 allocation-related functions, along with short descriptions.