hardened_malloc vs mimalloc, which is more secure?

[Shadow_Fury]

as the title says, i'm wondering which of these two would be better for compiling into system files.

hardened_malloc is developed for use in grapheneOS, and was merged into mainline android a while back, and i've seen a guide that recommends it as the secure malloc replacement of choice.

on the other hand, i found a gentoo package for mimalloc, which has a hardened mode. reading through the features, both have their own unique security benefits (as far as i can tell), and i don't really know which is better.

thus, i pose the question:
what are the pros of using one over the other, and which would be overall recommended?

-S

[_integralpanther_]

Hi Shadow_Fury,

before answering the question you should ask yourself the following questions:

Apperently you had a reason to go beyond the standard solution by just taking malloc.
What was that reason?
Apperently you found two alternatives.
What were the reasons letting you choose exactly these two?

What I am trying to point you at is that there are multiple things:
- The reason malloc was invented, that solves 95% of all memory allocation problems.
- The reasons why hardened_malloc and mimalloc where invented (and the specific problems they solve).
- Finally the Problem you are trying to solve.

If you clarify that you will find out which of the variants is the best for your problem. But probably you find out that neither variant fits your problem.

Apart from that -- if that is an option -- consider also taking a language with easier memory management.