memcheck/tests/custom_alloc.c

   1 #include <unistd.h>
   2 #include "tests/sys_mman.h"
   3 #include <assert.h>
   4 #include <stdlib.h>
   5
   6 #include "../memcheck.h"
   7
   8 #define SUPERBLOCK_SIZE    100000
   9
  10 //-------------------------------------------------------------------------
  11 // Allocator
  12 //-------------------------------------------------------------------------
  13
  14 void* get_superblock(void)
  15 {
  16    void* p = mmap( 0, SUPERBLOCK_SIZE, PROT_READ|PROT_WRITE|PROT_EXEC,
  17                    MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 );
  18
  19    assert(p != ((void*)(-1)));
  20
  21    // Mark it no access;  although it's addressible we don't want the
  22    // program to be using it unless its handed out by custom_alloc()
  23
  24    // with redzones, better not to have it
  25    (void) VALGRIND_MAKE_MEM_NOACCESS(p, SUPERBLOCK_SIZE);
  26
  27    return p;
  28 }
  29
  30 // has a redzone
  31 static void* custom_alloc(int size)
  32 {
  33 #define RZ  8
  34    static void* hp     = 0;    // current heap pointer
  35    static void* hp_lim = 0;    // maximum usable byte in current block
  36    int          size2  = size + RZ*2;
  37    void*        p;
  38
  39    if (hp + size2 > hp_lim) {
  40       hp = get_superblock();
  41       hp_lim = hp + SUPERBLOCK_SIZE - 1;
  42    }
  43
  44    p = hp + RZ;
  45    hp += size2;
  46
  47    VALGRIND_MALLOCLIKE_BLOCK( p, size, RZ, /*is_zeroed*/1 );
  48    return (void*)p;
  49 }
  50
  51 static void custom_free(void* p)
  52 {
  53    // don't actually free any memory... but mark it as freed
  54    VALGRIND_FREELIKE_BLOCK( p, RZ );
  55 }
  56
  57 static void checkredzone(void)
  58 {
  59    /* check that accessing the redzone of a MALLOCLIKE block
  60       is detected  when the superblock was not marked as no access. */
  61    char superblock[1 + RZ + 20 + RZ + 1];
  62    char *p = 1 + RZ + superblock;
  63    assert(RZ > 0);
  64
  65    // Indicate we have allocated p from our superblock:
  66    VALGRIND_MALLOCLIKE_BLOCK( p, 20, RZ, /*is_zeroed*/1 );
  67    p[0] = 0;
  68    p[-1] = p[0]; // error expected
  69    p[-RZ] = p[0]; // error expected
  70    p[-RZ-1] = p[0]; // no error expected
  71
  72    p[19] = 0;
  73    p[19 + 1]  = p[0]; // error expected
  74    p[19 + RZ] = p[0]; // error expected
  75    p[19 + RZ + 1] = p[0]; // no error expected
  76
  77    VALGRIND_FREELIKE_BLOCK( p, RZ );
  78
  79    // Now, indicate we have re-allocated p from our superblock
  80    // but with only a size 10.
  81    VALGRIND_MALLOCLIKE_BLOCK( p, 10, RZ, /*is_zeroed*/1 );
  82    p[0] = 0;
  83    p[-1] = p[0]; // error expected
  84    p[-RZ] = p[0]; // error expected
  85    p[-RZ-1] = p[0]; // no error expected
  86
  87    p[9] = 0;
  88    p[9 + 1]  = p[0]; // error expected
  89    p[9 + RZ] = p[0]; // error expected
  90    p[9 + RZ + 1] = p[0]; // no error expected
  91
  92    VALGRIND_FREELIKE_BLOCK( p, RZ );
  93
  94 }
  95
  96
  97
  98 //-------------------------------------------------------------------------
  99 // Rest
 100 //-------------------------------------------------------------------------
 101
 102 void make_leak(void)
 103 {
 104    int* array2 __attribute__((unused)) = custom_alloc(sizeof(int) * 10);
 105    array2 = 0;          // leak
 106    return;
 107 }
 108
 109 int main(void)
 110 {
 111    int *array, *array3;
 112    int x;
 113
 114    array = custom_alloc(sizeof(int) * 10);
 115    array[8]  = 8;
 116    array[9]  = 8;
 117    array[10] = 10;      // invalid write (ok w/o MALLOCLIKE -- in superblock)
 118
 119    VALGRIND_RESIZEINPLACE_BLOCK(array, sizeof(int) * 10, sizeof(int) * 5, RZ);
 120    array[4] = 7;
 121    array[5] = 9; // invalid write
 122
 123    // Make the entire array defined again such that it can be verified whether
 124    // the red zone is marked properly when resizing in place.
 125    (void) VALGRIND_MAKE_MEM_DEFINED(array, sizeof(int) * 10);
 126
 127    VALGRIND_RESIZEINPLACE_BLOCK(array, sizeof(int) * 5, sizeof(int) * 7, RZ);
 128    if (array[5]) array[4]++; // uninitialized read of array[5]
 129    array[5]  = 11;
 130    array[6]  = 7;
 131    array[7] = 8; // invalid write
 132
 133    // invalid realloc
 134    VALGRIND_RESIZEINPLACE_BLOCK(array+1, sizeof(int) * 7, sizeof(int) * 8, RZ);
 135
 136    custom_free(array);  // ok
 137
 138    custom_free((void*)0x1);  // invalid free
 139
 140    array3 = malloc(sizeof(int) * 10);
 141    custom_free(array3); // mismatched free (ok without MALLOCLIKE)
 142
 143    make_leak();
 144    x = array[0];        // use after free (ok without MALLOCLIKE/MAKE_MEM_NOACCESS)
 145
 146    // Bug 137073: passing 0 to MALLOCLIKE_BLOCK was causing an assertion
 147    // failure.  Test for this (and likewise for FREELIKE_BLOCK).
 148    VALGRIND_MALLOCLIKE_BLOCK(0,0,0,0);
 149    VALGRIND_FREELIKE_BLOCK(0,0);
 150
 151    checkredzone();
 152
 153    return x;
 154
 155    // leak from make_leak()
 156 }
 157
 158 #undef RZ