malloc/mcheck.c

   1 /* Standard debugging hooks for `malloc'.
   2    Copyright (C) 1990-1997,1999,2000-2002,2007 Free Software Foundation, Inc.
   3    This file is part of the GNU C Library.
   4    Written May 1989 by Mike Haertel.
   5
   6    The GNU C Library is free software; you can redistribute it and/or
   7    modify it under the terms of the GNU Lesser General Public
   8    License as published by the Free Software Foundation; either
   9    version 2.1 of the License, or (at your option) any later version.
  10
  11    The GNU C Library is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14    Lesser General Public License for more details.
  15
  16    You should have received a copy of the GNU Lesser General Public
  17    License along with the GNU C Library; if not, write to the Free
  18    Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
  19    02111-1307 USA.  */
  20
  21 #ifndef _MALLOC_INTERNAL
  22 # define _MALLOC_INTERNAL
  23 # include <malloc.h>
  24 # include <mcheck.h>
  25 # include <stdint.h>
  26 # include <stdio.h>
  27 # include <stdlib.h>
  28 # include <libintl.h>
  29 #endif
  30
  31 #ifdef _LIBC
  32 extern __typeof (malloc) __libc_malloc;
  33 extern __typeof (free) __libc_free;
  34 extern __typeof (realloc) __libc_realloc;
  35 libc_hidden_proto (__libc_malloc)
  36 libc_hidden_proto (__libc_realloc)
  37 libc_hidden_proto (__libc_free)
  38 libc_hidden_proto (__libc_memalign)
  39 #else
  40 # define __libc_malloc(sz) malloc (sz)
  41 # define __libc_free(ptr) free (ptr)
  42 # define __libc_realloc(ptr, sz) realloc (ptr, sz)
  43 # define __libc_memalign(al, sz) memalign (al, sz)
  44 #endif
  45
  46 /* Old hook values.  */
  47 static void (*old_free_hook) (__ptr_t ptr, __const __ptr_t);
  48 static __ptr_t (*old_malloc_hook) (__malloc_size_t size, const __ptr_t);
  49 static __ptr_t (*old_memalign_hook) (__malloc_size_t alignment,
  50                                      __malloc_size_t size,
  51                                      const __ptr_t);
  52 static __ptr_t (*old_realloc_hook) (__ptr_t ptr, __malloc_size_t size,
  53                                     __const __ptr_t);
  54
  55 /* Function to call when something awful happens.  */
  56 static void (*abortfunc) (enum mcheck_status);
  57
  58 /* Arbitrary magical numbers.  */
  59 #define MAGICWORD       0xfedabeeb
  60 #define MAGICFREE       0xd8675309
  61 #define MAGICBYTE       ((char) 0xd7)
  62 #define MALLOCFLOOD     ((char) 0x93)
  63 #define FREEFLOOD       ((char) 0x95)
  64
  65 struct hdr
  66   {
  67     __malloc_size_t size;       /* Exact size requested by user.  */
  68     unsigned long int magic;    /* Magic number to check header integrity.  */
  69     struct hdr *prev;
  70     struct hdr *next;
  71     __ptr_t block;              /* Real block allocated, for memalign.  */
  72     unsigned long int magic2;   /* Extra, keeps us doubleword aligned.  */
  73   };
  74
  75 /* This is the beginning of the list of all memory blocks allocated.
  76    It is only constructed if the pedantic testing is requested.  */
  77 static struct hdr *root;
  78
  79 static int mcheck_used;
  80
  81 /* Nonzero if pedentic checking of all blocks is requested.  */
  82 static int pedantic;
  83
  84 #if defined _LIBC || defined STDC_HEADERS || defined USG
  85 # include <string.h>
  86 # define flood memset
  87 #else
  88 static void flood (__ptr_t, int, __malloc_size_t);
  89 static void
  90 flood (ptr, val, size)
  91      __ptr_t ptr;
  92      int val;
  93      __malloc_size_t size;
  94 {
  95   char *cp = ptr;
  96   while (size--)
  97     *cp++ = val;
  98 }
  99 #endif
 100
 101 static enum mcheck_status
 102 checkhdr (const struct hdr *hdr)
 103 {
 104   enum mcheck_status status;
 105
 106   if (!mcheck_used)
 107     /* Maybe the mcheck used is disabled?  This happens when we find
 108        an error and report it.  */
 109     return MCHECK_OK;
 110
 111   switch (hdr->magic ^ ((uintptr_t) hdr->prev + (uintptr_t) hdr->next))
 112     {
 113     default:
 114       status = MCHECK_HEAD;
 115       break;
 116     case MAGICFREE:
 117       status = MCHECK_FREE;
 118       break;
 119     case MAGICWORD:
 120       if (((char *) &hdr[1])[hdr->size] != MAGICBYTE)
 121         status = MCHECK_TAIL;
 122       else if ((hdr->magic2 ^ (uintptr_t) hdr->block) != MAGICWORD)
 123         status = MCHECK_HEAD;
 124       else
 125         status = MCHECK_OK;
 126       break;
 127     }
 128   if (status != MCHECK_OK)
 129     {
 130       mcheck_used = 0;
 131       (*abortfunc) (status);
 132       mcheck_used = 1;
 133     }
 134   return status;
 135 }
 136
 137 void
 138 mcheck_check_all (void)
 139 {
 140   /* Walk through all the active blocks and test whether they were tempered
 141      with.  */
 142   struct hdr *runp = root;
 143
 144   /* Temporarily turn off the checks.  */
 145   pedantic = 0;
 146
 147   while (runp != NULL)
 148     {
 149       (void) checkhdr (runp);
 150
 151       runp = runp->next;
 152     }
 153
 154   /* Turn checks on again.  */
 155   pedantic = 1;
 156 }
 157 #ifdef _LIBC
 158 libc_hidden_def (mcheck_check_all)
 159 #endif
 160
 161 static void
 162 unlink_blk (struct hdr *ptr)
 163 {
 164   if (ptr->next != NULL)
 165     {
 166       ptr->next->prev = ptr->prev;
 167       ptr->next->magic = MAGICWORD ^ ((uintptr_t) ptr->next->prev
 168                                       + (uintptr_t) ptr->next->next);
 169     }
 170   if (ptr->prev != NULL)
 171     {
 172       ptr->prev->next = ptr->next;
 173       ptr->prev->magic = MAGICWORD ^ ((uintptr_t) ptr->prev->prev
 174                                       + (uintptr_t) ptr->prev->next);
 175     }
 176   else
 177     root = ptr->next;
 178 }
 179
 180 static void
 181 link_blk (struct hdr *hdr)
 182 {
 183   hdr->prev = NULL;
 184   hdr->next = root;
 185   root = hdr;
 186   hdr->magic = MAGICWORD ^ (uintptr_t) hdr->next;
 187
 188   /* And the next block.  */
 189   if (hdr->next != NULL)
 190     {
 191       hdr->next->prev = hdr;
 192       hdr->next->magic = MAGICWORD ^ ((uintptr_t) hdr
 193                                       + (uintptr_t) hdr->next->next);
 194     }
 195 }
 196 static void
 197 freehook (__ptr_t ptr, const __ptr_t caller)
 198 {
 199   if (pedantic)
 200     mcheck_check_all ();
 201   if (ptr)
 202     {
 203       struct hdr *hdr = ((struct hdr *) ptr) - 1;
 204       checkhdr (hdr);
 205       hdr->magic = MAGICFREE;
 206       hdr->magic2 = MAGICFREE;
 207       unlink_blk (hdr);
 208       hdr->prev = hdr->next = NULL;
 209       flood (ptr, FREEFLOOD, hdr->size);
 210       ptr = hdr->block;
 211     }
 212   __free_hook = old_free_hook;
 213   if (old_free_hook != NULL)
 214     (*old_free_hook) (ptr, caller);
 215   else
 216     __libc_free (ptr);
 217   __free_hook = freehook;
 218 }
 219
 220 static __ptr_t
 221 mallochook (__malloc_size_t size, const __ptr_t caller)
 222 {
 223   struct hdr *hdr;
 224
 225   if (pedantic)
 226     mcheck_check_all ();
 227
 228   __malloc_hook = old_malloc_hook;
 229   if (old_malloc_hook != NULL)
 230     hdr = (struct hdr *) (*old_malloc_hook) (sizeof (struct hdr) + size + 1,
 231                                              caller);
 232   else
 233     hdr = (struct hdr *) __libc_malloc (sizeof (struct hdr) + size + 1);
 234   __malloc_hook = mallochook;
 235   if (hdr == NULL)
 236     return NULL;
 237
 238   hdr->size = size;
 239   link_blk (hdr);
 240   hdr->block = hdr;
 241   hdr->magic2 = (uintptr_t) hdr ^ MAGICWORD;
 242   ((char *) &hdr[1])[size] = MAGICBYTE;
 243   flood ((__ptr_t) (hdr + 1), MALLOCFLOOD, size);
 244   return (__ptr_t) (hdr + 1);
 245 }
 246
 247 static __ptr_t
 248 memalignhook (__malloc_size_t alignment, __malloc_size_t size,
 249               const __ptr_t caller)
 250 {
 251   struct hdr *hdr;
 252   __malloc_size_t slop;
 253   char *block;
 254
 255   if (pedantic)
 256     mcheck_check_all ();
 257
 258   slop = (sizeof *hdr + alignment - 1) & -alignment;
 259
 260   __memalign_hook = old_memalign_hook;
 261   if (old_memalign_hook != NULL)
 262     block = (*old_memalign_hook) (alignment, slop + size + 1, caller);
 263   else
 264     block = __libc_memalign (alignment, slop + size + 1);
 265   __memalign_hook = memalignhook;
 266   if (block == NULL)
 267     return NULL;
 268
 269   hdr = ((struct hdr *) (block + slop)) - 1;
 270
 271   hdr->size = size;
 272   link_blk (hdr);
 273   hdr->block = (__ptr_t) block;
 274   hdr->magic2 = (uintptr_t) block ^ MAGICWORD;
 275   ((char *) &hdr[1])[size] = MAGICBYTE;
 276   flood ((__ptr_t) (hdr + 1), MALLOCFLOOD, size);
 277   return (__ptr_t) (hdr + 1);
 278 }
 279
 280 static __ptr_t
 281 reallochook (__ptr_t ptr, __malloc_size_t size, const __ptr_t caller)
 282 {
 283   if (size == 0)
 284     {
 285       freehook (ptr, caller);
 286       return NULL;
 287     }
 288
 289   struct hdr *hdr;
 290   __malloc_size_t osize;
 291
 292   if (pedantic)
 293     mcheck_check_all ();
 294
 295   if (ptr)
 296     {
 297       hdr = ((struct hdr *) ptr) - 1;
 298       osize = hdr->size;
 299
 300       checkhdr (hdr);
 301       unlink_blk (hdr);
 302       if (size < osize)
 303         flood ((char *) ptr + size, FREEFLOOD, osize - size);
 304     }
 305   else
 306     {
 307       osize = 0;
 308       hdr = NULL;
 309     }
 310   __free_hook = old_free_hook;
 311   __malloc_hook = old_malloc_hook;
 312   __memalign_hook = old_memalign_hook;
 313   __realloc_hook = old_realloc_hook;
 314   if (old_realloc_hook != NULL)
 315     hdr = (struct hdr *) (*old_realloc_hook) ((__ptr_t) hdr,
 316                                               sizeof (struct hdr) + size + 1,
 317                                               caller);
 318   else
 319     hdr = (struct hdr *) __libc_realloc ((__ptr_t) hdr,
 320                                          sizeof (struct hdr) + size + 1);
 321   __free_hook = freehook;
 322   __malloc_hook = mallochook;
 323   __memalign_hook = memalignhook;
 324   __realloc_hook = reallochook;
 325   if (hdr == NULL)
 326     return NULL;
 327
 328   hdr->size = size;
 329   link_blk (hdr);
 330   hdr->block = hdr;
 331   hdr->magic2 = (uintptr_t) hdr ^ MAGICWORD;
 332   ((char *) &hdr[1])[size] = MAGICBYTE;
 333   if (size > osize)
 334     flood ((char *) (hdr + 1) + osize, MALLOCFLOOD, size - osize);
 335   return (__ptr_t) (hdr + 1);
 336 }
 337
 338 __attribute__ ((noreturn))
 339 static void
 340 mabort (enum mcheck_status status)
 341 {
 342   const char *msg;
 343   switch (status)
 344     {
 345     case MCHECK_OK:
 346       msg = _("memory is consistent, library is buggy\n");
 347       break;
 348     case MCHECK_HEAD:
 349       msg = _("memory clobbered before allocated block\n");
 350       break;
 351     case MCHECK_TAIL:
 352       msg = _("memory clobbered past end of allocated block\n");
 353       break;
 354     case MCHECK_FREE:
 355       msg = _("block freed twice\n");
 356       break;
 357     default:
 358       msg = _("bogus mcheck_status, library is buggy\n");
 359       break;
 360     }
 361 #ifdef _LIBC
 362   __libc_fatal (msg);
 363 #else
 364   fprintf (stderr, "mcheck: %s", msg);
 365   fflush (stderr);
 366   abort ();
 367 #endif
 368 }
 369
 370 int
 371 mcheck (func)
 372      void (*func) (enum mcheck_status);
 373 {
 374   abortfunc = (func != NULL) ? func : &mabort;
 375
 376   /* These hooks may not be safely inserted if malloc is already in use.  */
 377   if (__malloc_initialized <= 0 && !mcheck_used)
 378     {
 379       /* We call malloc() once here to ensure it is initialized.  */
 380       void *p = __libc_malloc (0);
 381       __libc_free (p);
 382
 383       old_free_hook = __free_hook;
 384       __free_hook = freehook;
 385       old_malloc_hook = __malloc_hook;
 386       __malloc_hook = mallochook;
 387       old_memalign_hook = __memalign_hook;
 388       __memalign_hook = memalignhook;
 389       old_realloc_hook = __realloc_hook;
 390       __realloc_hook = reallochook;
 391       mcheck_used = 1;
 392     }
 393
 394   return mcheck_used ? 0 : -1;
 395 }
 396 #ifdef _LIBC
 397 libc_hidden_def (mcheck)
 398 #endif
 399
 400 int
 401 mcheck_pedantic (func)
 402       void (*func) (enum mcheck_status);
 403 {
 404   int res = mcheck (func);
 405   if (res == 0)
 406     pedantic = 1;
 407   return res;
 408 }
 409
 410 enum mcheck_status
 411 mprobe (__ptr_t ptr)
 412 {
 413   return mcheck_used ? checkhdr (((struct hdr *) ptr) - 1) : MCHECK_DISABLED;
 414 }