malloc/mcheck.c

   1 /* Standard debugging hooks for `malloc'.
   2    Copyright (C) 1990-1997,1999,2000-2002,2007,2010,2012
   3    Free Software Foundation, Inc.
   4    This file is part of the GNU C Library.
   5    Written May 1989 by Mike Haertel.
   6
   7    The GNU C Library is free software; you can redistribute it and/or
   8    modify it under the terms of the GNU Lesser General Public
   9    License as published by the Free Software Foundation; either
  10    version 2.1 of the License, or (at your option) any later version.
  11
  12    The GNU C Library is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  15    Lesser General Public License for more details.
  16
  17    You should have received a copy of the GNU Lesser General Public
  18    License along with the GNU C Library; if not, see
  19    <http://www.gnu.org/licenses/>.  */
  20
  21 #ifndef _MALLOC_INTERNAL
  22 # define _MALLOC_INTERNAL
  23 # include <malloc.h>
  24 # include <mcheck.h>
  25 # include <stdint.h>
  26 # include <stdio.h>
  27 # include <libintl.h>
  28 # include <errno.h>
  29 #endif
  30
  31 /* Old hook values.  */
  32 static void (*old_free_hook) (__ptr_t ptr, const __ptr_t);
  33 static __ptr_t (*old_malloc_hook) (__malloc_size_t size, const __ptr_t);
  34 static __ptr_t (*old_memalign_hook) (__malloc_size_t alignment,
  35                                      __malloc_size_t size,
  36                                      const __ptr_t);
  37 static __ptr_t (*old_realloc_hook) (__ptr_t ptr, __malloc_size_t size,
  38                                     const __ptr_t);
  39
  40 /* Function to call when something awful happens.  */
  41 static void (*abortfunc) (enum mcheck_status);
  42
  43 /* Arbitrary magical numbers.  */
  44 #define MAGICWORD       0xfedabeeb
  45 #define MAGICFREE       0xd8675309
  46 #define MAGICBYTE       ((char) 0xd7)
  47 #define MALLOCFLOOD     ((char) 0x93)
  48 #define FREEFLOOD       ((char) 0x95)
  49
  50 struct hdr
  51   {
  52     __malloc_size_t size;       /* Exact size requested by user.  */
  53     unsigned long int magic;    /* Magic number to check header integrity.  */
  54     struct hdr *prev;
  55     struct hdr *next;
  56     __ptr_t block;              /* Real block allocated, for memalign.  */
  57     unsigned long int magic2;   /* Extra, keeps us doubleword aligned.  */
  58   };
  59
  60 /* This is the beginning of the list of all memory blocks allocated.
  61    It is only constructed if the pedantic testing is requested.  */
  62 static struct hdr *root;
  63
  64 static int mcheck_used;
  65
  66 /* Nonzero if pedentic checking of all blocks is requested.  */
  67 static int pedantic;
  68
  69 #if defined _LIBC || defined STDC_HEADERS || defined USG
  70 # include <string.h>
  71 # define flood memset
  72 #else
  73 static void flood (__ptr_t, int, __malloc_size_t);
  74 static void
  75 flood (ptr, val, size)
  76      __ptr_t ptr;
  77      int val;
  78      __malloc_size_t size;
  79 {
  80   char *cp = ptr;
  81   while (size--)
  82     *cp++ = val;
  83 }
  84 #endif
  85
  86 static enum mcheck_status
  87 checkhdr (const struct hdr *hdr)
  88 {
  89   enum mcheck_status status;
  90
  91   if (!mcheck_used)
  92     /* Maybe the mcheck used is disabled?  This happens when we find
  93        an error and report it.  */
  94     return MCHECK_OK;
  95
  96   switch (hdr->magic ^ ((uintptr_t) hdr->prev + (uintptr_t) hdr->next))
  97     {
  98     default:
  99       status = MCHECK_HEAD;
 100       break;
 101     case MAGICFREE:
 102       status = MCHECK_FREE;
 103       break;
 104     case MAGICWORD:
 105       if (((char *) &hdr[1])[hdr->size] != MAGICBYTE)
 106         status = MCHECK_TAIL;
 107       else if ((hdr->magic2 ^ (uintptr_t) hdr->block) != MAGICWORD)
 108         status = MCHECK_HEAD;
 109       else
 110         status = MCHECK_OK;
 111       break;
 112     }
 113   if (status != MCHECK_OK)
 114     {
 115       mcheck_used = 0;
 116       (*abortfunc) (status);
 117       mcheck_used = 1;
 118     }
 119   return status;
 120 }
 121
 122 void
 123 mcheck_check_all (void)
 124 {
 125   /* Walk through all the active blocks and test whether they were tempered
 126      with.  */
 127   struct hdr *runp = root;
 128
 129   /* Temporarily turn off the checks.  */
 130   pedantic = 0;
 131
 132   while (runp != NULL)
 133     {
 134       (void) checkhdr (runp);
 135
 136       runp = runp->next;
 137     }
 138
 139   /* Turn checks on again.  */
 140   pedantic = 1;
 141 }
 142 #ifdef _LIBC
 143 libc_hidden_def (mcheck_check_all)
 144 #endif
 145
 146 static void
 147 unlink_blk (struct hdr *ptr)
 148 {
 149   if (ptr->next != NULL)
 150     {
 151       ptr->next->prev = ptr->prev;
 152       ptr->next->magic = MAGICWORD ^ ((uintptr_t) ptr->next->prev
 153                                       + (uintptr_t) ptr->next->next);
 154     }
 155   if (ptr->prev != NULL)
 156     {
 157       ptr->prev->next = ptr->next;
 158       ptr->prev->magic = MAGICWORD ^ ((uintptr_t) ptr->prev->prev
 159                                       + (uintptr_t) ptr->prev->next);
 160     }
 161   else
 162     root = ptr->next;
 163 }
 164
 165 static void
 166 link_blk (struct hdr *hdr)
 167 {
 168   hdr->prev = NULL;
 169   hdr->next = root;
 170   root = hdr;
 171   hdr->magic = MAGICWORD ^ (uintptr_t) hdr->next;
 172
 173   /* And the next block.  */
 174   if (hdr->next != NULL)
 175     {
 176       hdr->next->prev = hdr;
 177       hdr->next->magic = MAGICWORD ^ ((uintptr_t) hdr
 178                                       + (uintptr_t) hdr->next->next);
 179     }
 180 }
 181 static void
 182 freehook (__ptr_t ptr, const __ptr_t caller)
 183 {
 184   if (pedantic)
 185     mcheck_check_all ();
 186   if (ptr)
 187     {
 188       struct hdr *hdr = ((struct hdr *) ptr) - 1;
 189       checkhdr (hdr);
 190       hdr->magic = MAGICFREE;
 191       hdr->magic2 = MAGICFREE;
 192       unlink_blk (hdr);
 193       hdr->prev = hdr->next = NULL;
 194       flood (ptr, FREEFLOOD, hdr->size);
 195       ptr = hdr->block;
 196     }
 197   __free_hook = old_free_hook;
 198   if (old_free_hook != NULL)
 199     (*old_free_hook) (ptr, caller);
 200   else
 201     free (ptr);
 202   __free_hook = freehook;
 203 }
 204
 205 static __ptr_t
 206 mallochook (__malloc_size_t size, const __ptr_t caller)
 207 {
 208   struct hdr *hdr;
 209
 210   if (pedantic)
 211     mcheck_check_all ();
 212
 213   if (size > ~((size_t) 0) - (sizeof (struct hdr) + 1))
 214     {
 215       __set_errno (ENOMEM);
 216       return NULL;
 217     }
 218
 219   __malloc_hook = old_malloc_hook;
 220   if (old_malloc_hook != NULL)
 221     hdr = (struct hdr *) (*old_malloc_hook) (sizeof (struct hdr) + size + 1,
 222                                              caller);
 223   else
 224     hdr = (struct hdr *) malloc (sizeof (struct hdr) + size + 1);
 225   __malloc_hook = mallochook;
 226   if (hdr == NULL)
 227     return NULL;
 228
 229   hdr->size = size;
 230   link_blk (hdr);
 231   hdr->block = hdr;
 232   hdr->magic2 = (uintptr_t) hdr ^ MAGICWORD;
 233   ((char *) &hdr[1])[size] = MAGICBYTE;
 234   flood ((__ptr_t) (hdr + 1), MALLOCFLOOD, size);
 235   return (__ptr_t) (hdr + 1);
 236 }
 237
 238 static __ptr_t
 239 memalignhook (__malloc_size_t alignment, __malloc_size_t size,
 240               const __ptr_t caller)
 241 {
 242   struct hdr *hdr;
 243   __malloc_size_t slop;
 244   char *block;
 245
 246   if (pedantic)
 247     mcheck_check_all ();
 248
 249   slop = (sizeof *hdr + alignment - 1) & -alignment;
 250
 251   if (size > ~((size_t) 0) - (slop + 1))
 252     {
 253       __set_errno (ENOMEM);
 254       return NULL;
 255     }
 256
 257   __memalign_hook = old_memalign_hook;
 258   if (old_memalign_hook != NULL)
 259     block = (*old_memalign_hook) (alignment, slop + size + 1, caller);
 260   else
 261     block = memalign (alignment, slop + size + 1);
 262   __memalign_hook = memalignhook;
 263   if (block == NULL)
 264     return NULL;
 265
 266   hdr = ((struct hdr *) (block + slop)) - 1;
 267
 268   hdr->size = size;
 269   link_blk (hdr);
 270   hdr->block = (__ptr_t) block;
 271   hdr->magic2 = (uintptr_t) block ^ MAGICWORD;
 272   ((char *) &hdr[1])[size] = MAGICBYTE;
 273   flood ((__ptr_t) (hdr + 1), MALLOCFLOOD, size);
 274   return (__ptr_t) (hdr + 1);
 275 }
 276
 277 static __ptr_t
 278 reallochook (__ptr_t ptr, __malloc_size_t size, const __ptr_t caller)
 279 {
 280   if (size == 0)
 281     {
 282       freehook (ptr, caller);
 283       return NULL;
 284     }
 285
 286   struct hdr *hdr;
 287   __malloc_size_t osize;
 288
 289   if (pedantic)
 290     mcheck_check_all ();
 291
 292   if (size > ~((size_t) 0) - (sizeof (struct hdr) + 1))
 293     {
 294       __set_errno (ENOMEM);
 295       return NULL;
 296     }
 297
 298   if (ptr)
 299     {
 300       hdr = ((struct hdr *) ptr) - 1;
 301       osize = hdr->size;
 302
 303       checkhdr (hdr);
 304       unlink_blk (hdr);
 305       if (size < osize)
 306         flood ((char *) ptr + size, FREEFLOOD, osize - size);
 307     }
 308   else
 309     {
 310       osize = 0;
 311       hdr = NULL;
 312     }
 313   __free_hook = old_free_hook;
 314   __malloc_hook = old_malloc_hook;
 315   __memalign_hook = old_memalign_hook;
 316   __realloc_hook = old_realloc_hook;
 317   if (old_realloc_hook != NULL)
 318     hdr = (struct hdr *) (*old_realloc_hook) ((__ptr_t) hdr,
 319                                               sizeof (struct hdr) + size + 1,
 320                                               caller);
 321   else
 322     hdr = (struct hdr *) realloc ((__ptr_t) hdr,
 323                                   sizeof (struct hdr) + size + 1);
 324   __free_hook = freehook;
 325   __malloc_hook = mallochook;
 326   __memalign_hook = memalignhook;
 327   __realloc_hook = reallochook;
 328   if (hdr == NULL)
 329     return NULL;
 330
 331   hdr->size = size;
 332   link_blk (hdr);
 333   hdr->block = hdr;
 334   hdr->magic2 = (uintptr_t) hdr ^ MAGICWORD;
 335   ((char *) &hdr[1])[size] = MAGICBYTE;
 336   if (size > osize)
 337     flood ((char *) (hdr + 1) + osize, MALLOCFLOOD, size - osize);
 338   return (__ptr_t) (hdr + 1);
 339 }
 340
 341 __attribute__ ((noreturn))
 342 static void
 343 mabort (enum mcheck_status status)
 344 {
 345   const char *msg;
 346   switch (status)
 347     {
 348     case MCHECK_OK:
 349       msg = _("memory is consistent, library is buggy\n");
 350       break;
 351     case MCHECK_HEAD:
 352       msg = _("memory clobbered before allocated block\n");
 353       break;
 354     case MCHECK_TAIL:
 355       msg = _("memory clobbered past end of allocated block\n");
 356       break;
 357     case MCHECK_FREE:
 358       msg = _("block freed twice\n");
 359       break;
 360     default:
 361       msg = _("bogus mcheck_status, library is buggy\n");
 362       break;
 363     }
 364 #ifdef _LIBC
 365   __libc_fatal (msg);
 366 #else
 367   fprintf (stderr, "mcheck: %s", msg);
 368   fflush (stderr);
 369   abort ();
 370 #endif
 371 }
 372
 373 int
 374 mcheck (func)
 375      void (*func) (enum mcheck_status);
 376 {
 377   abortfunc = (func != NULL) ? func : &mabort;
 378
 379   /* These hooks may not be safely inserted if malloc is already in use.  */
 380   if (__malloc_initialized <= 0 && !mcheck_used)
 381     {
 382       /* We call malloc() once here to ensure it is initialized.  */
 383       void *p = malloc (0);
 384       free (p);
 385
 386       old_free_hook = __free_hook;
 387       __free_hook = freehook;
 388       old_malloc_hook = __malloc_hook;
 389       __malloc_hook = mallochook;
 390       old_memalign_hook = __memalign_hook;
 391       __memalign_hook = memalignhook;
 392       old_realloc_hook = __realloc_hook;
 393       __realloc_hook = reallochook;
 394       mcheck_used = 1;
 395     }
 396
 397   return mcheck_used ? 0 : -1;
 398 }
 399 #ifdef _LIBC
 400 libc_hidden_def (mcheck)
 401 #endif
 402
 403 int
 404 mcheck_pedantic (func)
 405       void (*func) (enum mcheck_status);
 406 {
 407   int res = mcheck (func);
 408   if (res == 0)
 409     pedantic = 1;
 410   return res;
 411 }
 412
 413 enum mcheck_status
 414 mprobe (__ptr_t ptr)
 415 {
 416   return mcheck_used ? checkhdr (((struct hdr *) ptr) - 1) : MCHECK_DISABLED;
 417 }