malloc/mcheck.c

   1 /* Standard debugging hooks for `malloc'.
   2    Copyright (C) 1990-2016 Free Software Foundation, Inc.
   3    This file is part of the GNU C Library.
   4    Written May 1989 by Mike Haertel.
   5
   6    The GNU C Library is free software; you can redistribute it and/or
   7    modify it under the terms of the GNU Lesser General Public
   8    License as published by the Free Software Foundation; either
   9    version 2.1 of the License, or (at your option) any later version.
  10
  11    The GNU C Library is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14    Lesser General Public License for more details.
  15
  16    You should have received a copy of the GNU Lesser General Public
  17    License along with the GNU C Library; if not, see
  18    <http://www.gnu.org/licenses/>.  */
  19
  20 #ifndef _MALLOC_INTERNAL
  21 # define _MALLOC_INTERNAL
  22 # include <malloc.h>
  23 # include <mcheck.h>
  24 # include <stdint.h>
  25 # include <stdio.h>
  26 # include <libintl.h>
  27 # include <errno.h>
  28 #endif
  29
  30 /* Old hook values.  */
  31 static void (*old_free_hook)(__ptr_t ptr, const __ptr_t);
  32 static __ptr_t (*old_malloc_hook) (size_t size, const __ptr_t);
  33 static __ptr_t (*old_memalign_hook) (size_t alignment, size_t size,
  34                                      const __ptr_t);
  35 static __ptr_t (*old_realloc_hook) (__ptr_t ptr, size_t size,
  36                                     const __ptr_t);
  37
  38 /* Function to call when something awful happens.  */
  39 static void (*abortfunc) (enum mcheck_status);
  40
  41 /* Arbitrary magical numbers.  */
  42 #define MAGICWORD       0xfedabeeb
  43 #define MAGICFREE       0xd8675309
  44 #define MAGICBYTE       ((char) 0xd7)
  45 #define MALLOCFLOOD     ((char) 0x93)
  46 #define FREEFLOOD       ((char) 0x95)
  47
  48 struct hdr
  49 {
  50   size_t size;                  /* Exact size requested by user.  */
  51   unsigned long int magic;      /* Magic number to check header integrity.  */
  52   struct hdr *prev;
  53   struct hdr *next;
  54   __ptr_t block;                /* Real block allocated, for memalign.  */
  55   unsigned long int magic2;     /* Extra, keeps us doubleword aligned.  */
  56 };
  57
  58 /* This is the beginning of the list of all memory blocks allocated.
  59    It is only constructed if the pedantic testing is requested.  */
  60 static struct hdr *root;
  61
  62 static int mcheck_used;
  63
  64 /* Nonzero if pedentic checking of all blocks is requested.  */
  65 static int pedantic;
  66
  67 #if defined _LIBC || defined STDC_HEADERS || defined USG
  68 # include <string.h>
  69 # define flood memset
  70 #else
  71 static void flood (__ptr_t, int, size_t);
  72 static void
  73 flood (__ptr_t ptr, int val, size_t size)
  74 {
  75   char *cp = ptr;
  76   while (size--)
  77     *cp++ = val;
  78 }
  79 #endif
  80
  81 static enum mcheck_status
  82 checkhdr (const struct hdr *hdr)
  83 {
  84   enum mcheck_status status;
  85
  86   if (!mcheck_used)
  87     /* Maybe the mcheck used is disabled?  This happens when we find
  88        an error and report it.  */
  89     return MCHECK_OK;
  90
  91   switch (hdr->magic ^ ((uintptr_t) hdr->prev + (uintptr_t) hdr->next))
  92     {
  93     default:
  94       status = MCHECK_HEAD;
  95       break;
  96     case MAGICFREE:
  97       status = MCHECK_FREE;
  98       break;
  99     case MAGICWORD:
 100       if (((char *) &hdr[1])[hdr->size] != MAGICBYTE)
 101         status = MCHECK_TAIL;
 102       else if ((hdr->magic2 ^ (uintptr_t) hdr->block) != MAGICWORD)
 103         status = MCHECK_HEAD;
 104       else
 105         status = MCHECK_OK;
 106       break;
 107     }
 108   if (status != MCHECK_OK)
 109     {
 110       mcheck_used = 0;
 111       (*abortfunc) (status);
 112       mcheck_used = 1;
 113     }
 114   return status;
 115 }
 116
 117 void
 118 mcheck_check_all (void)
 119 {
 120   /* Walk through all the active blocks and test whether they were tampered
 121      with.  */
 122   struct hdr *runp = root;
 123
 124   /* Temporarily turn off the checks.  */
 125   pedantic = 0;
 126
 127   while (runp != NULL)
 128     {
 129       (void) checkhdr (runp);
 130
 131       runp = runp->next;
 132     }
 133
 134   /* Turn checks on again.  */
 135   pedantic = 1;
 136 }
 137 #ifdef _LIBC
 138 libc_hidden_def (mcheck_check_all)
 139 #endif
 140
 141 static void
 142 unlink_blk (struct hdr *ptr)
 143 {
 144   if (ptr->next != NULL)
 145     {
 146       ptr->next->prev = ptr->prev;
 147       ptr->next->magic = MAGICWORD ^ ((uintptr_t) ptr->next->prev
 148                                       + (uintptr_t) ptr->next->next);
 149     }
 150   if (ptr->prev != NULL)
 151     {
 152       ptr->prev->next = ptr->next;
 153       ptr->prev->magic = MAGICWORD ^ ((uintptr_t) ptr->prev->prev
 154                                       + (uintptr_t) ptr->prev->next);
 155     }
 156   else
 157     root = ptr->next;
 158 }
 159
 160 static void
 161 link_blk (struct hdr *hdr)
 162 {
 163   hdr->prev = NULL;
 164   hdr->next = root;
 165   root = hdr;
 166   hdr->magic = MAGICWORD ^ (uintptr_t) hdr->next;
 167
 168   /* And the next block.  */
 169   if (hdr->next != NULL)
 170     {
 171       hdr->next->prev = hdr;
 172       hdr->next->magic = MAGICWORD ^ ((uintptr_t) hdr
 173                                       + (uintptr_t) hdr->next->next);
 174     }
 175 }
 176 static void
 177 freehook (__ptr_t ptr, const __ptr_t caller)
 178 {
 179   if (pedantic)
 180     mcheck_check_all ();
 181   if (ptr)
 182     {
 183       struct hdr *hdr = ((struct hdr *) ptr) - 1;
 184       checkhdr (hdr);
 185       hdr->magic = MAGICFREE;
 186       hdr->magic2 = MAGICFREE;
 187       unlink_blk (hdr);
 188       hdr->prev = hdr->next = NULL;
 189       flood (ptr, FREEFLOOD, hdr->size);
 190       ptr = hdr->block;
 191     }
 192   __free_hook = old_free_hook;
 193   if (old_free_hook != NULL)
 194     (*old_free_hook)(ptr, caller);
 195   else
 196     free (ptr);
 197   __free_hook = freehook;
 198 }
 199
 200 static __ptr_t
 201 mallochook (size_t size, const __ptr_t caller)
 202 {
 203   struct hdr *hdr;
 204
 205   if (pedantic)
 206     mcheck_check_all ();
 207
 208   if (size > ~((size_t) 0) - (sizeof (struct hdr) + 1))
 209     {
 210       __set_errno (ENOMEM);
 211       return NULL;
 212     }
 213
 214   __malloc_hook = old_malloc_hook;
 215   if (old_malloc_hook != NULL)
 216     hdr = (struct hdr *) (*old_malloc_hook)(sizeof (struct hdr) + size + 1,
 217                                             caller);
 218   else
 219     hdr = (struct hdr *) malloc (sizeof (struct hdr) + size + 1);
 220   __malloc_hook = mallochook;
 221   if (hdr == NULL)
 222     return NULL;
 223
 224   hdr->size = size;
 225   link_blk (hdr);
 226   hdr->block = hdr;
 227   hdr->magic2 = (uintptr_t) hdr ^ MAGICWORD;
 228   ((char *) &hdr[1])[size] = MAGICBYTE;
 229   flood ((__ptr_t) (hdr + 1), MALLOCFLOOD, size);
 230   return (__ptr_t) (hdr + 1);
 231 }
 232
 233 static __ptr_t
 234 memalignhook (size_t alignment, size_t size,
 235               const __ptr_t caller)
 236 {
 237   struct hdr *hdr;
 238   size_t slop;
 239   char *block;
 240
 241   if (pedantic)
 242     mcheck_check_all ();
 243
 244   slop = (sizeof *hdr + alignment - 1) & - alignment;
 245
 246   if (size > ~((size_t) 0) - (slop + 1))
 247     {
 248       __set_errno (ENOMEM);
 249       return NULL;
 250     }
 251
 252   __memalign_hook = old_memalign_hook;
 253   if (old_memalign_hook != NULL)
 254     block = (*old_memalign_hook)(alignment, slop + size + 1, caller);
 255   else
 256     block = memalign (alignment, slop + size + 1);
 257   __memalign_hook = memalignhook;
 258   if (block == NULL)
 259     return NULL;
 260
 261   hdr = ((struct hdr *) (block + slop)) - 1;
 262
 263   hdr->size = size;
 264   link_blk (hdr);
 265   hdr->block = (__ptr_t) block;
 266   hdr->magic2 = (uintptr_t) block ^ MAGICWORD;
 267   ((char *) &hdr[1])[size] = MAGICBYTE;
 268   flood ((__ptr_t) (hdr + 1), MALLOCFLOOD, size);
 269   return (__ptr_t) (hdr + 1);
 270 }
 271
 272 static __ptr_t
 273 reallochook (__ptr_t ptr, size_t size, const __ptr_t caller)
 274 {
 275   if (size == 0)
 276     {
 277       freehook (ptr, caller);
 278       return NULL;
 279     }
 280
 281   struct hdr *hdr;
 282   size_t osize;
 283
 284   if (pedantic)
 285     mcheck_check_all ();
 286
 287   if (size > ~((size_t) 0) - (sizeof (struct hdr) + 1))
 288     {
 289       __set_errno (ENOMEM);
 290       return NULL;
 291     }
 292
 293   if (ptr)
 294     {
 295       hdr = ((struct hdr *) ptr) - 1;
 296       osize = hdr->size;
 297
 298       checkhdr (hdr);
 299       unlink_blk (hdr);
 300       if (size < osize)
 301         flood ((char *) ptr + size, FREEFLOOD, osize - size);
 302     }
 303   else
 304     {
 305       osize = 0;
 306       hdr = NULL;
 307     }
 308   __free_hook = old_free_hook;
 309   __malloc_hook = old_malloc_hook;
 310   __memalign_hook = old_memalign_hook;
 311   __realloc_hook = old_realloc_hook;
 312   if (old_realloc_hook != NULL)
 313     hdr = (struct hdr *) (*old_realloc_hook)((__ptr_t) hdr,
 314                                              sizeof (struct hdr) + size + 1,
 315                                              caller);
 316   else
 317     hdr = (struct hdr *) realloc ((__ptr_t) hdr,
 318                                   sizeof (struct hdr) + size + 1);
 319   __free_hook = freehook;
 320   __malloc_hook = mallochook;
 321   __memalign_hook = memalignhook;
 322   __realloc_hook = reallochook;
 323   if (hdr == NULL)
 324     return NULL;
 325
 326   hdr->size = size;
 327   link_blk (hdr);
 328   hdr->block = hdr;
 329   hdr->magic2 = (uintptr_t) hdr ^ MAGICWORD;
 330   ((char *) &hdr[1])[size] = MAGICBYTE;
 331   if (size > osize)
 332     flood ((char *) (hdr + 1) + osize, MALLOCFLOOD, size - osize);
 333   return (__ptr_t) (hdr + 1);
 334 }
 335
 336 __attribute__ ((noreturn))
 337 static void
 338 mabort (enum mcheck_status status)
 339 {
 340   const char *msg;
 341   switch (status)
 342     {
 343     case MCHECK_OK:
 344       msg = _ ("memory is consistent, library is buggy\n");
 345       break;
 346     case MCHECK_HEAD:
 347       msg = _ ("memory clobbered before allocated block\n");
 348       break;
 349     case MCHECK_TAIL:
 350       msg = _ ("memory clobbered past end of allocated block\n");
 351       break;
 352     case MCHECK_FREE:
 353       msg = _ ("block freed twice\n");
 354       break;
 355     default:
 356       msg = _ ("bogus mcheck_status, library is buggy\n");
 357       break;
 358     }
 359 #ifdef _LIBC
 360   __libc_fatal (msg);
 361 #else
 362   fprintf (stderr, "mcheck: %s", msg);
 363   fflush (stderr);
 364   abort ();
 365 #endif
 366 }
 367
 368 /* Memory barrier so that GCC does not optimize out the argument.  */
 369 #define malloc_opt_barrier(x) \
 370   ({ __typeof (x) __x = x; __asm ("" : "+m" (__x)); __x; })
 371
 372 int
 373 mcheck (void (*func) (enum mcheck_status))
 374 {
 375   abortfunc = (func != NULL) ? func : &mabort;
 376
 377   /* These hooks may not be safely inserted if malloc is already in use.  */
 378   if (__malloc_initialized <= 0 && !mcheck_used)
 379     {
 380       /* We call malloc() once here to ensure it is initialized.  */
 381       void *p = malloc (0);
 382       /* GCC might optimize out the malloc/free pair without a barrier.  */
 383       p = malloc_opt_barrier (p);
 384       free (p);
 385
 386       old_free_hook = __free_hook;
 387       __free_hook = freehook;
 388       old_malloc_hook = __malloc_hook;
 389       __malloc_hook = mallochook;
 390       old_memalign_hook = __memalign_hook;
 391       __memalign_hook = memalignhook;
 392       old_realloc_hook = __realloc_hook;
 393       __realloc_hook = reallochook;
 394       mcheck_used = 1;
 395     }
 396
 397   return mcheck_used ? 0 : -1;
 398 }
 399 #ifdef _LIBC
 400 libc_hidden_def (mcheck)
 401 #endif
 402
 403 int
 404 mcheck_pedantic (void (*func) (enum mcheck_status))
 405 {
 406   int res = mcheck (func);
 407   if (res == 0)
 408     pedantic = 1;
 409   return res;
 410 }
 411
 412 enum mcheck_status
 413 mprobe (__ptr_t ptr)
 414 {
 415   return mcheck_used ? checkhdr (((struct hdr *) ptr) - 1) : MCHECK_DISABLED;
 416 }