glibc/malloc/mcheck.c

/* Standard debugging hooks for `malloc'.
   Copyright (C) 1990-2019 Free Software Foundation, Inc.
   This file is part of the GNU C Library.
   Written May 1989 by Mike Haertel.

   The GNU C Library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 2.1 of the License, or (at your option) any later version.

   The GNU C Library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public
   License along with the GNU C Library; if not, see
   <https://www.gnu.org/licenses/>.  */

#ifndef _MALLOC_INTERNAL
# define _MALLOC_INTERNAL
# include <malloc.h>
# include <mcheck.h>
# include <stdint.h>
# include <stdio.h>
# include <libintl.h>
# include <errno.h>
#endif

/* Old hook values.  */
static void (*old_free_hook)(void *ptr, const void *);
static void *(*old_malloc_hook) (size_t size, const void *);
static void *(*old_memalign_hook) (size_t alignment, size_t size,
				   const void *);
static void *(*old_realloc_hook) (void *ptr, size_t size,
				  const void *);

/* Function to call when something awful happens.  */
static void (*abortfunc) (enum mcheck_status);

/* Arbitrary magical numbers.  */
#define MAGICWORD       0xfedabeeb
#define MAGICFREE       0xd8675309
#define MAGICBYTE       ((char) 0xd7)
#define MALLOCFLOOD     ((char) 0x93)
#define FREEFLOOD       ((char) 0x95)

struct hdr
{
  size_t size;                  /* Exact size requested by user.  */
  unsigned long int magic;      /* Magic number to check header integrity.  */
  struct hdr *prev;
  struct hdr *next;
  void *block;                  /* Real block allocated, for memalign.  */
  unsigned long int magic2;     /* Extra, keeps us doubleword aligned.  */
};

/* This is the beginning of the list of all memory blocks allocated.
   It is only constructed if the pedantic testing is requested.  */
static struct hdr *root;

static int mcheck_used;

/* Nonzero if pedentic checking of all blocks is requested.  */
static int pedantic;

#if defined _LIBC || defined STDC_HEADERS || defined USG
# include <string.h>
# define flood memset
#else
static void flood (void *, int, size_t);
static void
flood (void *ptr, int val, size_t size)
{
  char *cp = ptr;
  while (size--)
    *cp++ = val;
}
#endif

static enum mcheck_status
checkhdr (const struct hdr *hdr)
{
  enum mcheck_status status;

  if (!mcheck_used)
    /* Maybe the mcheck used is disabled?  This happens when we find
       an error and report it.  */
    return MCHECK_OK;

  switch (hdr->magic ^ ((uintptr_t) hdr->prev + (uintptr_t) hdr->next))
    {
    default:
      status = MCHECK_HEAD;
      break;
    case MAGICFREE:
      status = MCHECK_FREE;
      break;
    case MAGICWORD:
      if (((char *) &hdr[1])[hdr->size] != MAGICBYTE)
        status = MCHECK_TAIL;
      else if ((hdr->magic2 ^ (uintptr_t) hdr->block) != MAGICWORD)
        status = MCHECK_HEAD;
      else
        status = MCHECK_OK;
      break;
    }
  if (status != MCHECK_OK)
    {
      mcheck_used = 0;
      (*abortfunc) (status);
      mcheck_used = 1;
    }
  return status;
}

void
mcheck_check_all (void)
{
  /* Walk through all the active blocks and test whether they were tampered
     with.  */
  struct hdr *runp = root;

  /* Temporarily turn off the checks.  */
  pedantic = 0;

  while (runp != NULL)
    {
      (void) checkhdr (runp);

      runp = runp->next;
    }

  /* Turn checks on again.  */
  pedantic = 1;
}
#ifdef _LIBC
libc_hidden_def (mcheck_check_all)
#endif

static void
unlink_blk (struct hdr *ptr)
{
  if (ptr->next != NULL)
    {
      ptr->next->prev = ptr->prev;
      ptr->next->magic = MAGICWORD ^ ((uintptr_t) ptr->next->prev
                                      + (uintptr_t) ptr->next->next);
    }
  if (ptr->prev != NULL)
    {
      ptr->prev->next = ptr->next;
      ptr->prev->magic = MAGICWORD ^ ((uintptr_t) ptr->prev->prev
                                      + (uintptr_t) ptr->prev->next);
    }
  else
    root = ptr->next;
}

static void
link_blk (struct hdr *hdr)
{
  hdr->prev = NULL;
  hdr->next = root;
  root = hdr;
  hdr->magic = MAGICWORD ^ (uintptr_t) hdr->next;

  /* And the next block.  */
  if (hdr->next != NULL)
    {
      hdr->next->prev = hdr;
      hdr->next->magic = MAGICWORD ^ ((uintptr_t) hdr
                                      + (uintptr_t) hdr->next->next);
    }
}
static void
freehook (void *ptr, const void *caller)
{
  if (pedantic)
    mcheck_check_all ();
  if (ptr)
    {
      struct hdr *hdr = ((struct hdr *) ptr) - 1;
      checkhdr (hdr);
      hdr->magic = MAGICFREE;
      hdr->magic2 = MAGICFREE;
      unlink_blk (hdr);
      hdr->prev = hdr->next = NULL;
      flood (ptr, FREEFLOOD, hdr->size);
      ptr = hdr->block;
    }
  __free_hook = old_free_hook;
  if (old_free_hook != NULL)
    (*old_free_hook)(ptr, caller);
  else
    free (ptr);
  __free_hook = freehook;
}

static void *
mallochook (size_t size, const void *caller)
{
  struct hdr *hdr;

  if (pedantic)
    mcheck_check_all ();

  if (size > ~((size_t) 0) - (sizeof (struct hdr) + 1))
    {
      __set_errno (ENOMEM);
      return NULL;
    }

  __malloc_hook = old_malloc_hook;
  if (old_malloc_hook != NULL)
    hdr = (struct hdr *) (*old_malloc_hook)(sizeof (struct hdr) + size + 1,
                                            caller);
  else
    hdr = (struct hdr *) malloc (sizeof (struct hdr) + size + 1);
  __malloc_hook = mallochook;
  if (hdr == NULL)
    return NULL;

  hdr->size = size;
  link_blk (hdr);
  hdr->block = hdr;
  hdr->magic2 = (uintptr_t) hdr ^ MAGICWORD;
  ((char *) &hdr[1])[size] = MAGICBYTE;
  flood ((void *) (hdr + 1), MALLOCFLOOD, size);
  return (void *) (hdr + 1);
}

static void *
memalignhook (size_t alignment, size_t size,
              const void *caller)
{
  struct hdr *hdr;
  size_t slop;
  char *block;

  if (pedantic)
    mcheck_check_all ();

  slop = (sizeof *hdr + alignment - 1) & - alignment;

  if (size > ~((size_t) 0) - (slop + 1))
    {
      __set_errno (ENOMEM);
      return NULL;
    }

  __memalign_hook = old_memalign_hook;
  if (old_memalign_hook != NULL)
    block = (*old_memalign_hook)(alignment, slop + size + 1, caller);
  else
    block = memalign (alignment, slop + size + 1);
  __memalign_hook = memalignhook;
  if (block == NULL)
    return NULL;

  hdr = ((struct hdr *) (block + slop)) - 1;

  hdr->size = size;
  link_blk (hdr);
  hdr->block = (void *) block;
  hdr->magic2 = (uintptr_t) block ^ MAGICWORD;
  ((char *) &hdr[1])[size] = MAGICBYTE;
  flood ((void *) (hdr + 1), MALLOCFLOOD, size);
  return (void *) (hdr + 1);
}

static void *
reallochook (void *ptr, size_t size, const void *caller)
{
  if (size == 0)
    {
      freehook (ptr, caller);
      return NULL;
    }

  struct hdr *hdr;
  size_t osize;

  if (pedantic)
    mcheck_check_all ();

  if (size > ~((size_t) 0) - (sizeof (struct hdr) + 1))
    {
      __set_errno (ENOMEM);
      return NULL;
    }

  if (ptr)
    {
      hdr = ((struct hdr *) ptr) - 1;
      osize = hdr->size;

      checkhdr (hdr);
      unlink_blk (hdr);
      if (size < osize)
        flood ((char *) ptr + size, FREEFLOOD, osize - size);
    }
  else
    {
      osize = 0;
      hdr = NULL;
    }
  __free_hook = old_free_hook;
  __malloc_hook = old_malloc_hook;
  __memalign_hook = old_memalign_hook;
  __realloc_hook = old_realloc_hook;
  if (old_realloc_hook != NULL)
    hdr = (struct hdr *) (*old_realloc_hook)((void *) hdr,
                                             sizeof (struct hdr) + size + 1,
                                             caller);
  else
    hdr = (struct hdr *) realloc ((void *) hdr,
                                  sizeof (struct hdr) + size + 1);
  __free_hook = freehook;
  __malloc_hook = mallochook;
  __memalign_hook = memalignhook;
  __realloc_hook = reallochook;
  if (hdr == NULL)
    return NULL;

  hdr->size = size;
  link_blk (hdr);
  hdr->block = hdr;
  hdr->magic2 = (uintptr_t) hdr ^ MAGICWORD;
  ((char *) &hdr[1])[size] = MAGICBYTE;
  if (size > osize)
    flood ((char *) (hdr + 1) + osize, MALLOCFLOOD, size - osize);
  return (void *) (hdr + 1);
}

__attribute__ ((noreturn))
static void
mabort (enum mcheck_status status)
{
  const char *msg;
  switch (status)
    {
    case MCHECK_OK:
      msg = _ ("memory is consistent, library is buggy\n");
      break;
    case MCHECK_HEAD:
      msg = _ ("memory clobbered before allocated block\n");
      break;
    case MCHECK_TAIL:
      msg = _ ("memory clobbered past end of allocated block\n");
      break;
    case MCHECK_FREE:
      msg = _ ("block freed twice\n");
      break;
    default:
      msg = _ ("bogus mcheck_status, library is buggy\n");
      break;
    }
#ifdef _LIBC
  __libc_fatal (msg);
#else
  fprintf (stderr, "mcheck: %s", msg);
  fflush (stderr);
  abort ();
#endif
}

/* Memory barrier so that GCC does not optimize out the argument.  */
#define malloc_opt_barrier(x) \
  ({ __typeof (x) __x = x; __asm ("" : "+m" (__x)); __x; })

int
mcheck (void (*func) (enum mcheck_status))
{
  abortfunc = (func != NULL) ? func : &mabort;

  /* These hooks may not be safely inserted if malloc is already in use.  */
  if (__malloc_initialized <= 0 && !mcheck_used)
    {
      /* We call malloc() once here to ensure it is initialized.  */
      void *p = malloc (0);
      /* GCC might optimize out the malloc/free pair without a barrier.  */
      p = malloc_opt_barrier (p);
      free (p);

      old_free_hook = __free_hook;
      __free_hook = freehook;
      old_malloc_hook = __malloc_hook;
      __malloc_hook = mallochook;
      old_memalign_hook = __memalign_hook;
      __memalign_hook = memalignhook;
      old_realloc_hook = __realloc_hook;
      __realloc_hook = reallochook;
      mcheck_used = 1;
    }

  return mcheck_used ? 0 : -1;
}
#ifdef _LIBC
libc_hidden_def (mcheck)
#endif

int
mcheck_pedantic (void (*func) (enum mcheck_status))
{
  int res = mcheck (func);
  if (res == 0)
    pedantic = 1;
  return res;
}

enum mcheck_status
mprobe (void *ptr)
{
  return mcheck_used ? checkhdr (((struct hdr *) ptr) - 1) : MCHECK_DISABLED;
}