Back to index

glibc  2.9
Classes | Defines | Functions | Variables
mcheck.c File Reference
#include <malloc.h>
#include <mcheck.h>
#include <stdint.h>
#include <stdio.h>
#include <libintl.h>

Go to the source code of this file.

Classes

struct  hdr

Defines

#define _MALLOC_INTERNAL
#define MAGICWORD   0xfedabeeb
#define MAGICFREE   0xd8675309
#define MAGICBYTE   ((char) 0xd7)
#define MALLOCFLOOD   ((char) 0x93)
#define FREEFLOOD   ((char) 0x95)

Functions

static void flood (__ptr_t, int, __malloc_size_t)
static enum mcheck_status checkhdr (const struct hdr *hdr)
void mcheck_check_all (void)
static void unlink_blk (struct hdr *ptr)
static void link_blk (struct hdr *hdr)
static void freehook (__ptr_t ptr, const __ptr_t caller)
static __ptr_t mallochook (__malloc_size_t size, const __ptr_t caller)
static __ptr_t memalignhook (__malloc_size_t alignment, __malloc_size_t size, const __ptr_t caller)
static __ptr_t reallochook (__ptr_t ptr, __malloc_size_t size, const __ptr_t caller)
 __attribute__ ((noreturn))
int mcheck (void(*)(enum mcheck_status) func)
int mcheck_pedantic (void(*)(enum mcheck_status) func)
enum mcheck_status mprobe (__ptr_t ptr)

Variables

static void(* old_free_hook )(__ptr_t ptr, __const __ptr_t)
static __ptr_t(* old_malloc_hook )(__malloc_size_t size, const __ptr_t)
static __ptr_t(* old_memalign_hook )(__malloc_size_t alignment, __malloc_size_t size, const __ptr_t)
static __ptr_t(* old_realloc_hook )(__ptr_t ptr, __malloc_size_t size, __const __ptr_t)
static void(* abortfunc )(enum mcheck_status)
static struct hdrroot
static int mcheck_used
static int pedantic

Class Documentation

struct hdr

Definition at line 49 of file mcheck.c.

Collaboration diagram for hdr:
Class Members
__ptr_t block
unsigned long int magic
unsigned long int magic2
struct hdr * next
struct hdr * prev
__malloc_size_t size

Define Documentation

Definition at line 22 of file mcheck.c.

#define FREEFLOOD   ((char) 0x95)

Definition at line 47 of file mcheck.c.

#define MAGICBYTE   ((char) 0xd7)

Definition at line 45 of file mcheck.c.

#define MAGICFREE   0xd8675309

Definition at line 44 of file mcheck.c.

#define MAGICWORD   0xfedabeeb

Definition at line 43 of file mcheck.c.

#define MALLOCFLOOD   ((char) 0x93)

Definition at line 46 of file mcheck.c.


Function Documentation

__attribute__ ( (noreturn)  )

Definition at line 322 of file mcheck.c.

{
  const char *msg;
  switch (status)
    {
    case MCHECK_OK:
      msg = _("memory is consistent, library is buggy\n");
      break;
    case MCHECK_HEAD:
      msg = _("memory clobbered before allocated block\n");
      break;
    case MCHECK_TAIL:
      msg = _("memory clobbered past end of allocated block\n");
      break;
    case MCHECK_FREE:
      msg = _("block freed twice\n");
      break;
    default:
      msg = _("bogus mcheck_status, library is buggy\n");
      break;
    }
#ifdef _LIBC
  __libc_fatal (msg);
#else
  fprintf (stderr, "mcheck: %s", msg);
  fflush (stderr);
  abort ();
#endif
}

Here is the call graph for this function:

static enum mcheck_status checkhdr ( const struct hdr hdr) [static]

Definition at line 86 of file mcheck.c.

{
  enum mcheck_status status;

  if (!mcheck_used)
    /* Maybe the mcheck used is disabled?  This happens when we find
       an error and report it.  */
    return MCHECK_OK;

  switch (hdr->magic ^ ((uintptr_t) hdr->prev + (uintptr_t) hdr->next))
    {
    default:
      status = MCHECK_HEAD;
      break;
    case MAGICFREE:
      status = MCHECK_FREE;
      break;
    case MAGICWORD:
      if (((char *) &hdr[1])[hdr->size] != MAGICBYTE)
       status = MCHECK_TAIL;
      else if ((hdr->magic2 ^ (uintptr_t) hdr->block) != MAGICWORD)
       status = MCHECK_HEAD;
      else
       status = MCHECK_OK;
      break;
    }
  if (status != MCHECK_OK)
    {
      mcheck_used = 0;
      (*abortfunc) (status);
      mcheck_used = 1;
    }
  return status;
}

Here is the caller graph for this function:

static void flood ( __ptr_t  ptr,
int  val,
__malloc_size_t  size 
) [static]

Definition at line 74 of file mcheck.c.

{
  char *cp = ptr;
  while (size--)
    *cp++ = val;
}

Here is the caller graph for this function:

static void freehook ( __ptr_t  ptr,
const __ptr_t  caller 
) [static]

Definition at line 181 of file mcheck.c.

{
  if (pedantic)
    mcheck_check_all ();
  if (ptr)
    {
      struct hdr *hdr = ((struct hdr *) ptr) - 1;
      checkhdr (hdr);
      hdr->magic = MAGICFREE;
      hdr->magic2 = MAGICFREE;
      unlink_blk (hdr);
      hdr->prev = hdr->next = NULL;
      flood (ptr, FREEFLOOD, hdr->size);
      ptr = hdr->block;
    }
  __free_hook = old_free_hook;
  if (old_free_hook != NULL)
    (*old_free_hook) (ptr, caller);
  else
    free (ptr);
  __free_hook = freehook;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void link_blk ( struct hdr hdr) [static]

Definition at line 165 of file mcheck.c.

{
  hdr->prev = NULL;
  hdr->next = root;
  root = hdr;
  hdr->magic = MAGICWORD ^ (uintptr_t) hdr->next;

  /* And the next block.  */
  if (hdr->next != NULL)
    {
      hdr->next->prev = hdr;
      hdr->next->magic = MAGICWORD ^ ((uintptr_t) hdr
                                  + (uintptr_t) hdr->next->next);
    }
}

Here is the caller graph for this function:

static __ptr_t mallochook ( __malloc_size_t  size,
const __ptr_t  caller 
) [static]

Definition at line 205 of file mcheck.c.

{
  struct hdr *hdr;

  if (pedantic)
    mcheck_check_all ();

  __malloc_hook = old_malloc_hook;
  if (old_malloc_hook != NULL)
    hdr = (struct hdr *) (*old_malloc_hook) (sizeof (struct hdr) + size + 1,
                                        caller);
  else
    hdr = (struct hdr *) malloc (sizeof (struct hdr) + size + 1);
  __malloc_hook = mallochook;
  if (hdr == NULL)
    return NULL;

  hdr->size = size;
  link_blk (hdr);
  hdr->block = hdr;
  hdr->magic2 = (uintptr_t) hdr ^ MAGICWORD;
  ((char *) &hdr[1])[size] = MAGICBYTE;
  flood ((__ptr_t) (hdr + 1), MALLOCFLOOD, size);
  return (__ptr_t) (hdr + 1);
}

Here is the call graph for this function:

Here is the caller graph for this function:

int mcheck ( void (*) (enum mcheck_status func)

Definition at line 355 of file mcheck.c.

{
  abortfunc = (func != NULL) ? func : &mabort;

  /* These hooks may not be safely inserted if malloc is already in use.  */
  if (__malloc_initialized <= 0 && !mcheck_used)
    {
      /* We call malloc() once here to ensure it is initialized.  */
      void *p = malloc (0);
      free (p);

      old_free_hook = __free_hook;
      __free_hook = freehook;
      old_malloc_hook = __malloc_hook;
      __malloc_hook = mallochook;
      old_memalign_hook = __memalign_hook;
      __memalign_hook = memalignhook;
      old_realloc_hook = __realloc_hook;
      __realloc_hook = reallochook;
      mcheck_used = 1;
    }

  return mcheck_used ? 0 : -1;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void mcheck_check_all ( void  )

Definition at line 122 of file mcheck.c.

{
  /* Walk through all the active blocks and test whether they were tempered
     with.  */
  struct hdr *runp = root;

  /* Temporarily turn off the checks.  */
  pedantic = 0;

  while (runp != NULL)
    {
      (void) checkhdr (runp);

      runp = runp->next;
    }

  /* Turn checks on again.  */
  pedantic = 1;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int mcheck_pedantic ( void (*) (enum mcheck_status func)

Definition at line 385 of file mcheck.c.

{
  int res = mcheck (func);
  if (res == 0)
    pedantic = 1;
  return res;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static __ptr_t memalignhook ( __malloc_size_t  alignment,
__malloc_size_t  size,
const __ptr_t  caller 
) [static]

Definition at line 232 of file mcheck.c.

{
  struct hdr *hdr;
  __malloc_size_t slop;
  char *block;

  if (pedantic)
    mcheck_check_all ();

  slop = (sizeof *hdr + alignment - 1) & -alignment;

  __memalign_hook = old_memalign_hook;
  if (old_memalign_hook != NULL)
    block = (*old_memalign_hook) (alignment, slop + size + 1, caller);
  else
    block = memalign (alignment, slop + size + 1);
  __memalign_hook = memalignhook;
  if (block == NULL)
    return NULL;

  hdr = ((struct hdr *) (block + slop)) - 1;

  hdr->size = size;
  link_blk (hdr);
  hdr->block = (__ptr_t) block;
  hdr->magic2 = (uintptr_t) block ^ MAGICWORD;
  ((char *) &hdr[1])[size] = MAGICBYTE;
  flood ((__ptr_t) (hdr + 1), MALLOCFLOOD, size);
  return (__ptr_t) (hdr + 1);
}

Here is the call graph for this function:

Here is the caller graph for this function:

enum mcheck_status mprobe ( __ptr_t  ptr)

Definition at line 395 of file mcheck.c.

{
  return mcheck_used ? checkhdr (((struct hdr *) ptr) - 1) : MCHECK_DISABLED;
}

Here is the call graph for this function:

static __ptr_t reallochook ( __ptr_t  ptr,
__malloc_size_t  size,
const __ptr_t  caller 
) [static]

Definition at line 265 of file mcheck.c.

{
  if (size == 0)
    {
      freehook (ptr, caller);
      return NULL;
    }

  struct hdr *hdr;
  __malloc_size_t osize;

  if (pedantic)
    mcheck_check_all ();

  if (ptr)
    {
      hdr = ((struct hdr *) ptr) - 1;
      osize = hdr->size;

      checkhdr (hdr);
      unlink_blk (hdr);
      if (size < osize)
       flood ((char *) ptr + size, FREEFLOOD, osize - size);
    }
  else
    {
      osize = 0;
      hdr = NULL;
    }
  __free_hook = old_free_hook;
  __malloc_hook = old_malloc_hook;
  __memalign_hook = old_memalign_hook;
  __realloc_hook = old_realloc_hook;
  if (old_realloc_hook != NULL)
    hdr = (struct hdr *) (*old_realloc_hook) ((__ptr_t) hdr,
                                         sizeof (struct hdr) + size + 1,
                                         caller);
  else
    hdr = (struct hdr *) realloc ((__ptr_t) hdr,
                              sizeof (struct hdr) + size + 1);
  __free_hook = freehook;
  __malloc_hook = mallochook;
  __memalign_hook = memalignhook;
  __realloc_hook = reallochook;
  if (hdr == NULL)
    return NULL;

  hdr->size = size;
  link_blk (hdr);
  hdr->block = hdr;
  hdr->magic2 = (uintptr_t) hdr ^ MAGICWORD;
  ((char *) &hdr[1])[size] = MAGICBYTE;
  if (size > osize)
    flood ((char *) (hdr + 1) + osize, MALLOCFLOOD, size - osize);
  return (__ptr_t) (hdr + 1);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void unlink_blk ( struct hdr ptr) [static]

Definition at line 146 of file mcheck.c.

{
  if (ptr->next != NULL)
    {
      ptr->next->prev = ptr->prev;
      ptr->next->magic = MAGICWORD ^ ((uintptr_t) ptr->next->prev
                                  + (uintptr_t) ptr->next->next);
    }
  if (ptr->prev != NULL)
    {
      ptr->prev->next = ptr->next;
      ptr->prev->magic = MAGICWORD ^ ((uintptr_t) ptr->prev->prev
                                  + (uintptr_t) ptr->prev->next);
    }
  else
    root = ptr->next;
}

Here is the caller graph for this function:


Variable Documentation

void(* abortfunc)(enum mcheck_status) [static]

Definition at line 40 of file mcheck.c.

int mcheck_used [static]

Definition at line 63 of file mcheck.c.

void(* old_free_hook)(__ptr_t ptr, __const __ptr_t) [static]

Definition at line 31 of file mcheck.c.

Definition at line 32 of file mcheck.c.

Definition at line 33 of file mcheck.c.

Definition at line 36 of file mcheck.c.

int pedantic [static]

Definition at line 66 of file mcheck.c.

struct hdr* root [static]

Definition at line 61 of file mcheck.c.