|
From: <sv...@va...> - 2005-12-04 23:27:17
|
Author: sewardj
Date: 2005-12-04 23:27:14 +0000 (Sun, 04 Dec 2005)
New Revision: 5283
Log:
Defensive hacks to detect cases where V corrupts its own heap and/or
uses memory after freeing. Check the redzones for all non-client
frees, and fill all non-client freed areas with garbage. Unroll
VG_(memset) as a precautionary measure against performance lossage.
Modified:
trunk/coregrind/m_libcbase.c
trunk/coregrind/m_mallocfree.c
Modified: trunk/coregrind/m_libcbase.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- trunk/coregrind/m_libcbase.c 2005-12-04 21:55:24 UTC (rev 5282)
+++ trunk/coregrind/m_libcbase.c 2005-12-04 23:27:14 UTC (rev 5283)
@@ -372,10 +372,19 @@
void* VG_(memset) ( void *dest, Int c, SizeT sz )
{
Char *d =3D (Char *)dest;
-
- while (sz--)
- *d++ =3D c;
-
+ while (sz >=3D 4) {
+ d[0] =3D c;
+ d[1] =3D c;
+ d[2] =3D c;
+ d[3] =3D c;
+ d +=3D 4;
+ sz -=3D 4;
+ }
+ while (sz > 0) {
+ d[0] =3D c;
+ d++;
+ sz--;
+ }
return dest;
}
=20
Modified: trunk/coregrind/m_mallocfree.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- trunk/coregrind/m_mallocfree.c 2005-12-04 21:55:24 UTC (rev 5282)
+++ trunk/coregrind/m_mallocfree.c 2005-12-04 23:27:14 UTC (rev 5283)
@@ -1058,9 +1058,10 @@
=20
b =3D get_payload_block(a, ptr);
=20
-# ifdef DEBUG_MALLOC
- vg_assert(blockSane(a, b));
-# endif
+ /* If this is one of V's areas, check carefully the block we're
+ getting back. This picks up simple block-end overruns. */
+ if (aid !=3D VG_AR_CLIENT)
+ vg_assert(blockSane(a, b));
=20
b_bszB =3D get_bszB(b);
b_pszB =3D bszB_to_pszB(a, b_bszB);
@@ -1070,6 +1071,15 @@
=20
a->bytes_on_loan -=3D b_pszB;
=20
+ /* If this is one of V's areas, fill it up with junk to enhance the
+ chances of catching any later reads of it. Note, 0xDD is
+ carefully chosen junk :-), in that: (1) 0xDDDDDDDD is an invalid
+ and non-word-aligned address on most systems, and (2) 0xDD is a
+ value which is unlikely to be generated by the new compressed
+ Vbits representation for memcheck. */
+ if (aid !=3D VG_AR_CLIENT)
+ VG_(memset)(ptr, 0xDD, (SizeT)b_pszB);
+
// Put this chunk back on a list somewhere.
b_listno =3D pszB_to_listNo(b_pszB);
mkFreeBlock( a, b, b_bszB, b_listno );
|