1ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown#include <unistd.h>
2ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown#include "tests/sys_mman.h"
3ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown#include <assert.h>
4ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown#include <stdlib.h>
5ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
6ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown#include "../memcheck.h"
7ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
8ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown#define SUPERBLOCK_SIZE    100000
9ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
10ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown//-------------------------------------------------------------------------
11ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown// Allocator
12ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown//-------------------------------------------------------------------------
13ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
14ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownvoid* get_superblock(void)
15ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown{
16ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   void* p = mmap( 0, SUPERBLOCK_SIZE, PROT_READ|PROT_WRITE|PROT_EXEC,
17ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown                   MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 );
18ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
19ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   assert(p != ((void*)(-1)));
20ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
21ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   // Mark it no access;  although it's addressible we don't want the
22ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   // program to be using it unless its handed out by custom_alloc()
23ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
24ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   // with redzones, better not to have it
25ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   VALGRIND_MAKE_MEM_NOACCESS(p, SUPERBLOCK_SIZE);
26ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
27ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   return p;
28ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown}
29ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
30ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown// has a redzone
31ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownstatic void* custom_alloc(int size)
32ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown{
33ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown#define RZ  8
34ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   static void* hp     = 0;    // current heap pointer
35ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   static void* hp_lim = 0;    // maximum usable byte in current block
36ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   int          size2  = size + RZ*2;
37ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   void*        p;
38ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
39ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   if (hp + size2 > hp_lim) {
40ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      hp = get_superblock();
41ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      hp_lim = hp + SUPERBLOCK_SIZE - 1;
42ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   }
43ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
44ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   p = hp + RZ;
45ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   hp += size2;
46ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
47ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   VALGRIND_MALLOCLIKE_BLOCK( p, size, RZ, /*is_zeroed*/1 );
48ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   return (void*)p;
49ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown}
50ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
51ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownstatic void custom_free(void* p)
52ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown{
53ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   // don't actually free any memory... but mark it as freed
54ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   VALGRIND_FREELIKE_BLOCK( p, RZ );
55ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown}
56b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov
57ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
58ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
59ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
60ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown//-------------------------------------------------------------------------
61ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown// Rest
62ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown//-------------------------------------------------------------------------
63ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
64ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownvoid make_leak(void)
65ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown{
66b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov   int* array2 __attribute__((unused)) = custom_alloc(sizeof(int) * 10);
67ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   array2 = 0;          // leak
68ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   return;
69ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown}
70ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
71ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownint main(void)
72ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown{
73ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   int *array, *array3;
74ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   int x;
75ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
76ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   array = custom_alloc(sizeof(int) * 10);
77ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   array[8]  = 8;
78ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   array[9]  = 8;
79ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   array[10] = 10;      // invalid write (ok w/o MALLOCLIKE -- in superblock)
80ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
81b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov   VALGRIND_RESIZEINPLACE_BLOCK(array, sizeof(int) * 10, sizeof(int) * 5, RZ);
82b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov   array[4] = 7;
83b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov   array[5] = 9; // invalid write
84b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov
85b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov   // Make the entire array defined again such that it can be verified whether
86b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov   // the red zone is marked properly when resizing in place.
87b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov   VALGRIND_MAKE_MEM_DEFINED(array, sizeof(int) * 10);
88b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov
89b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov   VALGRIND_RESIZEINPLACE_BLOCK(array, sizeof(int) * 5, sizeof(int) * 7, RZ);
90b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov   if (array[5]) array[4]++; // uninitialized read of array[5]
91b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov   array[5]  = 11;
92b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov   array[6]  = 7;
93b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov   array[7] = 8; // invalid write
94b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov
95b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov   // invalid realloc
96b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov   VALGRIND_RESIZEINPLACE_BLOCK(array+1, sizeof(int) * 7, sizeof(int) * 8, RZ);
97b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov
98ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   custom_free(array);  // ok
99ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
100ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   custom_free((void*)0x1);  // invalid free
101ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
102ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   array3 = malloc(sizeof(int) * 10);
103ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   custom_free(array3); // mismatched free (ok without MALLOCLIKE)
104ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
105ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   make_leak();
106ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   x = array[0];        // use after free (ok without MALLOCLIKE/MAKE_MEM_NOACCESS)
107ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown                        // (nb: initialised because is_zeroed==1 above)
108ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown                        // unfortunately not identified as being in a free'd
109ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown                        // block because the freeing of the block and shadow
110ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown                        // chunk isn't postponed.
111ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
112ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   // Bug 137073: passing 0 to MALLOCLIKE_BLOCK was causing an assertion
113ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   // failure.  Test for this (and likewise for FREELIKE_BLOCK).
114ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   VALGRIND_MALLOCLIKE_BLOCK(0,0,0,0);
115ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   VALGRIND_FREELIKE_BLOCK(0,0);
116ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
117ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   return x;
118ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
119ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   // leak from make_leak()
120ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown}
121b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov
122b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov#undef RZ
123