1ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown#include <unistd.h>
2ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown#include "tests/sys_mman.h"
3ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown#include <assert.h>
4ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown#include <stdlib.h>
5ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
6ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown#include "../drd.h"
7ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
8ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown#define SUPERBLOCK_SIZE    100000
9ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
10ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown//-------------------------------------------------------------------------
11ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown// Allocator
12ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown//-------------------------------------------------------------------------
13ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
14ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownvoid* get_superblock(void)
15ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown{
16ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   void* p = mmap( 0, SUPERBLOCK_SIZE, PROT_READ|PROT_WRITE|PROT_EXEC,
17ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown                   MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 );
18ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
19ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   assert(p != ((void*)(-1)));
20ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
21ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   return p;
22ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown}
23ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
24ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown// has a redzone
25ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownstatic void* custom_alloc(int size)
26ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown{
27ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown#define RZ  8
28ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   static void* hp     = 0;    // current heap pointer
29ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   static void* hp_lim = 0;    // maximum usable byte in current block
30ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   int          size2  = size + RZ*2;
31ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   void*        p;
32ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
33ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   if (hp + size2 > hp_lim) {
34ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      hp = get_superblock();
35ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      hp_lim = hp + SUPERBLOCK_SIZE - 1;
36ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   }
37ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
38ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   p = hp + RZ;
39ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   hp += size2;
40ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
41ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   VALGRIND_MALLOCLIKE_BLOCK( p, size, RZ, /*is_zeroed*/1 );
42ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   return (void*)p;
43ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown}
44ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
45ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownstatic void custom_free(void* p)
46ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown{
47ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   // don't actually free any memory... but mark it as freed
48ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   VALGRIND_FREELIKE_BLOCK( p, RZ );
49ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown}
50ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown#undef RZ
51ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
52ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
53ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
54ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown//-------------------------------------------------------------------------
55ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown// Rest
56ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown//-------------------------------------------------------------------------
57ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
58ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownvoid make_leak(void)
59ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown{
60b32f58018498ea2225959b0ba11c18f0c433deefEvgeniy Stepanov   int* array2 __attribute__((unused)) = custom_alloc(sizeof(int) * 10);
61ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   array2 = 0;          // leak
62ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   return;
63ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown}
64ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
65ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownint main(void)
66ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown{
67ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   int* array;
68ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   int* array3;
69ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
70ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   array = custom_alloc(sizeof(int) * 10);
71ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   array[8]  = 8;
72ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   array[9]  = 8;
73ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   array[10] = 10;      // invalid write (ok w/o MALLOCLIKE -- in superblock)
74ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
75ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   custom_free(array);  // ok
76ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
77ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   custom_free(NULL);   // invalid free (ok without MALLOCLIKE)
78ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
79ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   array3 = malloc(sizeof(int) * 10);
80ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   custom_free(array3); // mismatched free (ok without MALLOCLIKE)
81ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
82ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   make_leak();
83ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   return array[0];     // use after free (ok without MALLOCLIKE)
84ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown                        // (nb: initialised because is_zeroed==1 above)
85ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown                        // unfortunately not identified as being in a free'd
86ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown                        // block because the freeing of the block and shadow
87ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown                        // chunk isn't postponed.
88ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
89ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   // leak from make_leak()
90ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown}
91