2 #include "tests/sys_mman.h"
6 #include "../memcheck.h"
8 #define SUPERBLOCK_SIZE 100000
10 //-------------------------------------------------------------------------
12 //-------------------------------------------------------------------------
14 void* get_superblock(void)
16 void* p = mmap( 0, SUPERBLOCK_SIZE, PROT_READ|PROT_WRITE|PROT_EXEC,
17 MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 );
19 assert(p != ((void*)(-1)));
21 // Mark it no access; although it's addressible we don't want the
22 // program to be using it unless its handed out by custom_alloc()
24 // with redzones, better not to have it
25 VALGRIND_MAKE_MEM_NOACCESS(p, SUPERBLOCK_SIZE);
31 static void* custom_alloc(int size)
34 static void* hp = 0; // current heap pointer
35 static void* hp_lim = 0; // maximum usable byte in current block
36 int size2 = size + RZ*2;
39 if (hp + size2 > hp_lim) {
40 hp = get_superblock();
41 hp_lim = hp + SUPERBLOCK_SIZE - 1;
47 VALGRIND_MALLOCLIKE_BLOCK( p, size, RZ, /*is_zeroed*/1 );
51 static void custom_free(void* p)
53 // don't actually free any memory... but mark it as freed
54 VALGRIND_FREELIKE_BLOCK( p, RZ );
60 //-------------------------------------------------------------------------
62 //-------------------------------------------------------------------------
66 int* array2 __attribute__((unused)) = custom_alloc(sizeof(int) * 10);
76 array = custom_alloc(sizeof(int) * 10);
79 array[10] = 10; // invalid write (ok w/o MALLOCLIKE -- in superblock)
81 VALGRIND_RESIZEINPLACE_BLOCK(array, sizeof(int) * 10, sizeof(int) * 5, RZ);
83 array[5] = 9; // invalid write
85 // Make the entire array defined again such that it can be verified whether
86 // the red zone is marked properly when resizing in place.
87 VALGRIND_MAKE_MEM_DEFINED(array, sizeof(int) * 10);
89 VALGRIND_RESIZEINPLACE_BLOCK(array, sizeof(int) * 5, sizeof(int) * 7, RZ);
90 if (array[5]) array[4]++; // uninitialized read of array[5]
93 array[7] = 8; // invalid write
96 VALGRIND_RESIZEINPLACE_BLOCK(array+1, sizeof(int) * 7, sizeof(int) * 8, RZ);
98 custom_free(array); // ok
100 custom_free((void*)0x1); // invalid free
102 array3 = malloc(sizeof(int) * 10);
103 custom_free(array3); // mismatched free (ok without MALLOCLIKE)
106 x = array[0]; // use after free (ok without MALLOCLIKE/MAKE_MEM_NOACCESS)
107 // (nb: initialised because is_zeroed==1 above)
108 // unfortunately not identified as being in a free'd
109 // block because the freeing of the block and shadow
110 // chunk isn't postponed.
112 // Bug 137073: passing 0 to MALLOCLIKE_BLOCK was causing an assertion
113 // failure. Test for this (and likewise for FREELIKE_BLOCK).
114 VALGRIND_MALLOCLIKE_BLOCK(0,0,0,0);
115 VALGRIND_FREELIKE_BLOCK(0,0);
119 // leak from make_leak()