1 #include "test/jemalloc_test.h"
2
3 #ifdef JEMALLOC_FILL
4 # ifndef JEMALLOC_TEST_JUNK_OPT
5 # define JEMALLOC_TEST_JUNK_OPT "junk:true"
6 # endif
7 const char *malloc_conf =
8 "abort:false,zero:false,redzone:true,quarantine:0," JEMALLOC_TEST_JUNK_OPT;
9 #endif
10
11 static arena_dalloc_junk_small_t *arena_dalloc_junk_small_orig;
12 static arena_dalloc_junk_large_t *arena_dalloc_junk_large_orig;
13 static huge_dalloc_junk_t *huge_dalloc_junk_orig;
14 static void *watch_for_junking;
15 static bool saw_junking;
16
17 static void
watch_junking(void * p)18 watch_junking(void *p)
19 {
20
21 watch_for_junking = p;
22 saw_junking = false;
23 }
24
25 static void
arena_dalloc_junk_small_intercept(void * ptr,arena_bin_info_t * bin_info)26 arena_dalloc_junk_small_intercept(void *ptr, arena_bin_info_t *bin_info)
27 {
28 size_t i;
29
30 arena_dalloc_junk_small_orig(ptr, bin_info);
31 for (i = 0; i < bin_info->reg_size; i++) {
32 assert_c_eq(((char *)ptr)[i], 0x5a,
33 "Missing junk fill for byte %zu/%zu of deallocated region",
34 i, bin_info->reg_size);
35 }
36 if (ptr == watch_for_junking)
37 saw_junking = true;
38 }
39
40 static void
arena_dalloc_junk_large_intercept(void * ptr,size_t usize)41 arena_dalloc_junk_large_intercept(void *ptr, size_t usize)
42 {
43 size_t i;
44
45 arena_dalloc_junk_large_orig(ptr, usize);
46 for (i = 0; i < usize; i++) {
47 assert_c_eq(((char *)ptr)[i], 0x5a,
48 "Missing junk fill for byte %zu/%zu of deallocated region",
49 i, usize);
50 }
51 if (ptr == watch_for_junking)
52 saw_junking = true;
53 }
54
55 static void
huge_dalloc_junk_intercept(void * ptr,size_t usize)56 huge_dalloc_junk_intercept(void *ptr, size_t usize)
57 {
58
59 huge_dalloc_junk_orig(ptr, usize);
60 /*
61 * The conditions under which junk filling actually occurs are nuanced
62 * enough that it doesn't make sense to duplicate the decision logic in
63 * test code, so don't actually check that the region is junk-filled.
64 */
65 if (ptr == watch_for_junking)
66 saw_junking = true;
67 }
68
69 static void
test_junk(size_t sz_min,size_t sz_max)70 test_junk(size_t sz_min, size_t sz_max)
71 {
72 char *s;
73 size_t sz_prev, sz, i;
74
75 if (opt_junk_free) {
76 arena_dalloc_junk_small_orig = arena_dalloc_junk_small;
77 arena_dalloc_junk_small = arena_dalloc_junk_small_intercept;
78 arena_dalloc_junk_large_orig = arena_dalloc_junk_large;
79 arena_dalloc_junk_large = arena_dalloc_junk_large_intercept;
80 huge_dalloc_junk_orig = huge_dalloc_junk;
81 huge_dalloc_junk = huge_dalloc_junk_intercept;
82 }
83
84 sz_prev = 0;
85 s = (char *)mallocx(sz_min, 0);
86 assert_ptr_not_null((void *)s, "Unexpected mallocx() failure");
87
88 for (sz = sallocx(s, 0); sz <= sz_max;
89 sz_prev = sz, sz = sallocx(s, 0)) {
90 if (sz_prev > 0) {
91 assert_c_eq(s[0], 'a',
92 "Previously allocated byte %zu/%zu is corrupted",
93 ZU(0), sz_prev);
94 assert_c_eq(s[sz_prev-1], 'a',
95 "Previously allocated byte %zu/%zu is corrupted",
96 sz_prev-1, sz_prev);
97 }
98
99 for (i = sz_prev; i < sz; i++) {
100 if (opt_junk_alloc) {
101 assert_c_eq(s[i], 0xa5,
102 "Newly allocated byte %zu/%zu isn't "
103 "junk-filled", i, sz);
104 }
105 s[i] = 'a';
106 }
107
108 if (xallocx(s, sz+1, 0, 0) == sz) {
109 watch_junking(s);
110 s = (char *)rallocx(s, sz+1, 0);
111 assert_ptr_not_null((void *)s,
112 "Unexpected rallocx() failure");
113 assert_true(!opt_junk_free || saw_junking,
114 "Expected region of size %zu to be junk-filled",
115 sz);
116 }
117 }
118
119 watch_junking(s);
120 dallocx(s, 0);
121 assert_true(!opt_junk_free || saw_junking,
122 "Expected region of size %zu to be junk-filled", sz);
123
124 if (opt_junk_free) {
125 arena_dalloc_junk_small = arena_dalloc_junk_small_orig;
126 arena_dalloc_junk_large = arena_dalloc_junk_large_orig;
127 huge_dalloc_junk = huge_dalloc_junk_orig;
128 }
129 }
130
TEST_BEGIN(test_junk_small)131 TEST_BEGIN(test_junk_small)
132 {
133
134 test_skip_if(!config_fill);
135 test_junk(1, SMALL_MAXCLASS-1);
136 }
137 TEST_END
138
TEST_BEGIN(test_junk_large)139 TEST_BEGIN(test_junk_large)
140 {
141
142 test_skip_if(!config_fill);
143 test_junk(SMALL_MAXCLASS+1, large_maxclass);
144 }
145 TEST_END
146
TEST_BEGIN(test_junk_huge)147 TEST_BEGIN(test_junk_huge)
148 {
149
150 test_skip_if(!config_fill);
151 test_junk(large_maxclass+1, chunksize*2);
152 }
153 TEST_END
154
155 arena_ralloc_junk_large_t *arena_ralloc_junk_large_orig;
156 static void *most_recently_trimmed;
157
158 static size_t
shrink_size(size_t size)159 shrink_size(size_t size)
160 {
161 size_t shrink_size;
162
163 for (shrink_size = size - 1; nallocx(shrink_size, 0) == size;
164 shrink_size--)
165 ; /* Do nothing. */
166
167 return (shrink_size);
168 }
169
170 static void
arena_ralloc_junk_large_intercept(void * ptr,size_t old_usize,size_t usize)171 arena_ralloc_junk_large_intercept(void *ptr, size_t old_usize, size_t usize)
172 {
173
174 arena_ralloc_junk_large_orig(ptr, old_usize, usize);
175 assert_zu_eq(old_usize, large_maxclass, "Unexpected old_usize");
176 assert_zu_eq(usize, shrink_size(large_maxclass), "Unexpected usize");
177 most_recently_trimmed = ptr;
178 }
179
TEST_BEGIN(test_junk_large_ralloc_shrink)180 TEST_BEGIN(test_junk_large_ralloc_shrink)
181 {
182 void *p1, *p2;
183
184 p1 = mallocx(large_maxclass, 0);
185 assert_ptr_not_null(p1, "Unexpected mallocx() failure");
186
187 arena_ralloc_junk_large_orig = arena_ralloc_junk_large;
188 arena_ralloc_junk_large = arena_ralloc_junk_large_intercept;
189
190 p2 = rallocx(p1, shrink_size(large_maxclass), 0);
191 assert_ptr_eq(p1, p2, "Unexpected move during shrink");
192
193 arena_ralloc_junk_large = arena_ralloc_junk_large_orig;
194
195 assert_ptr_eq(most_recently_trimmed, p1,
196 "Expected trimmed portion of region to be junk-filled");
197 }
198 TEST_END
199
200 static bool detected_redzone_corruption;
201
202 static void
arena_redzone_corruption_replacement(void * ptr,size_t usize,bool after,size_t offset,uint8_t byte)203 arena_redzone_corruption_replacement(void *ptr, size_t usize, bool after,
204 size_t offset, uint8_t byte)
205 {
206
207 detected_redzone_corruption = true;
208 }
209
TEST_BEGIN(test_junk_redzone)210 TEST_BEGIN(test_junk_redzone)
211 {
212 char *s;
213 arena_redzone_corruption_t *arena_redzone_corruption_orig;
214
215 test_skip_if(!config_fill);
216 test_skip_if(!opt_junk_alloc || !opt_junk_free);
217
218 arena_redzone_corruption_orig = arena_redzone_corruption;
219 arena_redzone_corruption = arena_redzone_corruption_replacement;
220
221 /* Test underflow. */
222 detected_redzone_corruption = false;
223 s = (char *)mallocx(1, 0);
224 assert_ptr_not_null((void *)s, "Unexpected mallocx() failure");
225 s[-1] = 0xbb;
226 dallocx(s, 0);
227 assert_true(detected_redzone_corruption,
228 "Did not detect redzone corruption");
229
230 /* Test overflow. */
231 detected_redzone_corruption = false;
232 s = (char *)mallocx(1, 0);
233 assert_ptr_not_null((void *)s, "Unexpected mallocx() failure");
234 s[sallocx(s, 0)] = 0xbb;
235 dallocx(s, 0);
236 assert_true(detected_redzone_corruption,
237 "Did not detect redzone corruption");
238
239 arena_redzone_corruption = arena_redzone_corruption_orig;
240 }
241 TEST_END
242
243 int
main(void)244 main(void)
245 {
246
247 assert(!config_fill || opt_junk_alloc || opt_junk_free);
248 return (test(
249 test_junk_small,
250 test_junk_large,
251 test_junk_huge,
252 test_junk_large_ralloc_shrink,
253 test_junk_redzone));
254 }
255