1 #include "test/jemalloc_test.h" 2 3 #ifdef JEMALLOC_FILL 4 # ifndef JEMALLOC_TEST_JUNK_OPT 5 # define JEMALLOC_TEST_JUNK_OPT "junk:true" 6 # endif 7 const char *malloc_conf = 8 "abort:false,zero:false,redzone:true,quarantine:0," JEMALLOC_TEST_JUNK_OPT; 9 #endif 10 11 static arena_dalloc_junk_small_t *arena_dalloc_junk_small_orig; 12 static arena_dalloc_junk_large_t *arena_dalloc_junk_large_orig; 13 static huge_dalloc_junk_t *huge_dalloc_junk_orig; 14 static void *watch_for_junking; 15 static bool saw_junking; 16 17 static void 18 watch_junking(void *p) 19 { 20 21 watch_for_junking = p; 22 saw_junking = false; 23 } 24 25 static void 26 arena_dalloc_junk_small_intercept(void *ptr, arena_bin_info_t *bin_info) 27 { 28 size_t i; 29 30 arena_dalloc_junk_small_orig(ptr, bin_info); 31 for (i = 0; i < bin_info->reg_size; i++) { 32 assert_u_eq(((uint8_t *)ptr)[i], JEMALLOC_FREE_JUNK, 33 "Missing junk fill for byte %zu/%zu of deallocated region", 34 i, bin_info->reg_size); 35 } 36 if (ptr == watch_for_junking) 37 saw_junking = true; 38 } 39 40 static void 41 arena_dalloc_junk_large_intercept(void *ptr, size_t usize) 42 { 43 size_t i; 44 45 arena_dalloc_junk_large_orig(ptr, usize); 46 for (i = 0; i < usize; i++) { 47 assert_u_eq(((uint8_t *)ptr)[i], JEMALLOC_FREE_JUNK, 48 "Missing junk fill for byte %zu/%zu of deallocated region", 49 i, usize); 50 } 51 if (ptr == watch_for_junking) 52 saw_junking = true; 53 } 54 55 static void 56 huge_dalloc_junk_intercept(void *ptr, size_t usize) 57 { 58 59 huge_dalloc_junk_orig(ptr, usize); 60 /* 61 * The conditions under which junk filling actually occurs are nuanced 62 * enough that it doesn't make sense to duplicate the decision logic in 63 * test code, so don't actually check that the region is junk-filled. 64 */ 65 if (ptr == watch_for_junking) 66 saw_junking = true; 67 } 68 69 static void 70 test_junk(size_t sz_min, size_t sz_max) 71 { 72 uint8_t *s; 73 size_t sz_prev, sz, i; 74 75 if (opt_junk_free) { 76 arena_dalloc_junk_small_orig = arena_dalloc_junk_small; 77 arena_dalloc_junk_small = arena_dalloc_junk_small_intercept; 78 arena_dalloc_junk_large_orig = arena_dalloc_junk_large; 79 arena_dalloc_junk_large = arena_dalloc_junk_large_intercept; 80 huge_dalloc_junk_orig = huge_dalloc_junk; 81 huge_dalloc_junk = huge_dalloc_junk_intercept; 82 } 83 84 sz_prev = 0; 85 s = (uint8_t *)mallocx(sz_min, 0); 86 assert_ptr_not_null((void *)s, "Unexpected mallocx() failure"); 87 88 for (sz = sallocx(s, 0); sz <= sz_max; 89 sz_prev = sz, sz = sallocx(s, 0)) { 90 if (sz_prev > 0) { 91 assert_u_eq(s[0], 'a', 92 "Previously allocated byte %zu/%zu is corrupted", 93 ZU(0), sz_prev); 94 assert_u_eq(s[sz_prev-1], 'a', 95 "Previously allocated byte %zu/%zu is corrupted", 96 sz_prev-1, sz_prev); 97 } 98 99 for (i = sz_prev; i < sz; i++) { 100 if (opt_junk_alloc) { 101 assert_u_eq(s[i], JEMALLOC_ALLOC_JUNK, 102 "Newly allocated byte %zu/%zu isn't " 103 "junk-filled", i, sz); 104 } 105 s[i] = 'a'; 106 } 107 108 if (xallocx(s, sz+1, 0, 0) == sz) { 109 watch_junking(s); 110 s = (uint8_t *)rallocx(s, sz+1, 0); 111 assert_ptr_not_null((void *)s, 112 "Unexpected rallocx() failure"); 113 assert_true(!opt_junk_free || saw_junking, 114 "Expected region of size %zu to be junk-filled", 115 sz); 116 } 117 } 118 119 watch_junking(s); 120 dallocx(s, 0); 121 assert_true(!opt_junk_free || saw_junking, 122 "Expected region of size %zu to be junk-filled", sz); 123 124 if (opt_junk_free) { 125 arena_dalloc_junk_small = arena_dalloc_junk_small_orig; 126 arena_dalloc_junk_large = arena_dalloc_junk_large_orig; 127 huge_dalloc_junk = huge_dalloc_junk_orig; 128 } 129 } 130 131 TEST_BEGIN(test_junk_small) 132 { 133 134 test_skip_if(!config_fill); 135 test_junk(1, SMALL_MAXCLASS-1); 136 } 137 TEST_END 138 139 TEST_BEGIN(test_junk_large) 140 { 141 142 test_skip_if(!config_fill); 143 test_junk(SMALL_MAXCLASS+1, large_maxclass); 144 } 145 TEST_END 146 147 TEST_BEGIN(test_junk_huge) 148 { 149 150 test_skip_if(!config_fill); 151 test_junk(large_maxclass+1, chunksize*2); 152 } 153 TEST_END 154 155 arena_ralloc_junk_large_t *arena_ralloc_junk_large_orig; 156 static void *most_recently_trimmed; 157 158 static size_t 159 shrink_size(size_t size) 160 { 161 size_t shrink_size; 162 163 for (shrink_size = size - 1; nallocx(shrink_size, 0) == size; 164 shrink_size--) 165 ; /* Do nothing. */ 166 167 return (shrink_size); 168 } 169 170 static void 171 arena_ralloc_junk_large_intercept(void *ptr, size_t old_usize, size_t usize) 172 { 173 174 arena_ralloc_junk_large_orig(ptr, old_usize, usize); 175 assert_zu_eq(old_usize, large_maxclass, "Unexpected old_usize"); 176 assert_zu_eq(usize, shrink_size(large_maxclass), "Unexpected usize"); 177 most_recently_trimmed = ptr; 178 } 179 180 TEST_BEGIN(test_junk_large_ralloc_shrink) 181 { 182 void *p1, *p2; 183 184 p1 = mallocx(large_maxclass, 0); 185 assert_ptr_not_null(p1, "Unexpected mallocx() failure"); 186 187 arena_ralloc_junk_large_orig = arena_ralloc_junk_large; 188 arena_ralloc_junk_large = arena_ralloc_junk_large_intercept; 189 190 p2 = rallocx(p1, shrink_size(large_maxclass), 0); 191 assert_ptr_eq(p1, p2, "Unexpected move during shrink"); 192 193 arena_ralloc_junk_large = arena_ralloc_junk_large_orig; 194 195 assert_ptr_eq(most_recently_trimmed, p1, 196 "Expected trimmed portion of region to be junk-filled"); 197 } 198 TEST_END 199 200 static bool detected_redzone_corruption; 201 202 static void 203 arena_redzone_corruption_replacement(void *ptr, size_t usize, bool after, 204 size_t offset, uint8_t byte) 205 { 206 207 detected_redzone_corruption = true; 208 } 209 210 TEST_BEGIN(test_junk_redzone) 211 { 212 char *s; 213 arena_redzone_corruption_t *arena_redzone_corruption_orig; 214 215 test_skip_if(!config_fill); 216 test_skip_if(!opt_junk_alloc || !opt_junk_free); 217 218 arena_redzone_corruption_orig = arena_redzone_corruption; 219 arena_redzone_corruption = arena_redzone_corruption_replacement; 220 221 /* Test underflow. */ 222 detected_redzone_corruption = false; 223 s = (char *)mallocx(1, 0); 224 assert_ptr_not_null((void *)s, "Unexpected mallocx() failure"); 225 s[-1] = 0xbb; 226 dallocx(s, 0); 227 assert_true(detected_redzone_corruption, 228 "Did not detect redzone corruption"); 229 230 /* Test overflow. */ 231 detected_redzone_corruption = false; 232 s = (char *)mallocx(1, 0); 233 assert_ptr_not_null((void *)s, "Unexpected mallocx() failure"); 234 s[sallocx(s, 0)] = 0xbb; 235 dallocx(s, 0); 236 assert_true(detected_redzone_corruption, 237 "Did not detect redzone corruption"); 238 239 arena_redzone_corruption = arena_redzone_corruption_orig; 240 } 241 TEST_END 242 243 int 244 main(void) 245 { 246 247 return (test( 248 test_junk_small, 249 test_junk_large, 250 test_junk_huge, 251 test_junk_large_ralloc_shrink, 252 test_junk_redzone)); 253 } 254