diff --git a/include/jemalloc/internal/arena_inlines_b.h b/include/jemalloc/internal/arena_inlines_b.h index 5df8e858..5410b160 100644 --- a/include/jemalloc/internal/arena_inlines_b.h +++ b/include/jemalloc/internal/arena_inlines_b.h @@ -228,9 +228,10 @@ large_dalloc_safety_checks(edata_t *edata, void *ptr, szind_t szind) { (uintptr_t)edata_addr_get(edata)); return true; } - if (unlikely(sz_index2size(szind) != edata_usize_get(edata))) { - safety_check_fail_sized_dealloc(/* current_dealloc */ true, - ptr); + size_t input_size = sz_index2size(szind); + if (unlikely(input_size != edata_usize_get(edata))) { + safety_check_fail_sized_dealloc(/* current_dealloc */ true, ptr, + /* true_size */ edata_usize_get(edata), input_size); return true; } diff --git a/include/jemalloc/internal/safety_check.h b/include/jemalloc/internal/safety_check.h index b27ac088..f10c68e4 100644 --- a/include/jemalloc/internal/safety_check.h +++ b/include/jemalloc/internal/safety_check.h @@ -1,7 +1,8 @@ #ifndef JEMALLOC_INTERNAL_SAFETY_CHECK_H #define JEMALLOC_INTERNAL_SAFETY_CHECK_H -void safety_check_fail_sized_dealloc(bool current_dealloc, const void *ptr); +void safety_check_fail_sized_dealloc(bool current_dealloc, const void *ptr, + size_t true_size, size_t input_size); void safety_check_fail(const char *format, ...); /* Can set to NULL for a default. */ void safety_check_set_abort(void (*abort_fn)(const char *)); diff --git a/src/jemalloc.c b/src/jemalloc.c index 9d038806..3bccac95 100644 --- a/src/jemalloc.c +++ b/src/jemalloc.c @@ -2751,7 +2751,9 @@ maybe_check_alloc_ctx(tsd_t *tsd, void *ptr, emap_alloc_ctx_t *alloc_ctx) { &dbg_ctx); if (alloc_ctx->szind != dbg_ctx.szind) { safety_check_fail_sized_dealloc( - /* current_dealloc */ true, ptr); + /* current_dealloc */ true, ptr, + /* true_size */ sz_size2index(dbg_ctx.szind), + /* input_size */ sz_size2index(alloc_ctx->szind)); return true; } if (alloc_ctx->slab != dbg_ctx.slab) { @@ -2800,9 +2802,13 @@ isfree(tsd_t *tsd, void *ptr, size_t usize, tcache_t *tcache, bool slow_path) { if (config_opt_safety_checks) { /* Small alloc may have !slab (sampled). */ - if (alloc_ctx.szind != sz_size2index(usize)) { - safety_check_fail_sized_dealloc(true, - ptr); + if (unlikely(alloc_ctx.szind != + sz_size2index(usize))) { + safety_check_fail_sized_dealloc( + /* current_dealloc */ true, ptr, + /* true_size */ sz_index2size( + alloc_ctx.szind), + /* input_size */ usize); } } } else { diff --git a/src/safety_check.c b/src/safety_check.c index 0dff9348..9747afef 100644 --- a/src/safety_check.c +++ b/src/safety_check.c @@ -3,14 +3,16 @@ static void (*safety_check_abort)(const char *message); -void safety_check_fail_sized_dealloc(bool current_dealloc, const void *ptr) { +void safety_check_fail_sized_dealloc(bool current_dealloc, const void *ptr, + size_t true_size, size_t input_size) { char *src = current_dealloc ? "the current pointer being freed" : "in thread cache, possibly from previous deallocations"; - safety_check_fail(": size mismatch detected, likely caused by" - " application sized deallocation bugs (source address: %p, %s). " - "Suggest building with --enable-debug or address sanitizer for " - "debugging. Abort.\n", ptr, src); + safety_check_fail(": size mismatch detected (true size %zu " + "vs input size %zu), likely caused by application sized " + "dealloction bugs (source address: %p, %s). Suggest building with " + "--enable-debug or address sanitizer for debugging. Abort.\n", + true_size, input_size, ptr, src); } void safety_check_set_abort(void (*abort_fn)(const char *)) { diff --git a/src/tcache.c b/src/tcache.c index 3489e724..39a4ea6e 100644 --- a/src/tcache.c +++ b/src/tcache.c @@ -255,10 +255,14 @@ tcache_bin_flush_size_check_fail(cache_bin_ptr_array_t *arr, szind_t szind, size_t nptrs, emap_batch_lookup_result_t *edatas) { bool found_mismatch = false; for (size_t i = 0; i < nptrs; i++) { - if (edata_szind_get(edatas[i].edata) != szind) { + szind_t true_szind = edata_szind_get(edatas[i].edata); + if (true_szind != szind) { found_mismatch = true; - safety_check_fail_sized_dealloc(false, - tcache_bin_flush_ptr_getter(arr, i)); + safety_check_fail_sized_dealloc( + /* current_dealloc */ false, + /* ptr */ tcache_bin_flush_ptr_getter(arr, i), + /* true_size */ sz_index2size(true_szind), + /* input_size */ sz_index2size(szind)); } } assert(found_mismatch);