Eagerly detect double free and sized dealloc bugs for large sizes.
This commit is contained in:
Qi Wang
Qi Wang
56
test/unit/double_free.c
Normal file
56
test/unit/double_free.c
Normal file
@@ -0,0 +1,56 @@
|
||||
#include "test/jemalloc_test.h"
|
||||
|
||||
#include "jemalloc/internal/safety_check.h"
|
||||
|
||||
bool fake_abort_called;
|
||||
void fake_abort(const char *message) {
|
||||
(void)message;
|
||||
fake_abort_called = true;
|
||||
}
|
||||
|
||||
void
|
||||
test_large_double_free_pre(void) {
|
||||
safety_check_set_abort(&fake_abort);
|
||||
fake_abort_called = false;
|
||||
}
|
||||
|
||||
void
|
||||
test_large_double_free_post() {
|
||||
expect_b_eq(fake_abort_called, true, "Double-free check didn't fire.");
|
||||
safety_check_set_abort(NULL);
|
||||
}
|
||||
|
||||
TEST_BEGIN(test_large_double_free_tcache) {
|
||||
test_skip_if(!config_opt_safety_checks);
|
||||
/*
|
||||
* Skip debug builds, since too many assertions will be triggered with
|
||||
* double-free before hitting the one we are interested in.
|
||||
*/
|
||||
test_skip_if(config_debug);
|
||||
|
||||
test_large_double_free_pre();
|
||||
char *ptr = malloc(SC_LARGE_MINCLASS);
|
||||
free(ptr);
|
||||
free(ptr);
|
||||
mallctl("thread.tcache.flush", NULL, NULL, NULL, 0);
|
||||
test_large_double_free_post();
|
||||
}
|
||||
TEST_END
|
||||
|
||||
TEST_BEGIN(test_large_double_free_no_tcache) {
|
||||
test_skip_if(!config_opt_safety_checks);
|
||||
test_skip_if(config_debug);
|
||||
|
||||
test_large_double_free_pre();
|
||||
char *ptr = mallocx(SC_LARGE_MINCLASS, MALLOCX_TCACHE_NONE);
|
||||
dallocx(ptr, MALLOCX_TCACHE_NONE);
|
||||
dallocx(ptr, MALLOCX_TCACHE_NONE);
|
||||
test_large_double_free_post();
|
||||
}
|
||||
TEST_END
|
||||
|
||||
int
|
||||
main(void) {
|
||||
return test(test_large_double_free_no_tcache,
|
||||
test_large_double_free_tcache);
|
||||
}
|
||||
1
test/unit/double_free.h
Normal file
1
test/unit/double_free.h
Normal file
@@ -0,0 +1 @@
|
||||
|
||||
@@ -8,48 +8,65 @@ void fake_abort(const char *message) {
|
||||
fake_abort_called = true;
|
||||
}
|
||||
|
||||
#define SIZE1 SC_SMALL_MAXCLASS
|
||||
#define SIZE2 (SC_SMALL_MAXCLASS / 2)
|
||||
#define SMALL_SIZE1 SC_SMALL_MAXCLASS
|
||||
#define SMALL_SIZE2 (SC_SMALL_MAXCLASS / 2)
|
||||
|
||||
TEST_BEGIN(test_invalid_size_sdallocx) {
|
||||
test_skip_if(!config_opt_size_checks);
|
||||
#define LARGE_SIZE1 SC_LARGE_MINCLASS
|
||||
#define LARGE_SIZE2 (LARGE_SIZE1 * 2)
|
||||
|
||||
void *
|
||||
test_invalid_size_pre(size_t sz) {
|
||||
safety_check_set_abort(&fake_abort);
|
||||
|
||||
fake_abort_called = false;
|
||||
void *ptr = malloc(SIZE1);
|
||||
void *ptr = malloc(sz);
|
||||
assert_ptr_not_null(ptr, "Unexpected failure");
|
||||
sdallocx(ptr, SIZE2, 0);
|
||||
expect_true(fake_abort_called, "Safety check didn't fire");
|
||||
|
||||
return ptr;
|
||||
}
|
||||
|
||||
void
|
||||
test_invalid_size_post(void) {
|
||||
expect_true(fake_abort_called, "Safety check didn't fire");
|
||||
safety_check_set_abort(NULL);
|
||||
}
|
||||
|
||||
TEST_BEGIN(test_invalid_size_sdallocx) {
|
||||
test_skip_if(!config_opt_size_checks);
|
||||
|
||||
void *ptr = test_invalid_size_pre(SMALL_SIZE1);
|
||||
sdallocx(ptr, SMALL_SIZE2, 0);
|
||||
test_invalid_size_post();
|
||||
|
||||
ptr = test_invalid_size_pre(LARGE_SIZE1);
|
||||
sdallocx(ptr, LARGE_SIZE2, 0);
|
||||
test_invalid_size_post();
|
||||
}
|
||||
TEST_END
|
||||
|
||||
TEST_BEGIN(test_invalid_size_sdallocx_nonzero_flag) {
|
||||
test_skip_if(!config_opt_size_checks);
|
||||
safety_check_set_abort(&fake_abort);
|
||||
|
||||
fake_abort_called = false;
|
||||
void *ptr = malloc(SIZE1);
|
||||
assert_ptr_not_null(ptr, "Unexpected failure");
|
||||
sdallocx(ptr, SIZE2, MALLOCX_TCACHE_NONE);
|
||||
expect_true(fake_abort_called, "Safety check didn't fire");
|
||||
void *ptr = test_invalid_size_pre(SMALL_SIZE1);
|
||||
sdallocx(ptr, SMALL_SIZE2, MALLOCX_TCACHE_NONE);
|
||||
test_invalid_size_post();
|
||||
|
||||
safety_check_set_abort(NULL);
|
||||
ptr = test_invalid_size_pre(LARGE_SIZE1);
|
||||
sdallocx(ptr, LARGE_SIZE2, MALLOCX_TCACHE_NONE);
|
||||
test_invalid_size_post();
|
||||
}
|
||||
TEST_END
|
||||
|
||||
TEST_BEGIN(test_invalid_size_sdallocx_noflags) {
|
||||
test_skip_if(!config_opt_size_checks);
|
||||
safety_check_set_abort(&fake_abort);
|
||||
|
||||
fake_abort_called = false;
|
||||
void *ptr = malloc(SIZE1);
|
||||
assert_ptr_not_null(ptr, "Unexpected failure");
|
||||
je_sdallocx_noflags(ptr, SIZE2);
|
||||
expect_true(fake_abort_called, "Safety check didn't fire");
|
||||
void *ptr = test_invalid_size_pre(SMALL_SIZE1);
|
||||
je_sdallocx_noflags(ptr, SMALL_SIZE2);
|
||||
test_invalid_size_post();
|
||||
|
||||
safety_check_set_abort(NULL);
|
||||
ptr = test_invalid_size_pre(LARGE_SIZE1);
|
||||
je_sdallocx_noflags(ptr, LARGE_SIZE2);
|
||||
test_invalid_size_post();
|
||||
}
|
||||
TEST_END
|
||||
|
||||
|
||||
Reference in New Issue
Block a user