mirror of
https://github.com/servalproject/serval-dna.git
synced 2024-12-18 20:57:56 +00:00
Fixed some bounds checking, and added some fairly rigorous memory
handling debug aids. No known memory corruption bugs remain, I think.
This commit is contained in:
parent
13d1d3084e
commit
2b42f77ccf
@ -80,7 +80,7 @@ int ob_makespace(overlay_buffer *b,int bytes)
|
||||
}
|
||||
}
|
||||
|
||||
if (0)
|
||||
if (1)
|
||||
printf("ob_makespace(%p,%d)\n b->bytes=%p,b->length=%d,b->allocSize=%d\n",
|
||||
b,bytes,b->bytes,b->length,b->allocSize);
|
||||
|
||||
@ -97,11 +97,33 @@ int ob_makespace(overlay_buffer *b,int bytes)
|
||||
}
|
||||
if (1) printf(" realloc(b->bytes=%p,newSize=%d)\n",
|
||||
b->bytes,newSize);
|
||||
#warning useless malloc() call to make sure that heap corruption check runs before we do any real work
|
||||
void *p=malloc(1);
|
||||
unsigned char *r=realloc(b->bytes,newSize);
|
||||
if (!r) return WHY("realloc() failed");
|
||||
b->bytes=r;
|
||||
/* XXX OSX realloc() seems to be able to corrupt things if the heap is not happy when calling realloc().
|
||||
So will do a three-stage malloc,bcopy,free to see if we can tease the bug out that way. */
|
||||
/*
|
||||
unsigned char *r=realloc(b->bytes,newSize);
|
||||
if (!r) return WHY("realloc() failed");
|
||||
b->bytes=r;
|
||||
*/
|
||||
#warning adding lots of padding to try to catch overruns
|
||||
if (b->bytes) {
|
||||
int i;
|
||||
int corrupt=0;
|
||||
for(i=0;i<4096;i++) if (b->bytes[b->allocSize+i]!=0xbd) corrupt++;
|
||||
if (corrupt) {
|
||||
printf("!!!!!! %d corrupted bytes in overrun catch tray\n",corrupt);
|
||||
dump("overrun catch tray",&b->bytes[b->allocSize],4096);
|
||||
sleep(3600);
|
||||
}
|
||||
}
|
||||
unsigned char *new=malloc(newSize+4096);
|
||||
if (!new) return WHY("realloc() failed");
|
||||
{
|
||||
int i;
|
||||
for(i=0;i<4096;i++) new[newSize+i]=0xbd;
|
||||
}
|
||||
bcopy(b->bytes,new,b->length);
|
||||
if (b->bytes) free(b->bytes);
|
||||
b->bytes=new;
|
||||
b->allocSize=newSize;
|
||||
return 0;
|
||||
}
|
||||
@ -111,10 +133,12 @@ int ob_makespace(overlay_buffer *b,int bytes)
|
||||
|
||||
int ob_setbyte(overlay_buffer *b,int ofs,unsigned char value)
|
||||
{
|
||||
if (ofs<0||ofs>b->allocSize) {
|
||||
if (ofs<0||ofs>=b->allocSize) {
|
||||
fprintf(stderr,"ERROR: Asked to set byte %d in overlay buffer %p, which has only %d allocated bytes.\n",
|
||||
ofs,b,b->allocSize);
|
||||
exit(-1);
|
||||
#warning temporary debug
|
||||
sleep(3600);
|
||||
return -1;
|
||||
}
|
||||
b->bytes[ofs]=value;
|
||||
return 0;
|
||||
@ -287,3 +311,27 @@ int ob_dump(overlay_buffer *b,char *desc)
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
#undef malloc
|
||||
#undef calloc
|
||||
#undef free
|
||||
|
||||
void *_serval_debug_malloc(unsigned int bytes,char *file,const char *func,int line)
|
||||
{
|
||||
void *r=malloc(bytes);
|
||||
fprintf(stderr,"%s:%d:%s(): malloc(%d) -> %p\n",file,line,func,bytes,r);
|
||||
return r;
|
||||
}
|
||||
|
||||
void *_serval_debug_calloc(unsigned int bytes,unsigned int count,char *file,const char *func,int line)
|
||||
{
|
||||
void *r=calloc(bytes,count);
|
||||
fprintf(stderr,"%s:%d:%s(): calloc(%d,%d) -> %p\n",file,line,func,bytes,count,r);
|
||||
return r;
|
||||
}
|
||||
|
||||
void _serval_debug_free(void *p,char *file,const char *func,int line)
|
||||
{
|
||||
free(p);
|
||||
fprintf(stderr,"%s:%d:%s(): free(%p)\n",file,line,func,p);
|
||||
}
|
||||
|
@ -73,9 +73,6 @@ int bundles_available=-1;
|
||||
int bundle_offset[2]={0,0};
|
||||
int overlay_rhizome_add_advertisements(int interface_number,overlay_buffer *e)
|
||||
{
|
||||
#warning Mac-specific debug thing here
|
||||
setenv("MallocScribble","1",1);
|
||||
|
||||
int pass;
|
||||
int bytes=e->sizeLimit-e->length;
|
||||
int overhead=1+8+1+3+1+1+1; /* maximum overhead */
|
||||
@ -195,9 +192,11 @@ int overlay_rhizome_add_advertisements(int interface_number,overlay_buffer *e)
|
||||
int overhead=0;
|
||||
int frameFull=0;
|
||||
if (!pass) overhead=2;
|
||||
printf("e=%p, e->bytes=%p,e->length=%d\n",e,e->bytes,e->length);
|
||||
printf("e=%p, e->bytes=%p,e->length=%d, e->allocSize=%d\n",
|
||||
e,e->bytes,e->length,e->allocSize);
|
||||
|
||||
if (ob_makespace(e,overhead+blob_bytes)) {
|
||||
|
||||
if (ob_makespace(e,overhead+2+blob_bytes)) {
|
||||
if (debug&DEBUG_RHIZOME)
|
||||
fprintf(stderr,"Stopped cramming %s into Rhizome advertisement frame.\n",
|
||||
pass?"BARs":"manifests");
|
||||
@ -205,6 +204,8 @@ int overlay_rhizome_add_advertisements(int interface_number,overlay_buffer *e)
|
||||
}
|
||||
if (!pass) {
|
||||
/* put manifest length field and manifest ID */
|
||||
/* XXX why on earth is this being done this way, instead of
|
||||
with ob_append_byte() ??? */
|
||||
ob_setbyte(e,e->length,(blob_bytes>>8)&0xff);
|
||||
ob_setbyte(e,e->length+1,(blob_bytes>>0)&0xff);
|
||||
if (debug&DEBUG_RHIZOME)
|
||||
@ -213,6 +214,11 @@ int overlay_rhizome_add_advertisements(int interface_number,overlay_buffer *e)
|
||||
if (frameFull) {
|
||||
goto stopStuffing;
|
||||
}
|
||||
if (e->length+overhead+blob_bytes>=e->allocSize) {
|
||||
WHY("Reading blob will overflow overlay_buffer");
|
||||
#warning temporary debug measure
|
||||
sleep(3600);
|
||||
}
|
||||
if (sqlite3_blob_read(blob,&e->bytes[e->length+overhead],blob_bytes,0)
|
||||
!=SQLITE_OK) {
|
||||
if (!pass) {
|
||||
|
10
serval.h
10
serval.h
@ -1052,3 +1052,13 @@ extern int mdp_client_socket;
|
||||
|
||||
int ob_bcopy(overlay_buffer *b,int from, int to, int len);
|
||||
int ob_setbyte(overlay_buffer *b,int ofs,unsigned char value);
|
||||
|
||||
#define malloc(X) _serval_debug_malloc(X,__FILE__,__FUNCTION__,__LINE__)
|
||||
#define calloc(X,Y) _serval_debug_calloc(X,Y,__FILE__,__FUNCTION__,__LINE__)
|
||||
#define free(X) _serval_debug_free(X,__FILE__,__FUNCTION__,__LINE__)
|
||||
|
||||
void *_serval_debug_malloc(unsigned int bytes,char *file,const char *func,int line);
|
||||
void *_serval_debug_calloc(unsigned int bytes,unsigned int count,char *file,const char *func,int line);
|
||||
void _serval_debug_free(void *p,char *file,const char *func,int line);
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user