From 083392fa158e625d1e4e2bc9c7e4293a06fe2a9c Mon Sep 17 00:00:00 2001 From: daan Date: Mon, 6 Apr 2020 13:42:39 -0700 Subject: [PATCH] add padding check in usable size --- src/alloc.c | 3 ++- test/main-override-static.c | 14 +++++++------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/src/alloc.c b/src/alloc.c index bcd94673..62445040 100644 --- a/src/alloc.c +++ b/src/alloc.c @@ -213,7 +213,8 @@ static bool mi_page_decode_padding(const mi_page_t* page, const mi_block_t* bloc static size_t mi_page_usable_size_of(const mi_page_t* page, const mi_block_t* block) { size_t bsize; size_t delta; - bool ok = mi_page_decode_padding(page, block, &delta, &bsize); + bool ok = mi_page_decode_padding(page, block, &delta, &bsize); + if (!ok) { mi_check_padding(page, block); } mi_assert_internal(ok); mi_assert_internal(delta <= bsize); return (ok ? bsize - delta : 0); } diff --git a/test/main-override-static.c b/test/main-override-static.c index c7c10ddc..ecf61468 100644 --- a/test/main-override-static.c +++ b/test/main-override-static.c @@ -17,9 +17,9 @@ int main() { mi_version(); // detect double frees and heap corruption - double_free1(); - double_free2(); - corrupt_free(); + // double_free1(); + // double_free2(); + // corrupt_free(); block_overflow1(); // dangling_ptr_write(); @@ -98,8 +98,8 @@ static void double_free2() { // Try to corrupt the heap through buffer overflow -#define N 256 -#define SZ 64 +#define N 1024 +#define SZ 40 static void corrupt_free() { void* p[N]; @@ -115,12 +115,12 @@ static void corrupt_free() { // try to corrupt the free list for (int i = 0; i < N; i++) { if (p[i] != NULL) { - memset(p[i], 0, SZ+8); + memset(p[i], 0, SZ+32); } } // allocate more.. trying to trigger an allocation from a corrupted entry // this may need many allocations to get there (if at all) - for (int i = 0; i < 4096; i++) { + for (int i = 0; i < 4*4096; i++) { malloc(SZ); } }