add support for extra padding and backtraces

test/main-override-static.c

@@ -11,6 +11,7 @@ static void double_free1();
 static void double_free2();
 static void corrupt_free();
 static void block_overflow1();
+static void block_overflow2();
 static void invalid_free();
 static void test_aslr(void);
 static void test_process_info(void);
@@ -23,8 +24,9 @@ int main() {
   // detect double frees and heap corruption
   // double_free1();
   // double_free2();
-  // corrupt_free();
+  corrupt_free();
   // block_overflow1();
+  // block_overflow2();
   // test_aslr();
   // invalid_free();
   // test_reserved();
@@ -65,6 +67,15 @@ static void block_overflow1() {
   free(p);
 }
 
+#define OVF_SIZE 100
+
+static void block_overflow2() {
+  uint8_t* p = (uint8_t*)mi_malloc(30);
+  memset(p+30, 0, OVF_SIZE);
+  free(p);
+}
+
+
 // The double free samples come ArcHeap [1] by Insu Yun (issue #161)
 // [1]: https://arxiv.org/pdf/1903.00503.pdf
 
@@ -106,6 +117,7 @@ static void double_free2() {
 // Try to corrupt the heap through buffer overflow
 #define N   256
 #define SZ  64
+#define OVF_SZ 100
 
 static void corrupt_free() {
   void* p[N];
@@ -121,7 +133,7 @@ static void corrupt_free() {
   // try to corrupt the free list
   for (int i = 0; i < N; i++) {
     if (p[i] != NULL) {
-      memset(p[i], 0, SZ+8);
+      memset(p[i], 0, SZ+OVF_SZ);
     }
   }
   // allocate more.. trying to trigger an allocation from a corrupted entry
@@ -129,6 +141,11 @@ static void corrupt_free() {
   for (int i = 0; i < 4096; i++) {
     malloc(SZ);
   }
+  // free the rest
+  for (int i = 0; i < N; i++) {
+    free(p[i]);
+    p[i] = NULL;
+  }
 }
 
 static void test_aslr(void) {