1*08b48e0bSAndroid Build Coastguard Worker /*
2*08b48e0bSAndroid Build Coastguard Worker american fuzzy lop++ - error-checking, memory-zeroing alloc routines
3*08b48e0bSAndroid Build Coastguard Worker --------------------------------------------------------------------
4*08b48e0bSAndroid Build Coastguard Worker
5*08b48e0bSAndroid Build Coastguard Worker Originally written by Michal Zalewski
6*08b48e0bSAndroid Build Coastguard Worker
7*08b48e0bSAndroid Build Coastguard Worker Now maintained by Marc Heuse <[email protected]>,
8*08b48e0bSAndroid Build Coastguard Worker Heiko Eißfeldt <[email protected]>,
9*08b48e0bSAndroid Build Coastguard Worker Andrea Fioraldi <[email protected]>,
10*08b48e0bSAndroid Build Coastguard Worker Dominik Maier <[email protected]>
11*08b48e0bSAndroid Build Coastguard Worker
12*08b48e0bSAndroid Build Coastguard Worker Copyright 2016, 2017 Google Inc. All rights reserved.
13*08b48e0bSAndroid Build Coastguard Worker Copyright 2019-2024 AFLplusplus Project. All rights reserved.
14*08b48e0bSAndroid Build Coastguard Worker
15*08b48e0bSAndroid Build Coastguard Worker Licensed under the Apache License, Version 2.0 (the "License");
16*08b48e0bSAndroid Build Coastguard Worker you may not use this file except in compliance with the License.
17*08b48e0bSAndroid Build Coastguard Worker You may obtain a copy of the License at:
18*08b48e0bSAndroid Build Coastguard Worker
19*08b48e0bSAndroid Build Coastguard Worker https://www.apache.org/licenses/LICENSE-2.0
20*08b48e0bSAndroid Build Coastguard Worker
21*08b48e0bSAndroid Build Coastguard Worker This allocator is not designed to resist malicious attackers (the canaries
22*08b48e0bSAndroid Build Coastguard Worker are small and predictable), but provides a robust and portable way to detect
23*08b48e0bSAndroid Build Coastguard Worker use-after-free, off-by-one writes, stale pointers, and so on.
24*08b48e0bSAndroid Build Coastguard Worker
25*08b48e0bSAndroid Build Coastguard Worker */
26*08b48e0bSAndroid Build Coastguard Worker
27*08b48e0bSAndroid Build Coastguard Worker #ifndef _HAVE_ALLOC_INL_H
28*08b48e0bSAndroid Build Coastguard Worker #define _HAVE_ALLOC_INL_H
29*08b48e0bSAndroid Build Coastguard Worker
30*08b48e0bSAndroid Build Coastguard Worker #include <stdio.h>
31*08b48e0bSAndroid Build Coastguard Worker #include <stdlib.h>
32*08b48e0bSAndroid Build Coastguard Worker #include <string.h>
33*08b48e0bSAndroid Build Coastguard Worker #include <stddef.h>
34*08b48e0bSAndroid Build Coastguard Worker
35*08b48e0bSAndroid Build Coastguard Worker #include "config.h"
36*08b48e0bSAndroid Build Coastguard Worker #include "types.h"
37*08b48e0bSAndroid Build Coastguard Worker #include "debug.h"
38*08b48e0bSAndroid Build Coastguard Worker
39*08b48e0bSAndroid Build Coastguard Worker /* Initial size used for afl_realloc */
40*08b48e0bSAndroid Build Coastguard Worker #define INITIAL_GROWTH_SIZE (64)
41*08b48e0bSAndroid Build Coastguard Worker
42*08b48e0bSAndroid Build Coastguard Worker // Be careful! _WANT_ORIGINAL_AFL_ALLOC is not compatible with custom mutators
43*08b48e0bSAndroid Build Coastguard Worker
44*08b48e0bSAndroid Build Coastguard Worker #ifndef _WANT_ORIGINAL_AFL_ALLOC
45*08b48e0bSAndroid Build Coastguard Worker // AFL++ stuff without memory corruption checks - for speed
46*08b48e0bSAndroid Build Coastguard Worker
47*08b48e0bSAndroid Build Coastguard Worker /* User-facing macro to sprintf() to a dynamically allocated buffer. */
48*08b48e0bSAndroid Build Coastguard Worker
49*08b48e0bSAndroid Build Coastguard Worker #define alloc_printf(_str...) \
50*08b48e0bSAndroid Build Coastguard Worker ({ \
51*08b48e0bSAndroid Build Coastguard Worker \
52*08b48e0bSAndroid Build Coastguard Worker u8 *_tmp; \
53*08b48e0bSAndroid Build Coastguard Worker s32 _len = snprintf(NULL, 0, _str); \
54*08b48e0bSAndroid Build Coastguard Worker if (_len < 0) FATAL("Whoa, snprintf() fails?!"); \
55*08b48e0bSAndroid Build Coastguard Worker _tmp = ck_alloc(_len + 1); \
56*08b48e0bSAndroid Build Coastguard Worker snprintf((char *)_tmp, _len + 1, _str); \
57*08b48e0bSAndroid Build Coastguard Worker _tmp; \
58*08b48e0bSAndroid Build Coastguard Worker \
59*08b48e0bSAndroid Build Coastguard Worker })
60*08b48e0bSAndroid Build Coastguard Worker
61*08b48e0bSAndroid Build Coastguard Worker /* Macro to enforce allocation limits as a last-resort defense against
62*08b48e0bSAndroid Build Coastguard Worker integer overflows. */
63*08b48e0bSAndroid Build Coastguard Worker
64*08b48e0bSAndroid Build Coastguard Worker #define ALLOC_CHECK_SIZE(_s) \
65*08b48e0bSAndroid Build Coastguard Worker do { \
66*08b48e0bSAndroid Build Coastguard Worker \
67*08b48e0bSAndroid Build Coastguard Worker if ((_s) > MAX_ALLOC) ABORT("Bad alloc request: %u bytes", (_s)); \
68*08b48e0bSAndroid Build Coastguard Worker \
69*08b48e0bSAndroid Build Coastguard Worker } while (0)
70*08b48e0bSAndroid Build Coastguard Worker
71*08b48e0bSAndroid Build Coastguard Worker /* Macro to check malloc() failures and the like. */
72*08b48e0bSAndroid Build Coastguard Worker
73*08b48e0bSAndroid Build Coastguard Worker #define ALLOC_CHECK_RESULT(_r, _s) \
74*08b48e0bSAndroid Build Coastguard Worker do { \
75*08b48e0bSAndroid Build Coastguard Worker \
76*08b48e0bSAndroid Build Coastguard Worker if (!(_r)) ABORT("Out of memory: can't allocate %u bytes", (_s)); \
77*08b48e0bSAndroid Build Coastguard Worker \
78*08b48e0bSAndroid Build Coastguard Worker } while (0)
79*08b48e0bSAndroid Build Coastguard Worker
80*08b48e0bSAndroid Build Coastguard Worker /* Allocate a buffer, explicitly not zeroing it. Returns NULL for zero-sized
81*08b48e0bSAndroid Build Coastguard Worker requests. */
82*08b48e0bSAndroid Build Coastguard Worker
DFL_ck_alloc_nozero(u32 size)83*08b48e0bSAndroid Build Coastguard Worker static inline void *DFL_ck_alloc_nozero(u32 size) {
84*08b48e0bSAndroid Build Coastguard Worker
85*08b48e0bSAndroid Build Coastguard Worker void *ret;
86*08b48e0bSAndroid Build Coastguard Worker
87*08b48e0bSAndroid Build Coastguard Worker if (!size) { return NULL; }
88*08b48e0bSAndroid Build Coastguard Worker
89*08b48e0bSAndroid Build Coastguard Worker ALLOC_CHECK_SIZE(size);
90*08b48e0bSAndroid Build Coastguard Worker ret = malloc(size);
91*08b48e0bSAndroid Build Coastguard Worker ALLOC_CHECK_RESULT(ret, size);
92*08b48e0bSAndroid Build Coastguard Worker
93*08b48e0bSAndroid Build Coastguard Worker return (void *)ret;
94*08b48e0bSAndroid Build Coastguard Worker
95*08b48e0bSAndroid Build Coastguard Worker }
96*08b48e0bSAndroid Build Coastguard Worker
97*08b48e0bSAndroid Build Coastguard Worker /* Allocate a buffer, returning zeroed memory.
98*08b48e0bSAndroid Build Coastguard Worker Returns null for 0 size */
99*08b48e0bSAndroid Build Coastguard Worker
DFL_ck_alloc(u32 size)100*08b48e0bSAndroid Build Coastguard Worker static inline void *DFL_ck_alloc(u32 size) {
101*08b48e0bSAndroid Build Coastguard Worker
102*08b48e0bSAndroid Build Coastguard Worker void *mem;
103*08b48e0bSAndroid Build Coastguard Worker
104*08b48e0bSAndroid Build Coastguard Worker if (!size) { return NULL; }
105*08b48e0bSAndroid Build Coastguard Worker mem = DFL_ck_alloc_nozero(size);
106*08b48e0bSAndroid Build Coastguard Worker
107*08b48e0bSAndroid Build Coastguard Worker return memset(mem, 0, size);
108*08b48e0bSAndroid Build Coastguard Worker
109*08b48e0bSAndroid Build Coastguard Worker }
110*08b48e0bSAndroid Build Coastguard Worker
111*08b48e0bSAndroid Build Coastguard Worker /* Free memory, checking for double free and corrupted heap. When DEBUG_BUILD
112*08b48e0bSAndroid Build Coastguard Worker is set, the old memory will be also clobbered with 0xFF. */
113*08b48e0bSAndroid Build Coastguard Worker
DFL_ck_free(void * mem)114*08b48e0bSAndroid Build Coastguard Worker static inline void DFL_ck_free(void *mem) {
115*08b48e0bSAndroid Build Coastguard Worker
116*08b48e0bSAndroid Build Coastguard Worker if (!mem) { return; }
117*08b48e0bSAndroid Build Coastguard Worker
118*08b48e0bSAndroid Build Coastguard Worker free(mem);
119*08b48e0bSAndroid Build Coastguard Worker
120*08b48e0bSAndroid Build Coastguard Worker }
121*08b48e0bSAndroid Build Coastguard Worker
122*08b48e0bSAndroid Build Coastguard Worker /* Re-allocate a buffer, checking for issues and zeroing any newly-added tail.
123*08b48e0bSAndroid Build Coastguard Worker With DEBUG_BUILD, the buffer is always reallocated to a new addresses and the
124*08b48e0bSAndroid Build Coastguard Worker old memory is clobbered with 0xFF. */
125*08b48e0bSAndroid Build Coastguard Worker
DFL_ck_realloc(void * orig,u32 size)126*08b48e0bSAndroid Build Coastguard Worker static inline void *DFL_ck_realloc(void *orig, u32 size) {
127*08b48e0bSAndroid Build Coastguard Worker
128*08b48e0bSAndroid Build Coastguard Worker void *ret;
129*08b48e0bSAndroid Build Coastguard Worker
130*08b48e0bSAndroid Build Coastguard Worker if (!size) {
131*08b48e0bSAndroid Build Coastguard Worker
132*08b48e0bSAndroid Build Coastguard Worker DFL_ck_free(orig);
133*08b48e0bSAndroid Build Coastguard Worker return NULL;
134*08b48e0bSAndroid Build Coastguard Worker
135*08b48e0bSAndroid Build Coastguard Worker }
136*08b48e0bSAndroid Build Coastguard Worker
137*08b48e0bSAndroid Build Coastguard Worker ALLOC_CHECK_SIZE(size);
138*08b48e0bSAndroid Build Coastguard Worker
139*08b48e0bSAndroid Build Coastguard Worker /* Catch pointer issues sooner: force relocation and make sure that the
140*08b48e0bSAndroid Build Coastguard Worker original buffer is wiped. */
141*08b48e0bSAndroid Build Coastguard Worker
142*08b48e0bSAndroid Build Coastguard Worker ret = realloc(orig, size);
143*08b48e0bSAndroid Build Coastguard Worker
144*08b48e0bSAndroid Build Coastguard Worker ALLOC_CHECK_RESULT(ret, size);
145*08b48e0bSAndroid Build Coastguard Worker
146*08b48e0bSAndroid Build Coastguard Worker return (void *)ret;
147*08b48e0bSAndroid Build Coastguard Worker
148*08b48e0bSAndroid Build Coastguard Worker }
149*08b48e0bSAndroid Build Coastguard Worker
150*08b48e0bSAndroid Build Coastguard Worker /* Create a buffer with a copy of a string. Returns NULL for NULL inputs. */
151*08b48e0bSAndroid Build Coastguard Worker
DFL_ck_strdup(u8 * str)152*08b48e0bSAndroid Build Coastguard Worker static inline u8 *DFL_ck_strdup(u8 *str) {
153*08b48e0bSAndroid Build Coastguard Worker
154*08b48e0bSAndroid Build Coastguard Worker u8 *ret;
155*08b48e0bSAndroid Build Coastguard Worker u32 size;
156*08b48e0bSAndroid Build Coastguard Worker
157*08b48e0bSAndroid Build Coastguard Worker if (!str) { return NULL; }
158*08b48e0bSAndroid Build Coastguard Worker
159*08b48e0bSAndroid Build Coastguard Worker size = strlen((char *)str) + 1;
160*08b48e0bSAndroid Build Coastguard Worker
161*08b48e0bSAndroid Build Coastguard Worker ALLOC_CHECK_SIZE(size);
162*08b48e0bSAndroid Build Coastguard Worker ret = (u8 *)malloc(size);
163*08b48e0bSAndroid Build Coastguard Worker ALLOC_CHECK_RESULT(ret, size);
164*08b48e0bSAndroid Build Coastguard Worker
165*08b48e0bSAndroid Build Coastguard Worker return (u8 *)memcpy(ret, str, size);
166*08b48e0bSAndroid Build Coastguard Worker
167*08b48e0bSAndroid Build Coastguard Worker }
168*08b48e0bSAndroid Build Coastguard Worker
169*08b48e0bSAndroid Build Coastguard Worker /* In non-debug mode, we just do straightforward aliasing of the above
170*08b48e0bSAndroid Build Coastguard Worker functions to user-visible names such as ck_alloc(). */
171*08b48e0bSAndroid Build Coastguard Worker
172*08b48e0bSAndroid Build Coastguard Worker #define ck_alloc DFL_ck_alloc
173*08b48e0bSAndroid Build Coastguard Worker #define ck_alloc_nozero DFL_ck_alloc_nozero
174*08b48e0bSAndroid Build Coastguard Worker #define ck_realloc DFL_ck_realloc
175*08b48e0bSAndroid Build Coastguard Worker #define ck_strdup DFL_ck_strdup
176*08b48e0bSAndroid Build Coastguard Worker #define ck_free DFL_ck_free
177*08b48e0bSAndroid Build Coastguard Worker
178*08b48e0bSAndroid Build Coastguard Worker #define alloc_report()
179*08b48e0bSAndroid Build Coastguard Worker
180*08b48e0bSAndroid Build Coastguard Worker #else
181*08b48e0bSAndroid Build Coastguard Worker // This is the original alloc-inl of stock afl
182*08b48e0bSAndroid Build Coastguard Worker
183*08b48e0bSAndroid Build Coastguard Worker /* User-facing macro to sprintf() to a dynamically allocated buffer. */
184*08b48e0bSAndroid Build Coastguard Worker
185*08b48e0bSAndroid Build Coastguard Worker #define alloc_printf(_str...) \
186*08b48e0bSAndroid Build Coastguard Worker ({ \
187*08b48e0bSAndroid Build Coastguard Worker \
188*08b48e0bSAndroid Build Coastguard Worker u8 *_tmp; \
189*08b48e0bSAndroid Build Coastguard Worker s32 _len = snprintf(NULL, 0, _str); \
190*08b48e0bSAndroid Build Coastguard Worker if (_len < 0) FATAL("Whoa, snprintf() fails?!"); \
191*08b48e0bSAndroid Build Coastguard Worker _tmp = ck_alloc(_len + 1); \
192*08b48e0bSAndroid Build Coastguard Worker snprintf((char *)_tmp, _len + 1, _str); \
193*08b48e0bSAndroid Build Coastguard Worker _tmp; \
194*08b48e0bSAndroid Build Coastguard Worker \
195*08b48e0bSAndroid Build Coastguard Worker })
196*08b48e0bSAndroid Build Coastguard Worker
197*08b48e0bSAndroid Build Coastguard Worker /* Macro to enforce allocation limits as a last-resort defense against
198*08b48e0bSAndroid Build Coastguard Worker integer overflows. */
199*08b48e0bSAndroid Build Coastguard Worker #define ALLOC_CHECK_SIZE(_s) \
200*08b48e0bSAndroid Build Coastguard Worker do { \
201*08b48e0bSAndroid Build Coastguard Worker \
202*08b48e0bSAndroid Build Coastguard Worker if ((_s) > MAX_ALLOC) ABORT("Bad alloc request: %u bytes", (_s)); \
203*08b48e0bSAndroid Build Coastguard Worker \
204*08b48e0bSAndroid Build Coastguard Worker } while (0)
205*08b48e0bSAndroid Build Coastguard Worker
206*08b48e0bSAndroid Build Coastguard Worker /* Macro to check malloc() failures and the like. */
207*08b48e0bSAndroid Build Coastguard Worker
208*08b48e0bSAndroid Build Coastguard Worker #define ALLOC_CHECK_RESULT(_r, _s) \
209*08b48e0bSAndroid Build Coastguard Worker do { \
210*08b48e0bSAndroid Build Coastguard Worker \
211*08b48e0bSAndroid Build Coastguard Worker if (!(_r)) ABORT("Out of memory: can't allocate %u bytes", (_s)); \
212*08b48e0bSAndroid Build Coastguard Worker \
213*08b48e0bSAndroid Build Coastguard Worker } while (0)
214*08b48e0bSAndroid Build Coastguard Worker
215*08b48e0bSAndroid Build Coastguard Worker /* Magic tokens used to mark used / freed chunks. */
216*08b48e0bSAndroid Build Coastguard Worker
217*08b48e0bSAndroid Build Coastguard Worker #define ALLOC_MAGIC_C1 0xFF00FF00 /* Used head (dword) */
218*08b48e0bSAndroid Build Coastguard Worker #define ALLOC_MAGIC_F 0xFE00FE00 /* Freed head (dword) */
219*08b48e0bSAndroid Build Coastguard Worker #define ALLOC_MAGIC_C2 0xF0 /* Used tail (byte) */
220*08b48e0bSAndroid Build Coastguard Worker
221*08b48e0bSAndroid Build Coastguard Worker /* Positions of guard tokens in relation to the user-visible pointer. */
222*08b48e0bSAndroid Build Coastguard Worker
223*08b48e0bSAndroid Build Coastguard Worker #define ALLOC_C1(_ptr) (((u32 *)(_ptr))[-2])
224*08b48e0bSAndroid Build Coastguard Worker #define ALLOC_S(_ptr) (((u32 *)(_ptr))[-1])
225*08b48e0bSAndroid Build Coastguard Worker #define ALLOC_C2(_ptr) (((u8 *)(_ptr))[ALLOC_S(_ptr)])
226*08b48e0bSAndroid Build Coastguard Worker
227*08b48e0bSAndroid Build Coastguard Worker #define ALLOC_OFF_HEAD 8
228*08b48e0bSAndroid Build Coastguard Worker #define ALLOC_OFF_TOTAL (ALLOC_OFF_HEAD + 1)
229*08b48e0bSAndroid Build Coastguard Worker
230*08b48e0bSAndroid Build Coastguard Worker /* Sanity-checking macros for pointers. */
231*08b48e0bSAndroid Build Coastguard Worker
232*08b48e0bSAndroid Build Coastguard Worker #define CHECK_PTR(_p) \
233*08b48e0bSAndroid Build Coastguard Worker do { \
234*08b48e0bSAndroid Build Coastguard Worker \
235*08b48e0bSAndroid Build Coastguard Worker if (_p) { \
236*08b48e0bSAndroid Build Coastguard Worker \
237*08b48e0bSAndroid Build Coastguard Worker if (ALLOC_C1(_p) ^ ALLOC_MAGIC_C1) { \
238*08b48e0bSAndroid Build Coastguard Worker \
239*08b48e0bSAndroid Build Coastguard Worker if (ALLOC_C1(_p) == ALLOC_MAGIC_F) \
240*08b48e0bSAndroid Build Coastguard Worker ABORT("Use after free."); \
241*08b48e0bSAndroid Build Coastguard Worker else \
242*08b48e0bSAndroid Build Coastguard Worker ABORT("Corrupted head alloc canary."); \
243*08b48e0bSAndroid Build Coastguard Worker \
244*08b48e0bSAndroid Build Coastguard Worker } \
245*08b48e0bSAndroid Build Coastguard Worker if (ALLOC_C2(_p) ^ ALLOC_MAGIC_C2) \
246*08b48e0bSAndroid Build Coastguard Worker ABORT("Corrupted tail alloc canary."); \
247*08b48e0bSAndroid Build Coastguard Worker \
248*08b48e0bSAndroid Build Coastguard Worker } \
249*08b48e0bSAndroid Build Coastguard Worker \
250*08b48e0bSAndroid Build Coastguard Worker } while (0)
251*08b48e0bSAndroid Build Coastguard Worker
252*08b48e0bSAndroid Build Coastguard Worker #define CHECK_PTR_EXPR(_p) \
253*08b48e0bSAndroid Build Coastguard Worker ({ \
254*08b48e0bSAndroid Build Coastguard Worker \
255*08b48e0bSAndroid Build Coastguard Worker typeof(_p) _tmp = (_p); \
256*08b48e0bSAndroid Build Coastguard Worker CHECK_PTR(_tmp); \
257*08b48e0bSAndroid Build Coastguard Worker _tmp; \
258*08b48e0bSAndroid Build Coastguard Worker \
259*08b48e0bSAndroid Build Coastguard Worker })
260*08b48e0bSAndroid Build Coastguard Worker
261*08b48e0bSAndroid Build Coastguard Worker /* Allocate a buffer, explicitly not zeroing it. Returns NULL for zero-sized
262*08b48e0bSAndroid Build Coastguard Worker requests. */
263*08b48e0bSAndroid Build Coastguard Worker
DFL_ck_alloc_nozero(u32 size)264*08b48e0bSAndroid Build Coastguard Worker static inline void *DFL_ck_alloc_nozero(u32 size) {
265*08b48e0bSAndroid Build Coastguard Worker
266*08b48e0bSAndroid Build Coastguard Worker void *ret;
267*08b48e0bSAndroid Build Coastguard Worker
268*08b48e0bSAndroid Build Coastguard Worker if (!size) return NULL;
269*08b48e0bSAndroid Build Coastguard Worker
270*08b48e0bSAndroid Build Coastguard Worker ALLOC_CHECK_SIZE(size);
271*08b48e0bSAndroid Build Coastguard Worker ret = malloc(size + ALLOC_OFF_TOTAL);
272*08b48e0bSAndroid Build Coastguard Worker ALLOC_CHECK_RESULT(ret, size);
273*08b48e0bSAndroid Build Coastguard Worker
274*08b48e0bSAndroid Build Coastguard Worker ret = (char *)ret + ALLOC_OFF_HEAD;
275*08b48e0bSAndroid Build Coastguard Worker
276*08b48e0bSAndroid Build Coastguard Worker ALLOC_C1(ret) = ALLOC_MAGIC_C1;
277*08b48e0bSAndroid Build Coastguard Worker ALLOC_S(ret) = size;
278*08b48e0bSAndroid Build Coastguard Worker ALLOC_C2(ret) = ALLOC_MAGIC_C2;
279*08b48e0bSAndroid Build Coastguard Worker
280*08b48e0bSAndroid Build Coastguard Worker return ret;
281*08b48e0bSAndroid Build Coastguard Worker
282*08b48e0bSAndroid Build Coastguard Worker }
283*08b48e0bSAndroid Build Coastguard Worker
284*08b48e0bSAndroid Build Coastguard Worker /* Allocate a buffer, returning zeroed memory. */
285*08b48e0bSAndroid Build Coastguard Worker
DFL_ck_alloc(u32 size)286*08b48e0bSAndroid Build Coastguard Worker static inline void *DFL_ck_alloc(u32 size) {
287*08b48e0bSAndroid Build Coastguard Worker
288*08b48e0bSAndroid Build Coastguard Worker void *mem;
289*08b48e0bSAndroid Build Coastguard Worker
290*08b48e0bSAndroid Build Coastguard Worker if (!size) return NULL;
291*08b48e0bSAndroid Build Coastguard Worker mem = DFL_ck_alloc_nozero(size);
292*08b48e0bSAndroid Build Coastguard Worker
293*08b48e0bSAndroid Build Coastguard Worker return memset(mem, 0, size);
294*08b48e0bSAndroid Build Coastguard Worker
295*08b48e0bSAndroid Build Coastguard Worker }
296*08b48e0bSAndroid Build Coastguard Worker
297*08b48e0bSAndroid Build Coastguard Worker /* Free memory, checking for double free and corrupted heap. When DEBUG_BUILD
298*08b48e0bSAndroid Build Coastguard Worker is set, the old memory will be also clobbered with 0xFF. */
299*08b48e0bSAndroid Build Coastguard Worker
DFL_ck_free(void * mem)300*08b48e0bSAndroid Build Coastguard Worker static inline void DFL_ck_free(void *mem) {
301*08b48e0bSAndroid Build Coastguard Worker
302*08b48e0bSAndroid Build Coastguard Worker if (!mem) return;
303*08b48e0bSAndroid Build Coastguard Worker
304*08b48e0bSAndroid Build Coastguard Worker CHECK_PTR(mem);
305*08b48e0bSAndroid Build Coastguard Worker #ifdef DEBUG_BUILD
306*08b48e0bSAndroid Build Coastguard Worker
307*08b48e0bSAndroid Build Coastguard Worker /* Catch pointer issues sooner. */
308*08b48e0bSAndroid Build Coastguard Worker memset(mem, 0xFF, ALLOC_S(mem));
309*08b48e0bSAndroid Build Coastguard Worker
310*08b48e0bSAndroid Build Coastguard Worker #endif /* DEBUG_BUILD */
311*08b48e0bSAndroid Build Coastguard Worker
312*08b48e0bSAndroid Build Coastguard Worker ALLOC_C1(mem) = ALLOC_MAGIC_F;
313*08b48e0bSAndroid Build Coastguard Worker
314*08b48e0bSAndroid Build Coastguard Worker free((char *)mem - ALLOC_OFF_HEAD);
315*08b48e0bSAndroid Build Coastguard Worker
316*08b48e0bSAndroid Build Coastguard Worker }
317*08b48e0bSAndroid Build Coastguard Worker
318*08b48e0bSAndroid Build Coastguard Worker /* Re-allocate a buffer, checking for issues and zeroing any newly-added tail.
319*08b48e0bSAndroid Build Coastguard Worker With DEBUG_BUILD, the buffer is always reallocated to a new addresses and the
320*08b48e0bSAndroid Build Coastguard Worker old memory is clobbered with 0xFF. */
321*08b48e0bSAndroid Build Coastguard Worker
DFL_ck_realloc(void * orig,u32 size)322*08b48e0bSAndroid Build Coastguard Worker static inline void *DFL_ck_realloc(void *orig, u32 size) {
323*08b48e0bSAndroid Build Coastguard Worker
324*08b48e0bSAndroid Build Coastguard Worker void *ret;
325*08b48e0bSAndroid Build Coastguard Worker u32 old_size = 0;
326*08b48e0bSAndroid Build Coastguard Worker
327*08b48e0bSAndroid Build Coastguard Worker if (!size) {
328*08b48e0bSAndroid Build Coastguard Worker
329*08b48e0bSAndroid Build Coastguard Worker DFL_ck_free(orig);
330*08b48e0bSAndroid Build Coastguard Worker return NULL;
331*08b48e0bSAndroid Build Coastguard Worker
332*08b48e0bSAndroid Build Coastguard Worker }
333*08b48e0bSAndroid Build Coastguard Worker
334*08b48e0bSAndroid Build Coastguard Worker if (orig) {
335*08b48e0bSAndroid Build Coastguard Worker
336*08b48e0bSAndroid Build Coastguard Worker CHECK_PTR(orig);
337*08b48e0bSAndroid Build Coastguard Worker
338*08b48e0bSAndroid Build Coastguard Worker #ifndef DEBUG_BUILD
339*08b48e0bSAndroid Build Coastguard Worker ALLOC_C1(orig) = ALLOC_MAGIC_F;
340*08b48e0bSAndroid Build Coastguard Worker #endif /* !DEBUG_BUILD */
341*08b48e0bSAndroid Build Coastguard Worker
342*08b48e0bSAndroid Build Coastguard Worker old_size = ALLOC_S(orig);
343*08b48e0bSAndroid Build Coastguard Worker orig = (char *)orig - ALLOC_OFF_HEAD;
344*08b48e0bSAndroid Build Coastguard Worker
345*08b48e0bSAndroid Build Coastguard Worker ALLOC_CHECK_SIZE(old_size);
346*08b48e0bSAndroid Build Coastguard Worker
347*08b48e0bSAndroid Build Coastguard Worker }
348*08b48e0bSAndroid Build Coastguard Worker
349*08b48e0bSAndroid Build Coastguard Worker ALLOC_CHECK_SIZE(size);
350*08b48e0bSAndroid Build Coastguard Worker
351*08b48e0bSAndroid Build Coastguard Worker #ifndef DEBUG_BUILD
352*08b48e0bSAndroid Build Coastguard Worker
353*08b48e0bSAndroid Build Coastguard Worker ret = realloc(orig, size + ALLOC_OFF_TOTAL);
354*08b48e0bSAndroid Build Coastguard Worker ALLOC_CHECK_RESULT(ret, size);
355*08b48e0bSAndroid Build Coastguard Worker
356*08b48e0bSAndroid Build Coastguard Worker #else
357*08b48e0bSAndroid Build Coastguard Worker
358*08b48e0bSAndroid Build Coastguard Worker /* Catch pointer issues sooner: force relocation and make sure that the
359*08b48e0bSAndroid Build Coastguard Worker original buffer is wiped. */
360*08b48e0bSAndroid Build Coastguard Worker
361*08b48e0bSAndroid Build Coastguard Worker ret = malloc(size + ALLOC_OFF_TOTAL);
362*08b48e0bSAndroid Build Coastguard Worker ALLOC_CHECK_RESULT(ret, size);
363*08b48e0bSAndroid Build Coastguard Worker
364*08b48e0bSAndroid Build Coastguard Worker if (orig) {
365*08b48e0bSAndroid Build Coastguard Worker
366*08b48e0bSAndroid Build Coastguard Worker memcpy((char *)ret + ALLOC_OFF_HEAD, (char *)orig + ALLOC_OFF_HEAD,
367*08b48e0bSAndroid Build Coastguard Worker MIN(size, old_size));
368*08b48e0bSAndroid Build Coastguard Worker memset((char *)orig + ALLOC_OFF_HEAD, 0xFF, old_size);
369*08b48e0bSAndroid Build Coastguard Worker
370*08b48e0bSAndroid Build Coastguard Worker ALLOC_C1((char *)orig + ALLOC_OFF_HEAD) = ALLOC_MAGIC_F;
371*08b48e0bSAndroid Build Coastguard Worker
372*08b48e0bSAndroid Build Coastguard Worker free(orig);
373*08b48e0bSAndroid Build Coastguard Worker
374*08b48e0bSAndroid Build Coastguard Worker }
375*08b48e0bSAndroid Build Coastguard Worker
376*08b48e0bSAndroid Build Coastguard Worker #endif /* ^!DEBUG_BUILD */
377*08b48e0bSAndroid Build Coastguard Worker
378*08b48e0bSAndroid Build Coastguard Worker ret = (char *)ret + ALLOC_OFF_HEAD;
379*08b48e0bSAndroid Build Coastguard Worker
380*08b48e0bSAndroid Build Coastguard Worker ALLOC_C1(ret) = ALLOC_MAGIC_C1;
381*08b48e0bSAndroid Build Coastguard Worker ALLOC_S(ret) = size;
382*08b48e0bSAndroid Build Coastguard Worker ALLOC_C2(ret) = ALLOC_MAGIC_C2;
383*08b48e0bSAndroid Build Coastguard Worker
384*08b48e0bSAndroid Build Coastguard Worker if (size > old_size) memset((char *)ret + old_size, 0, size - old_size);
385*08b48e0bSAndroid Build Coastguard Worker
386*08b48e0bSAndroid Build Coastguard Worker return ret;
387*08b48e0bSAndroid Build Coastguard Worker
388*08b48e0bSAndroid Build Coastguard Worker }
389*08b48e0bSAndroid Build Coastguard Worker
390*08b48e0bSAndroid Build Coastguard Worker /* Create a buffer with a copy of a string. Returns NULL for NULL inputs. */
391*08b48e0bSAndroid Build Coastguard Worker
DFL_ck_strdup(u8 * str)392*08b48e0bSAndroid Build Coastguard Worker static inline u8 *DFL_ck_strdup(u8 *str) {
393*08b48e0bSAndroid Build Coastguard Worker
394*08b48e0bSAndroid Build Coastguard Worker void *ret;
395*08b48e0bSAndroid Build Coastguard Worker u32 size;
396*08b48e0bSAndroid Build Coastguard Worker
397*08b48e0bSAndroid Build Coastguard Worker if (!str) return NULL;
398*08b48e0bSAndroid Build Coastguard Worker
399*08b48e0bSAndroid Build Coastguard Worker size = strlen((char *)str) + 1;
400*08b48e0bSAndroid Build Coastguard Worker
401*08b48e0bSAndroid Build Coastguard Worker ALLOC_CHECK_SIZE(size);
402*08b48e0bSAndroid Build Coastguard Worker ret = malloc(size + ALLOC_OFF_TOTAL);
403*08b48e0bSAndroid Build Coastguard Worker ALLOC_CHECK_RESULT(ret, size);
404*08b48e0bSAndroid Build Coastguard Worker
405*08b48e0bSAndroid Build Coastguard Worker ret = (char *)ret + ALLOC_OFF_HEAD;
406*08b48e0bSAndroid Build Coastguard Worker
407*08b48e0bSAndroid Build Coastguard Worker ALLOC_C1(ret) = ALLOC_MAGIC_C1;
408*08b48e0bSAndroid Build Coastguard Worker ALLOC_S(ret) = size;
409*08b48e0bSAndroid Build Coastguard Worker ALLOC_C2(ret) = ALLOC_MAGIC_C2;
410*08b48e0bSAndroid Build Coastguard Worker
411*08b48e0bSAndroid Build Coastguard Worker return memcpy(ret, str, size);
412*08b48e0bSAndroid Build Coastguard Worker
413*08b48e0bSAndroid Build Coastguard Worker }
414*08b48e0bSAndroid Build Coastguard Worker
415*08b48e0bSAndroid Build Coastguard Worker #ifndef DEBUG_BUILD
416*08b48e0bSAndroid Build Coastguard Worker
417*08b48e0bSAndroid Build Coastguard Worker /* In non-debug mode, we just do straightforward aliasing of the above
418*08b48e0bSAndroid Build Coastguard Worker functions to user-visible names such as ck_alloc(). */
419*08b48e0bSAndroid Build Coastguard Worker
420*08b48e0bSAndroid Build Coastguard Worker #define ck_alloc DFL_ck_alloc
421*08b48e0bSAndroid Build Coastguard Worker #define ck_alloc_nozero DFL_ck_alloc_nozero
422*08b48e0bSAndroid Build Coastguard Worker #define ck_realloc DFL_ck_realloc
423*08b48e0bSAndroid Build Coastguard Worker #define ck_strdup DFL_ck_strdup
424*08b48e0bSAndroid Build Coastguard Worker #define ck_free DFL_ck_free
425*08b48e0bSAndroid Build Coastguard Worker
426*08b48e0bSAndroid Build Coastguard Worker #define alloc_report()
427*08b48e0bSAndroid Build Coastguard Worker
428*08b48e0bSAndroid Build Coastguard Worker #else
429*08b48e0bSAndroid Build Coastguard Worker
430*08b48e0bSAndroid Build Coastguard Worker /* In debugging mode, we also track allocations to detect memory leaks, and
431*08b48e0bSAndroid Build Coastguard Worker the flow goes through one more layer of indirection. */
432*08b48e0bSAndroid Build Coastguard Worker
433*08b48e0bSAndroid Build Coastguard Worker /* Alloc tracking data structures: */
434*08b48e0bSAndroid Build Coastguard Worker
435*08b48e0bSAndroid Build Coastguard Worker #define ALLOC_BUCKETS 4096
436*08b48e0bSAndroid Build Coastguard Worker
437*08b48e0bSAndroid Build Coastguard Worker struct TRK_obj {
438*08b48e0bSAndroid Build Coastguard Worker
439*08b48e0bSAndroid Build Coastguard Worker void *ptr;
440*08b48e0bSAndroid Build Coastguard Worker char *file, *func;
441*08b48e0bSAndroid Build Coastguard Worker u32 line;
442*08b48e0bSAndroid Build Coastguard Worker
443*08b48e0bSAndroid Build Coastguard Worker };
444*08b48e0bSAndroid Build Coastguard Worker
445*08b48e0bSAndroid Build Coastguard Worker #ifdef AFL_MAIN
446*08b48e0bSAndroid Build Coastguard Worker
447*08b48e0bSAndroid Build Coastguard Worker struct TRK_obj *TRK[ALLOC_BUCKETS];
448*08b48e0bSAndroid Build Coastguard Worker u32 TRK_cnt[ALLOC_BUCKETS];
449*08b48e0bSAndroid Build Coastguard Worker
450*08b48e0bSAndroid Build Coastguard Worker #define alloc_report() TRK_report()
451*08b48e0bSAndroid Build Coastguard Worker
452*08b48e0bSAndroid Build Coastguard Worker #else
453*08b48e0bSAndroid Build Coastguard Worker
454*08b48e0bSAndroid Build Coastguard Worker extern struct TRK_obj *TRK[ALLOC_BUCKETS];
455*08b48e0bSAndroid Build Coastguard Worker extern u32 TRK_cnt[ALLOC_BUCKETS];
456*08b48e0bSAndroid Build Coastguard Worker
457*08b48e0bSAndroid Build Coastguard Worker #define alloc_report()
458*08b48e0bSAndroid Build Coastguard Worker
459*08b48e0bSAndroid Build Coastguard Worker #endif /* ^AFL_MAIN */
460*08b48e0bSAndroid Build Coastguard Worker
461*08b48e0bSAndroid Build Coastguard Worker /* Bucket-assigning function for a given pointer: */
462*08b48e0bSAndroid Build Coastguard Worker
463*08b48e0bSAndroid Build Coastguard Worker #define TRKH(_ptr) (((((u32)(_ptr)) >> 16) ^ ((u32)(_ptr))) % ALLOC_BUCKETS)
464*08b48e0bSAndroid Build Coastguard Worker
465*08b48e0bSAndroid Build Coastguard Worker /* Add a new entry to the list of allocated objects. */
466*08b48e0bSAndroid Build Coastguard Worker
TRK_alloc_buf(void * ptr,const char * file,const char * func,u32 line)467*08b48e0bSAndroid Build Coastguard Worker static inline void TRK_alloc_buf(void *ptr, const char *file, const char *func,
468*08b48e0bSAndroid Build Coastguard Worker u32 line) {
469*08b48e0bSAndroid Build Coastguard Worker
470*08b48e0bSAndroid Build Coastguard Worker u32 i, bucket;
471*08b48e0bSAndroid Build Coastguard Worker
472*08b48e0bSAndroid Build Coastguard Worker if (!ptr) return;
473*08b48e0bSAndroid Build Coastguard Worker
474*08b48e0bSAndroid Build Coastguard Worker bucket = TRKH(ptr);
475*08b48e0bSAndroid Build Coastguard Worker
476*08b48e0bSAndroid Build Coastguard Worker /* Find a free slot in the list of entries for that bucket. */
477*08b48e0bSAndroid Build Coastguard Worker
478*08b48e0bSAndroid Build Coastguard Worker for (i = 0; i < TRK_cnt[bucket]; i++)
479*08b48e0bSAndroid Build Coastguard Worker
480*08b48e0bSAndroid Build Coastguard Worker if (!TRK[bucket][i].ptr) {
481*08b48e0bSAndroid Build Coastguard Worker
482*08b48e0bSAndroid Build Coastguard Worker TRK[bucket][i].ptr = ptr;
483*08b48e0bSAndroid Build Coastguard Worker TRK[bucket][i].file = (char *)file;
484*08b48e0bSAndroid Build Coastguard Worker TRK[bucket][i].func = (char *)func;
485*08b48e0bSAndroid Build Coastguard Worker TRK[bucket][i].line = line;
486*08b48e0bSAndroid Build Coastguard Worker return;
487*08b48e0bSAndroid Build Coastguard Worker
488*08b48e0bSAndroid Build Coastguard Worker }
489*08b48e0bSAndroid Build Coastguard Worker
490*08b48e0bSAndroid Build Coastguard Worker /* No space available - allocate more. */
491*08b48e0bSAndroid Build Coastguard Worker
492*08b48e0bSAndroid Build Coastguard Worker TRK[bucket] = DFL_ck_realloc(TRK[bucket],
493*08b48e0bSAndroid Build Coastguard Worker (TRK_cnt[bucket] + 1) * sizeof(struct TRK_obj));
494*08b48e0bSAndroid Build Coastguard Worker
495*08b48e0bSAndroid Build Coastguard Worker TRK[bucket][i].ptr = ptr;
496*08b48e0bSAndroid Build Coastguard Worker TRK[bucket][i].file = (char *)file;
497*08b48e0bSAndroid Build Coastguard Worker TRK[bucket][i].func = (char *)func;
498*08b48e0bSAndroid Build Coastguard Worker TRK[bucket][i].line = line;
499*08b48e0bSAndroid Build Coastguard Worker
500*08b48e0bSAndroid Build Coastguard Worker TRK_cnt[bucket]++;
501*08b48e0bSAndroid Build Coastguard Worker
502*08b48e0bSAndroid Build Coastguard Worker }
503*08b48e0bSAndroid Build Coastguard Worker
504*08b48e0bSAndroid Build Coastguard Worker /* Remove entry from the list of allocated objects. */
505*08b48e0bSAndroid Build Coastguard Worker
TRK_free_buf(void * ptr,const char * file,const char * func,u32 line)506*08b48e0bSAndroid Build Coastguard Worker static inline void TRK_free_buf(void *ptr, const char *file, const char *func,
507*08b48e0bSAndroid Build Coastguard Worker u32 line) {
508*08b48e0bSAndroid Build Coastguard Worker
509*08b48e0bSAndroid Build Coastguard Worker u32 i, bucket;
510*08b48e0bSAndroid Build Coastguard Worker
511*08b48e0bSAndroid Build Coastguard Worker if (!ptr) return;
512*08b48e0bSAndroid Build Coastguard Worker
513*08b48e0bSAndroid Build Coastguard Worker bucket = TRKH(ptr);
514*08b48e0bSAndroid Build Coastguard Worker
515*08b48e0bSAndroid Build Coastguard Worker /* Find the element on the list... */
516*08b48e0bSAndroid Build Coastguard Worker
517*08b48e0bSAndroid Build Coastguard Worker for (i = 0; i < TRK_cnt[bucket]; i++)
518*08b48e0bSAndroid Build Coastguard Worker
519*08b48e0bSAndroid Build Coastguard Worker if (TRK[bucket][i].ptr == ptr) {
520*08b48e0bSAndroid Build Coastguard Worker
521*08b48e0bSAndroid Build Coastguard Worker TRK[bucket][i].ptr = 0;
522*08b48e0bSAndroid Build Coastguard Worker return;
523*08b48e0bSAndroid Build Coastguard Worker
524*08b48e0bSAndroid Build Coastguard Worker }
525*08b48e0bSAndroid Build Coastguard Worker
526*08b48e0bSAndroid Build Coastguard Worker WARNF("ALLOC: Attempt to free non-allocated memory in %s (%s:%u)", func, file,
527*08b48e0bSAndroid Build Coastguard Worker line);
528*08b48e0bSAndroid Build Coastguard Worker
529*08b48e0bSAndroid Build Coastguard Worker }
530*08b48e0bSAndroid Build Coastguard Worker
531*08b48e0bSAndroid Build Coastguard Worker /* Do a final report on all non-deallocated objects. */
532*08b48e0bSAndroid Build Coastguard Worker
TRK_report(void)533*08b48e0bSAndroid Build Coastguard Worker static inline void TRK_report(void) {
534*08b48e0bSAndroid Build Coastguard Worker
535*08b48e0bSAndroid Build Coastguard Worker u32 i, bucket;
536*08b48e0bSAndroid Build Coastguard Worker
537*08b48e0bSAndroid Build Coastguard Worker fflush(0);
538*08b48e0bSAndroid Build Coastguard Worker
539*08b48e0bSAndroid Build Coastguard Worker for (bucket = 0; bucket < ALLOC_BUCKETS; bucket++)
540*08b48e0bSAndroid Build Coastguard Worker for (i = 0; i < TRK_cnt[bucket]; i++)
541*08b48e0bSAndroid Build Coastguard Worker if (TRK[bucket][i].ptr)
542*08b48e0bSAndroid Build Coastguard Worker WARNF("ALLOC: Memory never freed, created in %s (%s:%u)",
543*08b48e0bSAndroid Build Coastguard Worker TRK[bucket][i].func, TRK[bucket][i].file, TRK[bucket][i].line);
544*08b48e0bSAndroid Build Coastguard Worker
545*08b48e0bSAndroid Build Coastguard Worker }
546*08b48e0bSAndroid Build Coastguard Worker
547*08b48e0bSAndroid Build Coastguard Worker /* Simple wrappers for non-debugging functions: */
548*08b48e0bSAndroid Build Coastguard Worker
TRK_ck_alloc(u32 size,const char * file,const char * func,u32 line)549*08b48e0bSAndroid Build Coastguard Worker static inline void *TRK_ck_alloc(u32 size, const char *file, const char *func,
550*08b48e0bSAndroid Build Coastguard Worker u32 line) {
551*08b48e0bSAndroid Build Coastguard Worker
552*08b48e0bSAndroid Build Coastguard Worker void *ret = DFL_ck_alloc(size);
553*08b48e0bSAndroid Build Coastguard Worker TRK_alloc_buf(ret, file, func, line);
554*08b48e0bSAndroid Build Coastguard Worker return ret;
555*08b48e0bSAndroid Build Coastguard Worker
556*08b48e0bSAndroid Build Coastguard Worker }
557*08b48e0bSAndroid Build Coastguard Worker
TRK_ck_realloc(void * orig,u32 size,const char * file,const char * func,u32 line)558*08b48e0bSAndroid Build Coastguard Worker static inline void *TRK_ck_realloc(void *orig, u32 size, const char *file,
559*08b48e0bSAndroid Build Coastguard Worker const char *func, u32 line) {
560*08b48e0bSAndroid Build Coastguard Worker
561*08b48e0bSAndroid Build Coastguard Worker void *ret = DFL_ck_realloc(orig, size);
562*08b48e0bSAndroid Build Coastguard Worker TRK_free_buf(orig, file, func, line);
563*08b48e0bSAndroid Build Coastguard Worker TRK_alloc_buf(ret, file, func, line);
564*08b48e0bSAndroid Build Coastguard Worker return ret;
565*08b48e0bSAndroid Build Coastguard Worker
566*08b48e0bSAndroid Build Coastguard Worker }
567*08b48e0bSAndroid Build Coastguard Worker
TRK_ck_strdup(u8 * str,const char * file,const char * func,u32 line)568*08b48e0bSAndroid Build Coastguard Worker static inline void *TRK_ck_strdup(u8 *str, const char *file, const char *func,
569*08b48e0bSAndroid Build Coastguard Worker u32 line) {
570*08b48e0bSAndroid Build Coastguard Worker
571*08b48e0bSAndroid Build Coastguard Worker void *ret = DFL_ck_strdup(str);
572*08b48e0bSAndroid Build Coastguard Worker TRK_alloc_buf(ret, file, func, line);
573*08b48e0bSAndroid Build Coastguard Worker return ret;
574*08b48e0bSAndroid Build Coastguard Worker
575*08b48e0bSAndroid Build Coastguard Worker }
576*08b48e0bSAndroid Build Coastguard Worker
TRK_ck_free(void * ptr,const char * file,const char * func,u32 line)577*08b48e0bSAndroid Build Coastguard Worker static inline void TRK_ck_free(void *ptr, const char *file, const char *func,
578*08b48e0bSAndroid Build Coastguard Worker u32 line) {
579*08b48e0bSAndroid Build Coastguard Worker
580*08b48e0bSAndroid Build Coastguard Worker TRK_free_buf(ptr, file, func, line);
581*08b48e0bSAndroid Build Coastguard Worker DFL_ck_free(ptr);
582*08b48e0bSAndroid Build Coastguard Worker
583*08b48e0bSAndroid Build Coastguard Worker }
584*08b48e0bSAndroid Build Coastguard Worker
585*08b48e0bSAndroid Build Coastguard Worker /* Aliasing user-facing names to tracking functions: */
586*08b48e0bSAndroid Build Coastguard Worker
587*08b48e0bSAndroid Build Coastguard Worker #define ck_alloc(_p1) TRK_ck_alloc(_p1, __FILE__, __FUNCTION__, __LINE__)
588*08b48e0bSAndroid Build Coastguard Worker
589*08b48e0bSAndroid Build Coastguard Worker #define ck_alloc_nozero(_p1) \
590*08b48e0bSAndroid Build Coastguard Worker TRK_ck_alloc(_p1, __FILE__, __FUNCTION__, __LINE__)
591*08b48e0bSAndroid Build Coastguard Worker
592*08b48e0bSAndroid Build Coastguard Worker #define ck_realloc(_p1, _p2) \
593*08b48e0bSAndroid Build Coastguard Worker TRK_ck_realloc(_p1, _p2, __FILE__, __FUNCTION__, __LINE__)
594*08b48e0bSAndroid Build Coastguard Worker
595*08b48e0bSAndroid Build Coastguard Worker #define ck_strdup(_p1) TRK_ck_strdup(_p1, __FILE__, __FUNCTION__, __LINE__)
596*08b48e0bSAndroid Build Coastguard Worker
597*08b48e0bSAndroid Build Coastguard Worker #define ck_free(_p1) TRK_ck_free(_p1, __FILE__, __FUNCTION__, __LINE__)
598*08b48e0bSAndroid Build Coastguard Worker
599*08b48e0bSAndroid Build Coastguard Worker #endif /* ^!DEBUG_BUILD */
600*08b48e0bSAndroid Build Coastguard Worker
601*08b48e0bSAndroid Build Coastguard Worker #endif /* _WANT_ORIGINAL_AFL_ALLOC */
602*08b48e0bSAndroid Build Coastguard Worker
603*08b48e0bSAndroid Build Coastguard Worker /* This function calculates the next power of 2 greater or equal its argument.
604*08b48e0bSAndroid Build Coastguard Worker @return The rounded up power of 2 (if no overflow) or 0 on overflow.
605*08b48e0bSAndroid Build Coastguard Worker */
next_pow2(size_t in)606*08b48e0bSAndroid Build Coastguard Worker static inline size_t next_pow2(size_t in) {
607*08b48e0bSAndroid Build Coastguard Worker
608*08b48e0bSAndroid Build Coastguard Worker // Commented this out as this behavior doesn't change, according to unittests
609*08b48e0bSAndroid Build Coastguard Worker // if (in == 0 || in > (size_t)-1) {
610*08b48e0bSAndroid Build Coastguard Worker
611*08b48e0bSAndroid Build Coastguard Worker //
612*08b48e0bSAndroid Build Coastguard Worker // return 0; /* avoid undefined behaviour under-/overflow
613*08b48e0bSAndroid Build Coastguard Worker // */
614*08b48e0bSAndroid Build Coastguard Worker //
615*08b48e0bSAndroid Build Coastguard Worker // }
616*08b48e0bSAndroid Build Coastguard Worker
617*08b48e0bSAndroid Build Coastguard Worker size_t out = in - 1;
618*08b48e0bSAndroid Build Coastguard Worker out |= out >> 1;
619*08b48e0bSAndroid Build Coastguard Worker out |= out >> 2;
620*08b48e0bSAndroid Build Coastguard Worker out |= out >> 4;
621*08b48e0bSAndroid Build Coastguard Worker out |= out >> 8;
622*08b48e0bSAndroid Build Coastguard Worker out |= out >> 16;
623*08b48e0bSAndroid Build Coastguard Worker return out + 1;
624*08b48e0bSAndroid Build Coastguard Worker
625*08b48e0bSAndroid Build Coastguard Worker }
626*08b48e0bSAndroid Build Coastguard Worker
627*08b48e0bSAndroid Build Coastguard Worker /* AFL alloc buffer, the struct is here so we don't need to do fancy ptr
628*08b48e0bSAndroid Build Coastguard Worker * arithmetics */
629*08b48e0bSAndroid Build Coastguard Worker struct afl_alloc_buf {
630*08b48e0bSAndroid Build Coastguard Worker
631*08b48e0bSAndroid Build Coastguard Worker /* The complete allocated size, including the header of len
632*08b48e0bSAndroid Build Coastguard Worker * AFL_ALLOC_SIZE_OFFSET */
633*08b48e0bSAndroid Build Coastguard Worker size_t complete_size;
634*08b48e0bSAndroid Build Coastguard Worker /* ptr to the first element of the actual buffer */
635*08b48e0bSAndroid Build Coastguard Worker u8 buf[0];
636*08b48e0bSAndroid Build Coastguard Worker
637*08b48e0bSAndroid Build Coastguard Worker };
638*08b48e0bSAndroid Build Coastguard Worker
639*08b48e0bSAndroid Build Coastguard Worker #define AFL_ALLOC_SIZE_OFFSET (offsetof(struct afl_alloc_buf, buf))
640*08b48e0bSAndroid Build Coastguard Worker
641*08b48e0bSAndroid Build Coastguard Worker /* Returns the container element to this ptr */
afl_alloc_bufptr(void * buf)642*08b48e0bSAndroid Build Coastguard Worker static inline struct afl_alloc_buf *afl_alloc_bufptr(void *buf) {
643*08b48e0bSAndroid Build Coastguard Worker
644*08b48e0bSAndroid Build Coastguard Worker return (struct afl_alloc_buf *)((u8 *)buf - AFL_ALLOC_SIZE_OFFSET);
645*08b48e0bSAndroid Build Coastguard Worker
646*08b48e0bSAndroid Build Coastguard Worker }
647*08b48e0bSAndroid Build Coastguard Worker
648*08b48e0bSAndroid Build Coastguard Worker /* Gets the maximum size of the buf contents (ptr->complete_size -
649*08b48e0bSAndroid Build Coastguard Worker * AFL_ALLOC_SIZE_OFFSET) */
afl_alloc_bufsize(void * buf)650*08b48e0bSAndroid Build Coastguard Worker static inline size_t afl_alloc_bufsize(void *buf) {
651*08b48e0bSAndroid Build Coastguard Worker
652*08b48e0bSAndroid Build Coastguard Worker return afl_alloc_bufptr(buf)->complete_size - AFL_ALLOC_SIZE_OFFSET;
653*08b48e0bSAndroid Build Coastguard Worker
654*08b48e0bSAndroid Build Coastguard Worker }
655*08b48e0bSAndroid Build Coastguard Worker
656*08b48e0bSAndroid Build Coastguard Worker /* This function makes sure *size is > size_needed after call.
657*08b48e0bSAndroid Build Coastguard Worker It will realloc *buf otherwise.
658*08b48e0bSAndroid Build Coastguard Worker *size will grow exponentially as per:
659*08b48e0bSAndroid Build Coastguard Worker https://blog.mozilla.org/nnethercote/2014/11/04/please-grow-your-buffers-exponentially/
660*08b48e0bSAndroid Build Coastguard Worker Will return NULL and free *buf if size_needed is <1 or realloc failed.
661*08b48e0bSAndroid Build Coastguard Worker @return For convenience, this function returns *buf.
662*08b48e0bSAndroid Build Coastguard Worker */
afl_realloc(void ** buf,size_t size_needed)663*08b48e0bSAndroid Build Coastguard Worker static inline void *afl_realloc(void **buf, size_t size_needed) {
664*08b48e0bSAndroid Build Coastguard Worker
665*08b48e0bSAndroid Build Coastguard Worker struct afl_alloc_buf *new_buf = NULL;
666*08b48e0bSAndroid Build Coastguard Worker
667*08b48e0bSAndroid Build Coastguard Worker size_t current_size = 0;
668*08b48e0bSAndroid Build Coastguard Worker size_t next_size = 0;
669*08b48e0bSAndroid Build Coastguard Worker
670*08b48e0bSAndroid Build Coastguard Worker if (likely(*buf)) {
671*08b48e0bSAndroid Build Coastguard Worker
672*08b48e0bSAndroid Build Coastguard Worker /* the size is always stored at buf - 1*size_t */
673*08b48e0bSAndroid Build Coastguard Worker new_buf = (struct afl_alloc_buf *)afl_alloc_bufptr(*buf);
674*08b48e0bSAndroid Build Coastguard Worker current_size = new_buf->complete_size;
675*08b48e0bSAndroid Build Coastguard Worker
676*08b48e0bSAndroid Build Coastguard Worker }
677*08b48e0bSAndroid Build Coastguard Worker
678*08b48e0bSAndroid Build Coastguard Worker size_needed += AFL_ALLOC_SIZE_OFFSET;
679*08b48e0bSAndroid Build Coastguard Worker
680*08b48e0bSAndroid Build Coastguard Worker /* No need to realloc */
681*08b48e0bSAndroid Build Coastguard Worker if (likely(current_size >= size_needed)) { return *buf; }
682*08b48e0bSAndroid Build Coastguard Worker
683*08b48e0bSAndroid Build Coastguard Worker /* No initial size was set */
684*08b48e0bSAndroid Build Coastguard Worker if (size_needed < INITIAL_GROWTH_SIZE) {
685*08b48e0bSAndroid Build Coastguard Worker
686*08b48e0bSAndroid Build Coastguard Worker next_size = INITIAL_GROWTH_SIZE;
687*08b48e0bSAndroid Build Coastguard Worker
688*08b48e0bSAndroid Build Coastguard Worker } else {
689*08b48e0bSAndroid Build Coastguard Worker
690*08b48e0bSAndroid Build Coastguard Worker /* grow exponentially */
691*08b48e0bSAndroid Build Coastguard Worker next_size = next_pow2(size_needed);
692*08b48e0bSAndroid Build Coastguard Worker
693*08b48e0bSAndroid Build Coastguard Worker /* handle overflow: fall back to the original size_needed */
694*08b48e0bSAndroid Build Coastguard Worker if (unlikely(!next_size)) { next_size = size_needed; }
695*08b48e0bSAndroid Build Coastguard Worker
696*08b48e0bSAndroid Build Coastguard Worker }
697*08b48e0bSAndroid Build Coastguard Worker
698*08b48e0bSAndroid Build Coastguard Worker /* alloc */
699*08b48e0bSAndroid Build Coastguard Worker struct afl_alloc_buf *newer_buf =
700*08b48e0bSAndroid Build Coastguard Worker (struct afl_alloc_buf *)realloc(new_buf, next_size);
701*08b48e0bSAndroid Build Coastguard Worker if (unlikely(!newer_buf)) {
702*08b48e0bSAndroid Build Coastguard Worker
703*08b48e0bSAndroid Build Coastguard Worker free(new_buf); // avoid a leak
704*08b48e0bSAndroid Build Coastguard Worker *buf = NULL;
705*08b48e0bSAndroid Build Coastguard Worker return NULL;
706*08b48e0bSAndroid Build Coastguard Worker
707*08b48e0bSAndroid Build Coastguard Worker }
708*08b48e0bSAndroid Build Coastguard Worker
709*08b48e0bSAndroid Build Coastguard Worker new_buf = newer_buf;
710*08b48e0bSAndroid Build Coastguard Worker memset(((u8 *)new_buf) + current_size, 0, next_size - current_size);
711*08b48e0bSAndroid Build Coastguard Worker
712*08b48e0bSAndroid Build Coastguard Worker new_buf->complete_size = next_size;
713*08b48e0bSAndroid Build Coastguard Worker *buf = (void *)(new_buf->buf);
714*08b48e0bSAndroid Build Coastguard Worker return *buf;
715*08b48e0bSAndroid Build Coastguard Worker
716*08b48e0bSAndroid Build Coastguard Worker }
717*08b48e0bSAndroid Build Coastguard Worker
718*08b48e0bSAndroid Build Coastguard Worker /* afl_realloc_exact uses afl alloc buffers but sets it to a specific size */
719*08b48e0bSAndroid Build Coastguard Worker
afl_realloc_exact(void ** buf,size_t size_needed)720*08b48e0bSAndroid Build Coastguard Worker static inline void *afl_realloc_exact(void **buf, size_t size_needed) {
721*08b48e0bSAndroid Build Coastguard Worker
722*08b48e0bSAndroid Build Coastguard Worker struct afl_alloc_buf *new_buf = NULL;
723*08b48e0bSAndroid Build Coastguard Worker
724*08b48e0bSAndroid Build Coastguard Worker size_t current_size = 0;
725*08b48e0bSAndroid Build Coastguard Worker
726*08b48e0bSAndroid Build Coastguard Worker if (likely(*buf)) {
727*08b48e0bSAndroid Build Coastguard Worker
728*08b48e0bSAndroid Build Coastguard Worker /* the size is always stored at buf - 1*size_t */
729*08b48e0bSAndroid Build Coastguard Worker new_buf = (struct afl_alloc_buf *)afl_alloc_bufptr(*buf);
730*08b48e0bSAndroid Build Coastguard Worker current_size = new_buf->complete_size;
731*08b48e0bSAndroid Build Coastguard Worker
732*08b48e0bSAndroid Build Coastguard Worker }
733*08b48e0bSAndroid Build Coastguard Worker
734*08b48e0bSAndroid Build Coastguard Worker size_needed += AFL_ALLOC_SIZE_OFFSET;
735*08b48e0bSAndroid Build Coastguard Worker
736*08b48e0bSAndroid Build Coastguard Worker /* No need to realloc */
737*08b48e0bSAndroid Build Coastguard Worker if (unlikely(current_size == size_needed)) { return *buf; }
738*08b48e0bSAndroid Build Coastguard Worker
739*08b48e0bSAndroid Build Coastguard Worker /* alloc */
740*08b48e0bSAndroid Build Coastguard Worker struct afl_alloc_buf *newer_buf =
741*08b48e0bSAndroid Build Coastguard Worker (struct afl_alloc_buf *)realloc(new_buf, size_needed);
742*08b48e0bSAndroid Build Coastguard Worker if (unlikely(!newer_buf)) {
743*08b48e0bSAndroid Build Coastguard Worker
744*08b48e0bSAndroid Build Coastguard Worker free(new_buf); // avoid a leak
745*08b48e0bSAndroid Build Coastguard Worker *buf = NULL;
746*08b48e0bSAndroid Build Coastguard Worker return NULL;
747*08b48e0bSAndroid Build Coastguard Worker
748*08b48e0bSAndroid Build Coastguard Worker } else {
749*08b48e0bSAndroid Build Coastguard Worker
750*08b48e0bSAndroid Build Coastguard Worker new_buf = newer_buf;
751*08b48e0bSAndroid Build Coastguard Worker
752*08b48e0bSAndroid Build Coastguard Worker }
753*08b48e0bSAndroid Build Coastguard Worker
754*08b48e0bSAndroid Build Coastguard Worker new_buf->complete_size = size_needed;
755*08b48e0bSAndroid Build Coastguard Worker *buf = (void *)(new_buf->buf);
756*08b48e0bSAndroid Build Coastguard Worker return *buf;
757*08b48e0bSAndroid Build Coastguard Worker
758*08b48e0bSAndroid Build Coastguard Worker }
759*08b48e0bSAndroid Build Coastguard Worker
afl_free(void * buf)760*08b48e0bSAndroid Build Coastguard Worker static inline void afl_free(void *buf) {
761*08b48e0bSAndroid Build Coastguard Worker
762*08b48e0bSAndroid Build Coastguard Worker if (buf) { free(afl_alloc_bufptr(buf)); }
763*08b48e0bSAndroid Build Coastguard Worker
764*08b48e0bSAndroid Build Coastguard Worker }
765*08b48e0bSAndroid Build Coastguard Worker
766*08b48e0bSAndroid Build Coastguard Worker /* Swaps buf1 ptr and buf2 ptr, as well as their sizes */
afl_swap_bufs(void ** buf1,void ** buf2)767*08b48e0bSAndroid Build Coastguard Worker static inline void afl_swap_bufs(void **buf1, void **buf2) {
768*08b48e0bSAndroid Build Coastguard Worker
769*08b48e0bSAndroid Build Coastguard Worker void *scratch_buf = *buf1;
770*08b48e0bSAndroid Build Coastguard Worker *buf1 = *buf2;
771*08b48e0bSAndroid Build Coastguard Worker *buf2 = scratch_buf;
772*08b48e0bSAndroid Build Coastguard Worker
773*08b48e0bSAndroid Build Coastguard Worker }
774*08b48e0bSAndroid Build Coastguard Worker
775*08b48e0bSAndroid Build Coastguard Worker #undef INITIAL_GROWTH_SIZE
776*08b48e0bSAndroid Build Coastguard Worker
777*08b48e0bSAndroid Build Coastguard Worker #endif /* ! _HAVE_ALLOC_INL_H */
778*08b48e0bSAndroid Build Coastguard Worker
779