[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7415) Add MALLOC_CHECK_ and MALLOC_PERTURB_ libc env to the test suite for detecting heap corruption
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7415) Add MALLOC_CHECK_ and MALLOC_PERTURB_ libc env to the test suite for detecting heap corruption
- From: masarati@aero.polimi.it
- Date: Thu, 11 Oct 2012 17:05:49 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
These vars can be set directly from the test environment, no need to
modify the test scripts.
p.
> Full_Name: Elia Pinto
> Version: 2.4 master
> OS: Linux FC12
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (2605:4400:1:781:216:3eff:fe31:f4d4)
>
>
>>From a8ff21429c29f1d2b6ef8f58ec84b7a9036cea73 Mon Sep 17 00:00:00 2001
> From: Elia Pinto <gitter.spiros@gmail.com>
> Date: Thu, 11 Oct 2012 17:49:06 +0200
> Subject: [PATCH] Add MALLOC_CHECK_ and MALLOC_PERTURB_ libc env to the
> test
> suite for detecting heap corruption
>
> Recent versions of Linux libc (later than 5.4.23) and glibc (2.x)
> include a malloc() implementation which is tunable via environment
> variables. When MALLOC_CHECK_ is set, a special (less efficient)
> implementation is used which is designed to be tolerant against
> simple errors, such as double calls of free() with the same argument,
> or overruns of a single byte (off-by-one bugs). When MALLOC_CHECK_
> is set to 3, a diagnostic message is printed on stderr
> and the program is aborted.
>
> Setting the MALLOC_PERTURB_ environment variable causes the malloc
> functions in libc to return memory which has been wiped and clear
> memory when it is returned.
> Of course this does not affect calloc which always does clear the memory.
>
> The reason for this exercise is, of course, to find code which uses
> memory returned by malloc without initializing it and code which uses
> code after it is freed. valgrind can do this but it's costly to run.
> The MALLOC_PERTURB_ exchanges the ability to detect problems in 100%
> of the cases with speed.
>
> The byte value used to initialize values returned by malloc is the byte
> value of the environment value. The value used to clear memory is the
> bitwise inverse. Setting MALLOC_PERTURB_ to zero disables the feature.
>
> This technique can find hard to detect bugs.
> It is therefore suggested to always use this flag (at least temporarily)
> when testing out code or a new distribution.
>
> Signed-off-by: Elia Pinto <gitter.spiros@gmail.com>
> ---
> tests/run.in | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/tests/run.in b/tests/run.in
> index 5e6178b..fe25d0c 100644
> --- a/tests/run.in
> +++ b/tests/run.in
> @@ -241,6 +241,11 @@ fi
>
> # disable LDAP initialization
> LDAPNOINIT=true; export LDAPNOINIT
> +# Add libc malloc_check and MALLOC_PERTURB test
> +MALLOC_CHECK_=3
> +export MALLOC_CHECK_
> +MALLOC_PERTURB_="$( expr \( $$ % 255 \) + 1)"
> +export MALLOC_PERTURB_
>
> echo "Running ${SCRIPT} for ${BACKEND}..."
> while [ $COUNTER -le $LOOP ]; do
> --
> 1.7.11.rc1
>
>
>
>
>
>
--
Pierangelo Masarati
Associate Professor
Dipartimento di Ingegneria Aerospaziale
Politecnico di Milano