Er, here it is without the screwed up whitespace (whoops):
diff --git a/stdlib/malloc.c b/stdlib/malloc.c
index 424dd77..7c33a7a 100644
--- a/stdlib/malloc.c
+++ b/stdlib/malloc.c
@@ -182,6 +182,7 @@ struct malloc_readonly {
int malloc_freeunmap; /* mprotect free pages PROT_NONE? */
int malloc_hint; /* call madvice on free pages? */
int malloc_junk; /* junk fill? */
+ int malloc_validate; /* validate junk */
int malloc_move; /* move allocations to end of page? */
int malloc_realloc; /* always realloc? */
int malloc_xmalloc; /* xmalloc behaviour? */
@@ -560,6 +561,12 @@ omalloc_init(struct dir_info **dp)
case 'J':
mopts.malloc_junk = 2;
break;
+ case 'v':
+ mopts.malloc_validate = 0;
+ break;
+ case 'V':
+ mopts.malloc_validate = 1;
+ break;
case 'n':
case 'N':
break;
@@ -1253,6 +1260,17 @@ ofree(void *p)
wrterror("double free", p);
return;
}
+ if (mopts.malloc_junk && mopts.malloc_validate && p !=
NULL) {
+ size_t byte;
+ r = find(pool, p);
+ REALSIZE(sz, r);
+ for (byte = 0; byte < sz; byte++) {
+ if (((char *)p)[byte] != SOME_FREEJUNK)
{
+ wrterror("use after free", p);
+ return;
+ }
+ }
+ }
pool->delayed_chunks[i] = tmp;
}
if (p != NULL) {
--
2.6.2
