[Valgrind-users] [PATCH] Improve errors for use-after-free on memory pools

[Matthias Schwarzott]

Hi there!

Currently the valgrind-message for use-after-free for a memory pool 
consists of the execution callstack and the callstack, where the 
superblock was allocated. To better diagnose it I wanted to get also the 
callstack of the place where MEMPOOL_FREE was called.

The attached patch uses the new fields added for use-after-free messages 
that show two callstacks.
It is just a proof of concept.
How could it be improved?

Regards
Matthias

--- a/memcheck/mc_errors.c
+++ b/memcheck/mc_errors.c
@@ -346,7 +346,15 @@ static void mc_pp_AddrInfo ( Addr a, AddrInfo* ai, Bool maybe_gcc )
          );
          if (ai->Addr.Block.block_kind==Block_Mallocd) {
             VG_(pp_ExeContext)(ai->Addr.Block.allocated_at);
-            tl_assert (ai->Addr.Block.freed_at == VG_(null_ExeContext)());
+            if (ai->Addr.Block.freed_at != VG_(null_ExeContext)()) {
+               emit(
+                  "%s block was re-alloced at%s\n",
+                  xpre,
+                  xpost
+               );
+               VG_(pp_ExeContext)(ai->Addr.Block.freed_at);
+            }
+            //tl_assert (ai->Addr.Block.freed_at == VG_(null_ExeContext)());
          }
          else if (ai->Addr.Block.block_kind==Block_Freed) {
             VG_(pp_ExeContext)(ai->Addr.Block.freed_at);
@@ -1183,6 +1191,7 @@ static Bool mempool_block_maybe_describe( Addr a, AddrInfo* ai );
 static void describe_addr ( Addr a, /*OUT*/AddrInfo* ai )
 {
    MC_Chunk*  mc;
+   MC_Chunk*  mc_freed;
    ThreadId   tid;
    Addr       stack_min, stack_max;
    VgSectKind sect;
@@ -1211,7 +1220,8 @@ static void describe_addr ( Addr a, /*OUT*/AddrInfo* ai )
       if (addr_is_in_MC_Chunk_default_REDZONE_SZB(mc, a)) {
          ai->tag = Addr_Block;
          ai->Addr.Block.block_kind = Block_Mallocd;
-         if (MC_(get_freed_block_bracketting)( a ))
+         mc_freed = MC_(get_freed_block_bracketting)( a );
+         if (mc_freed)
             ai->Addr.Block.block_desc = "recently re-allocated block";
          else
             ai->Addr.Block.block_desc = "block";
@@ -1219,6 +1229,10 @@ static void describe_addr ( Addr a, /*OUT*/AddrInfo* ai )
          ai->Addr.Block.rwoffset   = (Word)a - (Word)mc->data;
          ai->Addr.Block.allocated_at = MC_(allocated_at)(mc);
          ai->Addr.Block.freed_at = MC_(freed_at)(mc);
+         if (mc_freed && ai->Addr.Block.freed_at == VG_(null_ExeContext)())
+         {
+            ai->Addr.Block.freed_at = MC_(freed_at)(mc_freed);
+         }
          return;
       }
    }
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb_______________________________________________
Valgrind-users mailing list
Valgrind-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/valgrind-users