tcmalloc: enable large object pointer offset check

Original CL: https://chromiumcodereview.appspot.com/10391178 1. Enable large object pointer offset check in release build. Following code will now cause a check error: char* p = reinterpret_cast<char*>(malloc(kMaxSize + 1)); free(p + 1); 2. Remove a duplicated error reporting function "DieFromBadFreePointer", can use "InvalidGetAllocatedSize". Reviewed-on: https://chromium-review.googlesource.com/1184335 [alkondratenko@gmail.com] removed some unrelated formatting changes Signed-off-by: Aliaksey Kandratsenka <alkondratenko@gmail.com>
2025-01-02 20:52:03 +00:00 · 2018-08-23 18:31:16 +00:00 · 2018-08-23 18:31:16 +00:00 · 4a923a6b36
commit 4a923a6b36
parent 4b3fc02082
2 changed files with 16 additions and 0 deletions
--- a/src/internal_logging.h
+++ b/src/internal_logging.h
@ -115,12 +115,21 @@ do {                                                                     \
  }                                                                      \
 } while (0)

+#define CHECK_CONDITION_PRINT(cond, str)                            \
+  do {                                                              \
+    if (!(cond)) {                                                  \
+      ::tcmalloc::Log(::tcmalloc::kCrash, __FILE__, __LINE__, str); \
+    }                                                               \
+  } while (0)
+
 // Our own version of assert() so we can avoid hanging by trying to do
 // all kinds of goofy printing while holding the malloc lock.
 #ifndef NDEBUG
 #define ASSERT(cond) CHECK_CONDITION(cond)
+#define ASSERT_PRINT(cond, str) CHECK_CONDITION_PRINT(cond, str)
 #else
 #define ASSERT(cond) ((void) 0)
+#define ASSERT_PRINT(cond, str) ((void)0)
 #endif

 // Print into buffer
--- a/src/tcmalloc.cc
+++ b/src/tcmalloc.cc
@ -1432,6 +1432,13 @@ inline void free_null_or_invalid(void* ptr, void (*invalid_free_fn)(void*)) {
 }

 static ATTRIBUTE_NOINLINE void do_free_pages(Span* span, void* ptr) {
+  // Check to see if the object is in use.
+  CHECK_CONDITION_PRINT(span->location == Span::IN_USE,
+                        "Object was not in-use");
+  CHECK_CONDITION_PRINT(
+      span->start << kPageShift == reinterpret_cast<uintptr_t>(ptr),
+      "Pointer is not pointing to the start of a span");
+
  SpinLockHolder h(Static::pageheap_lock());
  if (span->sample) {
    StackTrace* st = reinterpret_cast<StackTrace*>(span->objects);