mirror of
https://github.com/clearml/dropbear
synced 2025-05-04 12:11:56 +00:00
linked list dbmalloc now
add non-free m_malloc_free_epoch() argument for leak detection --HG-- branch : fuzz
This commit is contained in:
Matt Johnston
parent
b8fa712847
commit
65baa71b58
70
dbmalloc.c
70
dbmalloc.c
@ -1,14 +1,17 @@
|
|||||||
#include "dbmalloc.h"
|
#include "dbmalloc.h"
|
||||||
#include "dbutil.h"
|
#include "dbutil.h"
|
||||||
|
|
||||||
#define LIST_SIZE 1000
|
|
||||||
|
|
||||||
struct dbmalloc_header {
|
struct dbmalloc_header {
|
||||||
unsigned int index;
|
|
||||||
unsigned int epoch;
|
unsigned int epoch;
|
||||||
|
struct dbmalloc_header *prev;
|
||||||
|
struct dbmalloc_header *next;
|
||||||
};
|
};
|
||||||
|
|
||||||
static struct dbmalloc_header* dbmalloc_list[LIST_SIZE];
|
static void put_alloc(struct dbmalloc_header *header);
|
||||||
|
static void remove_alloc(struct dbmalloc_header *header);
|
||||||
|
|
||||||
|
/* end of the linked list */
|
||||||
|
static struct dbmalloc_header* staple;
|
||||||
|
|
||||||
unsigned int current_epoch = 0;
|
unsigned int current_epoch = 0;
|
||||||
|
|
||||||
@ -16,39 +19,50 @@ void m_malloc_set_epoch(unsigned int epoch) {
|
|||||||
current_epoch = epoch;
|
current_epoch = epoch;
|
||||||
}
|
}
|
||||||
|
|
||||||
void m_malloc_free_epoch(unsigned int epoch) {
|
void m_malloc_free_epoch(unsigned int epoch, int dofree) {
|
||||||
unsigned int i;
|
struct dbmalloc_header* header;
|
||||||
unsigned int freed = 0;
|
struct dbmalloc_header* nextheader = NULL;
|
||||||
for (i = 0; i < LIST_SIZE; i++) {
|
struct dbmalloc_header* oldstaple = staple;
|
||||||
if (dbmalloc_list[i] != NULL) {
|
staple = NULL;
|
||||||
assert(dbmalloc_list[i]->index == i);
|
/* free allocations from this epoch, create a new staple-anchored list from
|
||||||
if (dbmalloc_list[i]->epoch == epoch) {
|
the remainder */
|
||||||
free(dbmalloc_list[i]);
|
for (header = oldstaple; header; header = nextheader)
|
||||||
dbmalloc_list[i] = NULL;
|
{
|
||||||
freed++;
|
nextheader = header->next;
|
||||||
|
if (header->epoch == epoch) {
|
||||||
|
if (dofree) {
|
||||||
|
free(header);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
header->prev = NULL;
|
||||||
|
header->next = NULL;
|
||||||
|
put_alloc(header);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
TRACE(("free_epoch freed %d", freed))
|
|
||||||
}
|
|
||||||
|
|
||||||
static void put_alloc(struct dbmalloc_header *header) {
|
static void put_alloc(struct dbmalloc_header *header) {
|
||||||
unsigned int i;
|
assert(header->next == NULL);
|
||||||
for (i = 0; i < LIST_SIZE; i++) {
|
assert(header->prev == NULL);
|
||||||
if (dbmalloc_list[i] == NULL) {
|
if (staple) {
|
||||||
dbmalloc_list[i] = header;
|
staple->prev = header;
|
||||||
header->index = i;
|
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
}
|
header->next = staple;
|
||||||
dropbear_exit("ran out of dbmalloc entries");
|
staple = header;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void remove_alloc(struct dbmalloc_header *header) {
|
static void remove_alloc(struct dbmalloc_header *header) {
|
||||||
assert(header->index < LIST_SIZE);
|
if (header->prev) {
|
||||||
assert(dbmalloc_list[header->index] == header);
|
header->prev->next = header->next;
|
||||||
assert(header->epoch == current_epoch);
|
}
|
||||||
dbmalloc_list[header->index] = NULL;
|
if (header->next) {
|
||||||
|
header->next->prev = header->prev;
|
||||||
|
}
|
||||||
|
if (staple == header) {
|
||||||
|
staple = header->next;
|
||||||
|
}
|
||||||
|
header->prev = NULL;
|
||||||
|
header->next = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct dbmalloc_header* get_header(void* ptr) {
|
static struct dbmalloc_header* get_header(void* ptr) {
|
||||||
|
|||||||
@ -11,6 +11,6 @@ void m_free_direct(void* ptr);
|
|||||||
#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0)
|
#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0)
|
||||||
|
|
||||||
void m_malloc_set_epoch(unsigned int epoch);
|
void m_malloc_set_epoch(unsigned int epoch);
|
||||||
void m_malloc_free_epoch(unsigned int epoch);
|
void m_malloc_free_epoch(unsigned int epoch, int dofree);
|
||||||
|
|
||||||
#endif /* DBMALLOC_H_ */
|
#endif /* DBMALLOC_H_ */
|
||||||
|
|||||||
@ -42,8 +42,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
|
|||||||
m_malloc_set_epoch(1);
|
m_malloc_set_epoch(1);
|
||||||
if (setjmp(fuzz.jmp) == 0) {
|
if (setjmp(fuzz.jmp) == 0) {
|
||||||
svr_session(fakesock, fakesock);
|
svr_session(fakesock, fakesock);
|
||||||
|
m_malloc_free_epoch(1, 0);
|
||||||
} else {
|
} else {
|
||||||
m_malloc_free_epoch(1);
|
m_malloc_free_epoch(1, 1);
|
||||||
TRACE(("dropbear_exit longjmped"))
|
TRACE(("dropbear_exit longjmped"))
|
||||||
// dropbear_exit jumped here
|
// dropbear_exit jumped here
|
||||||
}
|
}
|
||||||
|
|||||||
@ -33,8 +33,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
|
|||||||
fuzz_checkpubkey_line(fuzz.input, 5, "/home/me/authorized_keys",
|
fuzz_checkpubkey_line(fuzz.input, 5, "/home/me/authorized_keys",
|
||||||
algoname, strlen(algoname),
|
algoname, strlen(algoname),
|
||||||
keyblob, strlen(keyblob));
|
keyblob, strlen(keyblob));
|
||||||
|
m_malloc_free_epoch(1, 0);
|
||||||
} else {
|
} else {
|
||||||
m_malloc_free_epoch(1);
|
m_malloc_free_epoch(1, 1);
|
||||||
TRACE(("dropbear_exit longjmped"))
|
TRACE(("dropbear_exit longjmped"))
|
||||||
// dropbear_exit jumped here
|
// dropbear_exit jumped here
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user