svn commit: r1712718 - /serf/trunk/buckets/allocator.c

Wed, 04 Nov 2015 23:41:46 -0800 

Author: ivan
Date: Thu Nov  5 07:40:58 2015
New Revision: 1712718

URL: http://svn.apache.org/viewvc?rev=1712718&view=rev
Log:
Add another diagnostic macro SERF__DEBUG_USE_AFTER_FREE to detect usage of
bucket allocator after it destroyed by pool cleanup.

* buckets/allocator.c
  (SERF__DEBUG_USE_AFTER_FREE): New. Commented by default.
  (allocator_cleanup): Set ALLOCATOR->POOL to NULL if
   SERF__DEBUG_USE_AFTER_FREE is defined.
  (serf_bucket_mem_alloc, serf_bucket_mem_free): Abort if ALLOCATOR->POOL
   is NULL and SERF__DEBUG_USE_AFTER_FREE is defined.

Modified:
    serf/trunk/buckets/allocator.c

Modified: serf/trunk/buckets/allocator.c
URL: 
http://svn.apache.org/viewvc/serf/trunk/buckets/allocator.c?rev=1712718&r1=1712717&r2=1712718&view=diff
==============================================================================
--- serf/trunk/buckets/allocator.c (original)
+++ serf/trunk/buckets/allocator.c Thu Nov  5 07:40:58 2015
@@ -35,6 +35,11 @@
  * unfreed blocks on pool cleanup. */
 /* #define SERF__DEBUG_UNFREED_MEMORY */
 
+/* Define SERF__DEBUG_USE_AFTER_FREE if you're interested to prevent
+ * access bucket allocator after free.
+ * TODO: Should we do this by default? */
+/* #define SERF__DEBUG_USE_AFTER_FREE */
+
 typedef struct node_header_t {
     apr_size_t size;
     union {
@@ -151,6 +156,10 @@ static apr_status_t allocator_cleanup(vo
         apr_allocator_destroy(allocator->allocator);
     }
 
+#ifdef SERF__DEBUG_USE_AFTER_FREE
+    /* Set POOL to NULL to detect allocator usage after destroy. */
+    allocator->pool = NULL;
+#endif
     return APR_SUCCESS;
 }
 
@@ -214,6 +223,14 @@ void *serf_bucket_mem_alloc(
     node_header_t *node;
     void *block;
 
+#ifdef SERF__DEBUG_USE_AFTER_FREE
+    if (allocator->pool == NULL) {
+        /* Attempt to use bucket allocator after it destroyed by
+         * pool cleanup. */
+        abort();
+    }
+#endif
+
     ++allocator->num_alloc;
 
     size += SIZEOF_NODE_HEADER_T;
@@ -297,6 +314,13 @@ void serf_bucket_mem_free(
 {
     node_header_t *node;
 
+#ifdef SERF__DEBUG_USE_AFTER_FREE
+    if (allocator->pool == NULL) {
+        /* Attempt to use bucket allocator after it destroyed by
+         * pool cleanup. */
+        abort();
+    }
+#endif
     --allocator->num_alloc;
 
     node = (node_header_t *)((char *)block - SIZEOF_NODE_HEADER_T);

Reply via email to