[PATCH wayland v2 2/4] wl_array: Set data to invalid address after free
Eric Engestrom
eric.engestrom at imgtec.com
Wed Sep 28 10:30:52 UTC 2016
On Tue, Sep 27, 2016 at 01:03:48PM -0500, Yong Bakos wrote:
> From: Yong Bakos <ybakos at humanoriented.com>
>
> Explicitly set the data member to an invalid memory address during
> wl_array_release, such that re-using a freed wl_array without re-initializing
> causes a crash. In addition, this pointer assignment makes wl_array_release
> testable.
>
> Define a constant for the invalid memory address, and add documentation about
> this behavior, starting at libwayland version 1.13.
I actually did a similar thing in our internal codebase recently
(although my focus was catching double-free).
I used a small stack var as a sentinel, and set freed vars to its
address with an assert first to make sure it wasn't already that.
My implementation translated here would be roughly:
in src/wayland-private.h:
#ifndef NDEBUG
extern char wl_array_sentinel;
# define WL_ARRAY_POISON_PTR ((void*) &wl_array_sentinel)
#else
# define WL_ARRAY_POISON_PTR NULL
#endif
in src/wayland-util.c:
#ifndef NDEBUG
char wl_array_sentinel;
#endif
in wl_array_release(), before `free(array->data)`:
assert(array->data != WL_ARRAY_POISON_PTR);
(same could be added in `wl_array_{add,copy}()`)
The benefit of this is that you know the address isn't used by something
else, and a char should be cheap enough to not have any impact :)
Cheers,
Eric
More information about the wayland-devel
mailing list