[PATCH wayland v2 2/4] wl_array: Set data to invalid address after free

Eric Engestrom eric.engestrom at imgtec.com
Wed Sep 28 10:30:52 UTC 2016


On Tue, Sep 27, 2016 at 01:03:48PM -0500, Yong Bakos wrote:
> From: Yong Bakos <ybakos at humanoriented.com>
> 
> Explicitly set the data member to an invalid memory address during
> wl_array_release, such that re-using a freed wl_array without re-initializing
> causes a crash. In addition, this pointer assignment makes wl_array_release
> testable.
> 
> Define a constant for the invalid memory address, and add documentation about
> this behavior, starting at libwayland version 1.13.

I actually did a similar thing in our internal codebase recently
(although my focus was catching double-free).
I used a small stack var as a sentinel, and set freed vars to its
address with an assert first to make sure it wasn't already that.

My implementation translated here would be roughly:

in src/wayland-private.h:
	#ifndef NDEBUG
	  extern char wl_array_sentinel;
	# define WL_ARRAY_POISON_PTR ((void*) &wl_array_sentinel)
	#else
	# define WL_ARRAY_POISON_PTR NULL
	#endif

in src/wayland-util.c:
	#ifndef NDEBUG
	char wl_array_sentinel;
	#endif

in wl_array_release(), before `free(array->data)`:
	assert(array->data != WL_ARRAY_POISON_PTR);
(same could be added in `wl_array_{add,copy}()`)

The benefit of this is that you know the address isn't used by something
else, and a char should be cheap enough to not have any impact :)

Cheers,
  Eric


More information about the wayland-devel mailing list