/* Standard debugging hooks for `malloc'.

   Copyright (C) 1990-2018 Free Software Foundation, Inc.

   This file is part of the GNU C Library.

   Written May 1989 by Mike Haertel.

   The GNU C Library is free software; you can redistribute it and/or

   modify it under the terms of the GNU Lesser General Public

   License as published by the Free Software Foundation; either

   version 2.1 of the License, or (at your option) any later version.

   The GNU C Library is distributed in the hope that it will be useful,

   but WITHOUT ANY WARRANTY; without even the implied warranty of

   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public

   License along with the GNU C Library; if not, see

   <http://www.gnu.org/licenses/>.  */

#ifndef _MALLOC_INTERNAL

# define _MALLOC_INTERNAL

# include <malloc.h>

# include <mcheck.h>

# include <stdint.h>

# include <stdio.h>

# include <libintl.h>

# include <errno.h>

#endif

/* Old hook values.  */

static void (*old_free_hook)(void *ptr, const void *);

static void *(*old_malloc_hook) (size_t size, const void *);

static void *(*old_memalign_hook) (size_t alignment, size_t size,

				   const void *);

static void *(*old_realloc_hook) (void *ptr, size_t size,

				  const void *);

/* Function to call when something awful happens.  */

static void (*abortfunc) (enum mcheck_status);

/* Arbitrary magical numbers.  */

#define MAGICWORD       0xfedabeeb

#define MAGICFREE       0xd8675309

#define MAGICBYTE       ((char) 0xd7)

#define MALLOCFLOOD     ((char) 0x93)

#define FREEFLOOD       ((char) 0x95)

struct hdr

{

  size_t size;                  /* Exact size requested by user.  */

  unsigned long int magic;      /* Magic number to check header integrity.  */

  struct hdr *prev;

  struct hdr *next;

  void *block;                  /* Real block allocated, for memalign.  */

  unsigned long int magic2;     /* Extra, keeps us doubleword aligned.  */

};

/* This is the beginning of the list of all memory blocks allocated.

   It is only constructed if the pedantic testing is requested.  */

static struct hdr *root;

static int mcheck_used;

/* Nonzero if pedentic checking of all blocks is requested.  */

static int pedantic;

#if defined _LIBC || defined STDC_HEADERS || defined USG

# include <string.h>

# define flood memset

#else

static void flood (void *, int, size_t);

static void

flood (void *ptr, int val, size_t size)

{

  char *cp = ptr;

  while (size--)

    *cp++ = val;

}

#endif

static enum mcheck_status

checkhdr (const struct hdr *hdr)

{

  enum mcheck_status status;

  if (!mcheck_used)

    /* Maybe the mcheck used is disabled?  This happens when we find

       an error and report it.  */

    return MCHECK_OK;

  switch (hdr->magic ^ ((uintptr_t) hdr->prev + (uintptr_t) hdr->next))

    {

    default:

      status = MCHECK_HEAD;

      break;

    case MAGICFREE:

      status = MCHECK_FREE;

      break;

    case MAGICWORD:

      if (((char *) &hdr[1])[hdr->size] != MAGICBYTE)

        status = MCHECK_TAIL;

      else if ((hdr->magic2 ^ (uintptr_t) hdr->block) != MAGICWORD)

        status = MCHECK_HEAD;

      else

        status = MCHECK_OK;

      break;

    }

  if (status != MCHECK_OK)

    {

      mcheck_used = 0;

      (*abortfunc) (status);

      mcheck_used = 1;

    }

  return status;

}

void

mcheck_check_all (void)

{

  /* Walk through all the active blocks and test whether they were tampered

     with.  */

  struct hdr *runp = root;

  /* Temporarily turn off the checks.  */

  pedantic = 0;

  while (runp != NULL)

    {

      (void) checkhdr (runp);

      runp = runp->next;

    }

  /* Turn checks on again.  */

  pedantic = 1;

}

#ifdef _LIBC

libc_hidden_def (mcheck_check_all)

#endif

static void

unlink_blk (struct hdr *ptr)

{

  if (ptr->next != NULL)

    {

      ptr->next->prev = ptr->prev;

      ptr->next->magic = MAGICWORD ^ ((uintptr_t) ptr->next->prev

                                      + (uintptr_t) ptr->next->next);

    }

  if (ptr->prev != NULL)

    {

      ptr->prev->next = ptr->next;

      ptr->prev->magic = MAGICWORD ^ ((uintptr_t) ptr->prev->prev

                                      + (uintptr_t) ptr->prev->next);

    }

  else

    root = ptr->next;

}

static void

link_blk (struct hdr *hdr)

{

  hdr->prev = NULL;

  hdr->next = root;

  root = hdr;

  hdr->magic = MAGICWORD ^ (uintptr_t) hdr->next;

  /* And the next block.  */

  if (hdr->next != NULL)

    {

      hdr->next->prev = hdr;

      hdr->next->magic = MAGICWORD ^ ((uintptr_t) hdr

                                      + (uintptr_t) hdr->next->next);

    }

}

static void

freehook (void *ptr, const void *caller)

{

  if (pedantic)

    mcheck_check_all ();

  if (ptr)

    {

      struct hdr *hdr = ((struct hdr *) ptr) - 1;

      checkhdr (hdr);

      hdr->magic = MAGICFREE;

      hdr->magic2 = MAGICFREE;

      unlink_blk (hdr);

      hdr->prev = hdr->next = NULL;

      flood (ptr, FREEFLOOD, hdr->size);

      ptr = hdr->block;

    }

  __free_hook = old_free_hook;

  if (old_free_hook != NULL)

    (*old_free_hook)(ptr, caller);

  else

    free (ptr);

  __free_hook = freehook;

}

static void *

mallochook (size_t size, const void *caller)

{

  struct hdr *hdr;

  if (pedantic)

    mcheck_check_all ();

  if (size > ~((size_t) 0) - (sizeof (struct hdr) + 1))

    {

      __set_errno (ENOMEM);

      return NULL;

    }

  __malloc_hook = old_malloc_hook;

  if (old_malloc_hook != NULL)

    hdr = (struct hdr *) (*old_malloc_hook)(sizeof (struct hdr) + size + 1,

                                            caller);

  else

    hdr = (struct hdr *) malloc (sizeof (struct hdr) + size + 1);

  __malloc_hook = mallochook;

  if (hdr == NULL)

    return NULL;

  hdr->size = size;

  link_blk (hdr);

  hdr->block = hdr;

  hdr->magic2 = (uintptr_t) hdr ^ MAGICWORD;

  ((char *) &hdr[1])[size] = MAGICBYTE;

  flood ((void *) (hdr + 1), MALLOCFLOOD, size);

  return (void *) (hdr + 1);

}

static void *

memalignhook (size_t alignment, size_t size,

              const void *caller)

{

  struct hdr *hdr;

  size_t slop;

  char *block;

  if (pedantic)

    mcheck_check_all ();

  slop = (sizeof *hdr + alignment - 1) & - alignment;

  if (size > ~((size_t) 0) - (slop + 1))

    {

      __set_errno (ENOMEM);

      return NULL;

    }

  __memalign_hook = old_memalign_hook;

  if (old_memalign_hook != NULL)

    block = (*old_memalign_hook)(alignment, slop + size + 1, caller);

  else

    block = memalign (alignment, slop + size + 1);

  __memalign_hook = memalignhook;

  if (block == NULL)

    return NULL;

  hdr = ((struct hdr *) (block + slop)) - 1;

  hdr->size = size;

  link_blk (hdr);

  hdr->block = (void *) block;

  hdr->magic2 = (uintptr_t) block ^ MAGICWORD;

  ((char *) &hdr[1])[size] = MAGICBYTE;

  flood ((void *) (hdr + 1), MALLOCFLOOD, size);

  return (void *) (hdr + 1);

}

static void *

reallochook (void *ptr, size_t size, const void *caller)

{

  if (size == 0)

    {

      freehook (ptr, caller);

      return NULL;

    }

  struct hdr *hdr;

  size_t osize;

  if (pedantic)

    mcheck_check_all ();

  if (size > ~((size_t) 0) - (sizeof (struct hdr) + 1))

    {

      __set_errno (ENOMEM);

      return NULL;

    }

  if (ptr)

    {

      hdr = ((struct hdr *) ptr) - 1;

      osize = hdr->size;

      checkhdr (hdr);

      unlink_blk (hdr);

      if (size < osize)

        flood ((char *) ptr + size, FREEFLOOD, osize - size);

    }

  else

    {

      osize = 0;

      hdr = NULL;

    }

  __free_hook = old_free_hook;

  __malloc_hook = old_malloc_hook;

  __memalign_hook = old_memalign_hook;

  __realloc_hook = old_realloc_hook;

  if (old_realloc_hook != NULL)

    hdr = (struct hdr *) (*old_realloc_hook)((void *) hdr,

                                             sizeof (struct hdr) + size + 1,

                                             caller);

  else

    hdr = (struct hdr *) realloc ((void *) hdr,

                                  sizeof (struct hdr) + size + 1);

  __free_hook = freehook;

  __malloc_hook = mallochook;

  __memalign_hook = memalignhook;

  __realloc_hook = reallochook;

  if (hdr == NULL)

    return NULL;

  hdr->size = size;

  link_blk (hdr);

  hdr->block = hdr;

  hdr->magic2 = (uintptr_t) hdr ^ MAGICWORD;

  ((char *) &hdr[1])[size] = MAGICBYTE;

  if (size > osize)

    flood ((char *) (hdr + 1) + osize, MALLOCFLOOD, size - osize);

  return (void *) (hdr + 1);

}

__attribute__ ((noreturn))

static void

mabort (enum mcheck_status status)

{

  const char *msg;

  switch (status)

    {

    case MCHECK_OK:

      msg = _ ("memory is consistent, library is buggy\n");

      break;

    case MCHECK_HEAD:

      msg = _ ("memory clobbered before allocated block\n");

      break;

    case MCHECK_TAIL:

      msg = _ ("memory clobbered past end of allocated block\n");

      break;

    case MCHECK_FREE:

      msg = _ ("block freed twice\n");

      break;

    default:

      msg = _ ("bogus mcheck_status, library is buggy\n");

      break;

    }

#ifdef _LIBC

  __libc_fatal (msg);

#else

  fprintf (stderr, "mcheck: %s", msg);

  fflush (stderr);

  abort ();

#endif

}

/* Memory barrier so that GCC does not optimize out the argument.  */

#define malloc_opt_barrier(x) \

  ({ __typeof (x) __x = x; __asm ("" : "+m" (__x)); __x; })

int

mcheck (void (*func) (enum mcheck_status))

{

  abortfunc = (func != NULL) ? func : &mabort;

  /* These hooks may not be safely inserted if malloc is already in use.  */

  if (__malloc_initialized <= 0 && !mcheck_used)

    {

      /* We call malloc() once here to ensure it is initialized.  */

      void *p = malloc (0);

      /* GCC might optimize out the malloc/free pair without a barrier.  */

      p = malloc_opt_barrier (p);

      free (p);

      old_free_hook = __free_hook;

      __free_hook = freehook;

      old_malloc_hook = __malloc_hook;

      __malloc_hook = mallochook;

      old_memalign_hook = __memalign_hook;

      __memalign_hook = memalignhook;

      old_realloc_hook = __realloc_hook;

      __realloc_hook = reallochook;

      mcheck_used = 1;

    }

  return mcheck_used ? 0 : -1;

}

#ifdef _LIBC

libc_hidden_def (mcheck)

#endif

int

mcheck_pedantic (void (*func) (enum mcheck_status))

{

  int res = mcheck (func);

  if (res == 0)

    pedantic = 1;

  return res;

}

enum mcheck_status

mprobe (void *ptr)

{

  return mcheck_used ? checkhdr (((struct hdr *) ptr) - 1) : MCHECK_DISABLED;

}