dovecot-1.1: DEBUG: Catch if we write past t_buffer_get()ed memory.

dovecot at dovecot.org dovecot at dovecot.org
Sun Mar 30 11:46:51 EEST 2008 

details:   http://hg.dovecot.org/dovecot-1.1/rev/213dd8e78ad8
changeset: 7440:213dd8e78ad8
user:      Timo Sirainen <tss at iki.fi>
date:      Sun Mar 30 11:43:33 2008 +0300
description:
DEBUG: Catch if we write past t_buffer_get()ed memory.

diffstat:

1 file changed, 30 insertions(+), 4 deletions(-)
src/lib/data-stack.c |   34 ++++++++++++++++++++++++++++++----

diffs (65 lines):

diff -r dc9c098a7d26 -r 213dd8e78ad8 src/lib/data-stack.c
--- a/src/lib/data-stack.c	Sun Mar 30 11:41:35 2008 +0300
+++ b/src/lib/data-stack.c	Sun Mar 30 11:43:33 2008 +0300
@@ -71,6 +71,33 @@ union {
 	struct stack_block block;
 	unsigned char data[128];
 } outofmem_area;
+
+static void data_stack_last_buffer_reset(void)
+{
+	if (last_buffer_block != NULL) {
+#ifdef DEBUG
+		const unsigned char *p;
+		unsigned int i;
+
+		p = STACK_BLOCK_DATA(current_block) +
+			(current_block->size - current_block->left) +
+			MEM_ALIGN(sizeof(size_t) + last_buffer_size);
+#endif
+		/* reset t_buffer_get() mark - not really needed but makes it
+		   easier to notice if t_malloc()/t_push()/t_pop() is called
+		   between t_buffer_get() and t_buffer_alloc().
+		   do this before we get to i_panic() to avoid recursive
+		   panics. */
+		last_buffer_block = NULL;
+
+#ifdef DEBUG
+		for (i = 0; i < SENTRY_COUNT; i++) {
+			if (p[i] != CLEAR_CHR)
+				i_panic("t_buffer_get(): buffer overflow");
+		}
+#endif
+	}
+}
 
 unsigned int t_push(void)
 {
@@ -107,6 +134,7 @@ unsigned int t_push(void)
 		frame_block->prev = current_frame_block;
 		current_frame_block = frame_block;
 	}
+	data_stack_last_buffer_reset();
 
 	/* mark our current position */
 	current_frame_block->block[frame_pos] = current_block;
@@ -194,6 +222,7 @@ unsigned int t_pop(void)
 #ifdef DEBUG
 	t_pop_verify();
 #endif
+	data_stack_last_buffer_reset();
 
 	/* update the current block */
 	current_block = current_frame_block->block[frame_pos];
@@ -290,10 +319,7 @@ static void *t_malloc_real(size_t size, 
 		data_stack_init();
 	}
 
-	/* reset t_buffer_get() mark - not really needed but makes it easier
-	   to notice if t_malloc() is called between t_buffer_get() and
-	   t_buffer_alloc() */
-        last_buffer_block = NULL;
+	data_stack_last_buffer_reset();
 
 	/* allocate only aligned amount of memory so alignment comes
 	   always properly */

More information about the dovecot-cvs mailing list