You can ask malloc
to check the consistency of dynamic memory by
using the mcheck
function. This function is a GNU extension,
declared in `mcheck.h'.
mcheck
tells malloc
to perform occasional
consistency checks. These will catch things such as writing
past the end of a block that was allocated with malloc
.
The abortfn argument is the function to call when an inconsistency
is found. If you supply a null pointer, then mcheck
uses a
default function which prints a message and calls abort
(see section Aborting a Program). The function you supply is called with
one argument, which says what sort of inconsistency was detected; its
type is described below.
It is too late to begin allocation checking once you have allocated
anything with malloc
. So mcheck
does nothing in that
case. The function returns -1
if you call it too late, and
0
otherwise (when it is successful).
The easiest way to arrange to call mcheck
early enough is to use
the option `-lmcheck' when you link your program; then you don't
need to modify your program source at all. Alternatively you might use
a debugger to insert a call to mcheck
whenever the program is
started, for example these gdb commands will automatically call mcheck
whenever the program starts:
(gdb) break main Breakpoint 1, main (argc=2, argv=0xbffff964) at whatever.c:10 (gdb) command 1 Type commands for when breakpoint 1 is hit, one per line. End with a line saying just "end". >call mcheck(0) >continue >end (gdb) ...
This will however only work if no initialization function of any object
involved calls any of the malloc
functions since mcheck
must be called before the first such function.
mprobe
function lets you explicitly check for inconsistencies
in a particular allocated block. You must have already called
mcheck
at the beginning of the program, to do its occasional
checks; calling mprobe
requests an additional consistency check
to be done at the time of the call.
The argument pointer must be a pointer returned by malloc
or realloc
. mprobe
returns a value that says what
inconsistency, if any, was found. The values are described below.
MCHECK_DISABLED
mcheck
was not called before the first allocation.
No consistency checking can be done.
MCHECK_OK
MCHECK_HEAD
MCHECK_TAIL
MCHECK_FREE
Another possibility to check for and guard against bugs in the use of
malloc
, realloc
and free
is to set the environment
variable MALLOC_CHECK_
. When MALLOC_CHECK_
is set, a
special (less efficient) implementation is used which is designed to be
tolerant against simple errors, such as double calls of free
with
the same argument, or overruns of a single byte (off-by-one bugs). Not
all such errors can be protected against, however, and memory leaks can
result. If MALLOC_CHECK_
is set to 0
, any detected heap
corruption is silently ignored; if set to 1
, a diagnostic is
printed on stderr
; if set to 2
, abort
is called
immediately. This can be useful because otherwise a crash may happen
much later, and the true cause for the problem is then very hard to
track down.
There is one problem with MALLOC_CHECK_
: in SUID or SGID binaries
it could possibly be exploited since diverging from the normal programs
behaviour it now writes something to the standard error desriptor.
Therefore the use of MALLOC_CHECK_
is disabled by default for
SUID and SGID binaries. It can be enabled again by the system
administrator by adding a file `/etc/suid-debug' (the content is
not important it could be empty).
So, what's the difference between using MALLOC_CHECK_
and linking
with `-lmcheck'? MALLOC_CHECK_
is orthogonal with respect to
`-lmcheck'. `-lmcheck' has been added for backward
compatibility. Both MALLOC_CHECK_
and `-lmcheck' should
uncover the same bugs - but using MALLOC_CHECK_
you don't need to
recompile your application.
Go to the first, previous, next, last section, table of contents.