SQLite

Check-in [ba5f0a5599]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:In memsys5, initialize new allocations to non-zero bytes. Change the content of freed allocations to prevent use after free. These changes in SQLITE_DEBUG only.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: ba5f0a5599dece6d8f3dfe652800c28875c74a24
User & Date: drh 2014-02-24 19:07:51.519
Context
2014-02-24
19:49
Close some stray connections in walro.test. (check-in: d6746cabaa user: dan tags: trunk)
19:07
In memsys5, initialize new allocations to non-zero bytes. Change the content of freed allocations to prevent use after free. These changes in SQLITE_DEBUG only. (check-in: ba5f0a5599 user: drh tags: trunk)
14:24
Remove an unused variable from the VDBE_PROFILE compile-time option. Keep the opcode count in an u32 instead of an int. (check-in: 4df0ac9023 user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/mem5.c. 
270
271
272
273
274
275
276






277
278
279
280
281
282
283

  mem5.nAlloc++;
  mem5.totalAlloc += iFullSz;
  mem5.totalExcess += iFullSz - nByte;
  mem5.currentCount++;
  mem5.currentOut += iFullSz;
  if( mem5.maxCount<mem5.currentCount ) mem5.maxCount = mem5.currentCount;
  if( mem5.maxOut<mem5.currentOut ) mem5.maxOut = mem5.currentOut;







  /* Return a pointer to the allocated memory. */
  return (void*)&mem5.zPool[i*mem5.szAtom];
}

/*
** Free an outstanding memory allocation.








>
>
>
>
>
>








270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289

  mem5.nAlloc++;
  mem5.totalAlloc += iFullSz;
  mem5.totalExcess += iFullSz - nByte;
  mem5.currentCount++;
  mem5.currentOut += iFullSz;
  if( mem5.maxCount<mem5.currentCount ) mem5.maxCount = mem5.currentCount;
  if( mem5.maxOut<mem5.currentOut ) mem5.maxOut = mem5.currentOut;

#ifdef SQLITE_DEBUG
  /* Make sure the allocated memory does not assume that it is set to zero
  ** or retains a value from a previous allocation */
  memset(&mem5.zPool[i*mem5.szAtom], 0xAA, iFullSz);
#endif

  /* Return a pointer to the allocated memory. */
  return (void*)&mem5.zPool[i*mem5.szAtom];
}

/*
** Free an outstanding memory allocation.

328
329
330
331
332
333
334







335
336
337
338
339
340
341

      iBlock = iBuddy;
    }else{
      mem5.aCtrl[iBlock] = CTRL_FREE | iLogsize;
      mem5.aCtrl[iBuddy] = 0;
    }
    size *= 2;
  }







  memsys5Link(iBlock, iLogsize);
}

/*
** Allocate nBytes of memory.
*/
static void *memsys5Malloc(int nBytes){








>
>
>
>
>
>
>








334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354

      iBlock = iBuddy;
    }else{
      mem5.aCtrl[iBlock] = CTRL_FREE | iLogsize;
      mem5.aCtrl[iBuddy] = 0;
    }
    size *= 2;
  }

#ifdef SQLITE_DEBUG
  /* Overwrite freed memory with the 0x55 bit pattern to verify that it is
  ** not used after being freed */
  memset(&mem5.zPool[iBlock*mem5.szAtom], 0x55, size);
#endif

  memsys5Link(iBlock, iLogsize);
}

/*
** Allocate nBytes of memory.
*/
static void *memsys5Malloc(int nBytes){