dbg_malloc
NAME
malloc - debugging memory allocation routines
SYNOPSIS
#include <stdlib.h>
void *malloc(size_t size);
void *realloc(void *ptr, size_t size);
void *calloc(size_t size, size_t nel);
void free(void);
void *check_malloc(void *ptr);
DESCRIPTION
These routines are replacements for the standard memory
allocation routines for use in debugging an application that
corrupts its memory arena.
Applications corrupt the memory arena by writing to or
reading from memory that has not been allocated, or by
scribbling on the internal malloc(3C) data structures that
precede and/or follow each allocated buffer. Typically this
corruption occurs before the application unexpectedly
terminates. Tracking and locating the errant access at the
time of corruption facilitates fixing the application.
These routines are designed to return pointers to blocks
that are aligned to cause the generation of a fault when
accessing a memory location that is beyond the allocated
block. They are based on the virtual memory sub-system's
denying a process access to unmapped pages.
Memory arena corruption can occur at either end of an
allocated block. The page fault on access behavior can only
be enforced towards one end within a process at any one
time. By default, these routines will fault on access of
data beyond the end of the allocated block. This is the more
typical cause of malloc arena corruption. Fault generation
can be changed to occur upon access of data in front of the
allocated block by setting the DEBUG_MALLOC environment
variable, as described below.
Another example of memory corruption occurs when accessing
memory that has already been free'd. This version of free
makes freed memory inaccessible. All freed memory is
released when the system can not allocate any new memory
resources. Accessing data within such a block after it has
been freed but before it has been made accessible again will
generate a fault. The default behavior can be modified to
immediately make freed pages available. See the DEBUG_MALLOC
description below.
ptr is NULL, the entire allocated memory arena is checked.
check_malloc returns 0 if the block pointed to by ptr, or
in the case of NULL the entire arena, is intact. Otherwise
it returns a corruption address. If ptr is NULL and there
are multiple corrupted blocks, check_malloc returns a
corrupted address. This function is useful in determining if
the memory arena has been corrupted at the non-fault
generating end. The environment variable DEBUG_MALLOC can
then be reset to fault on access of the reverse end, and the
fault generated by running the application again.
f(CWdebug(1) should be used in conjunction with these
routines to facilitate tracking down the instruction that
accessed unavailable memory. Setting DEBUG_MALLOC to show
the information from any of the allocation routines includes
the return address of the function that is calling the
memory routines. Using this information with debug makes it
easier to isolate memory corruption.
Control over the amount of debugging information presented
is provided by setting and exporting the environment
variable DEBUG_MALLOC. The supported options are: M - trace
return values from malloc R - trace entry and return values
from realloc C - trace entry and return values from calloc F
- trace entry to free H - return freed blocks to the memory
pool immediately X - provide additional debugging/tracing
information B - allocation routines will fault on access of
data beyond the block (default) T - allocation routines will
fault on access of data before the beginning of a block N -
fill allocated space with a non-zero bit pattern
If both B and T are specified, B will be used.
DIAGNOSTICS
The allocation routines return NULL if the allocation can
not be satisfied.
SEE ALSO
mmap(2), munmap(2), mprotect(2), malloc(3C)