mirror of
https://github.com/radareorg/radare2.git
synced 2025-01-19 04:12:46 +00:00
Fix coverities related to dmh
This commit is contained in:
parent
1449d61850
commit
798959bd6f
@ -189,6 +189,10 @@ static bool r_resolve_main_arena_32(RCore *core, ut32 *m_arena, RHeap_MallocStat
|
|||||||
RListIter *iter;
|
RListIter *iter;
|
||||||
RDebugMap *map;
|
RDebugMap *map;
|
||||||
|
|
||||||
|
if (!core || !core->dbg || !core->dbg->maps){
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
if (*m_arena == UT32_MAX) {
|
if (*m_arena == UT32_MAX) {
|
||||||
const char *dir_dbg = "/usr/lib/debug";
|
const char *dir_dbg = "/usr/lib/debug";
|
||||||
const char *dir_build_id = "/.build-id";
|
const char *dir_build_id = "/.build-id";
|
||||||
@ -198,9 +202,6 @@ static bool r_resolve_main_arena_32(RCore *core, ut32 *m_arena, RHeap_MallocStat
|
|||||||
bool is_debug_file[4];
|
bool is_debug_file[4];
|
||||||
ut32 libc_addr = UT32_MAX, vaddr = UT32_MAX;
|
ut32 libc_addr = UT32_MAX, vaddr = UT32_MAX;
|
||||||
|
|
||||||
if (!core || !core->dbg || !core->dbg->maps){
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
r_debug_map_sync (core->dbg);
|
r_debug_map_sync (core->dbg);
|
||||||
r_list_foreach (core->dbg->maps, iter, map) {
|
r_list_foreach (core->dbg->maps, iter, map) {
|
||||||
if (strstr (map->name, "/libc-")) {
|
if (strstr (map->name, "/libc-")) {
|
||||||
@ -269,11 +270,11 @@ arena:
|
|||||||
}
|
}
|
||||||
not_arena:
|
not_arena:
|
||||||
eprintf ("Warning: glibc library with symbol main_arena could not be found. Is libc6-dbg installed?\n");
|
eprintf ("Warning: glibc library with symbol main_arena could not be found. Is libc6-dbg installed?\n");
|
||||||
|
free (path);
|
||||||
return false;
|
return false;
|
||||||
} else {
|
} else {
|
||||||
update_main_arena_32 (core, *m_arena, main_arena);
|
update_main_arena_32 (core, *m_arena, main_arena);
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -344,6 +345,7 @@ static int print_double_linked_list_bin_simple_32(RCore *core, ut32 bin, RHeap_M
|
|||||||
next = cnk->fd;
|
next = cnk->fd;
|
||||||
if (next < brk_start || next > main_arena->top) {
|
if (next < brk_start || next > main_arena->top) {
|
||||||
PRINT_RA ("Double linked list corrupted\n");
|
PRINT_RA ("Double linked list corrupted\n");
|
||||||
|
free (cnk);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
r_core_read_at (core, next, (ut8 *)cnk, sizeof (RHeapChunk32));
|
r_core_read_at (core, next, (ut8 *)cnk, sizeof (RHeapChunk32));
|
||||||
@ -354,6 +356,7 @@ static int print_double_linked_list_bin_simple_32(RCore *core, ut32 bin, RHeap_M
|
|||||||
|
|
||||||
if (next != bin) {
|
if (next != bin) {
|
||||||
PRINT_RA ("Double linked list corrupted\n");
|
PRINT_RA ("Double linked list corrupted\n");
|
||||||
|
free (cnk);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
r_core_read_at (core, next, (ut8 *)cnk, sizeof (RHeapChunk32));
|
r_core_read_at (core, next, (ut8 *)cnk, sizeof (RHeapChunk32));
|
||||||
@ -364,6 +367,7 @@ static int print_double_linked_list_bin_simple_32(RCore *core, ut32 bin, RHeap_M
|
|||||||
next = cnk->bk;
|
next = cnk->bk;
|
||||||
if (next < brk_start || next > main_arena->top) {
|
if (next < brk_start || next > main_arena->top) {
|
||||||
PRINT_RA ("Double linked list corrupted\n");
|
PRINT_RA ("Double linked list corrupted\n");
|
||||||
|
free (cnk);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
r_core_read_at (core, next, (ut8 *)cnk, sizeof (RHeapChunk32));
|
r_core_read_at (core, next, (ut8 *)cnk, sizeof (RHeapChunk32));
|
||||||
@ -371,7 +375,7 @@ static int print_double_linked_list_bin_simple_32(RCore *core, ut32 bin, RHeap_M
|
|||||||
|
|
||||||
PRINTF_GA ("->bk = 0x%"PFMT32x, cnk->bk);
|
PRINTF_GA ("->bk = 0x%"PFMT32x, cnk->bk);
|
||||||
free (cnk);
|
free (cnk);
|
||||||
return 1;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int print_double_linked_list_bin_graph_32(RCore *core, ut32 bin, RHeap_MallocState32 *main_arena, ut32 brk_start) {
|
static int print_double_linked_list_bin_graph_32(RCore *core, ut32 bin, RHeap_MallocState32 *main_arena, ut32 brk_start) {
|
||||||
@ -382,7 +386,9 @@ static int print_double_linked_list_bin_graph_32(RCore *core, ut32 bin, RHeap_Ma
|
|||||||
RANode *bin_node = NULL, *prev_node = NULL, *next_node = NULL;
|
RANode *bin_node = NULL, *prev_node = NULL, *next_node = NULL;
|
||||||
RHeapChunk32 *cnk = R_NEW0 (RHeapChunk32);
|
RHeapChunk32 *cnk = R_NEW0 (RHeapChunk32);
|
||||||
|
|
||||||
if (!cnk) {
|
if (!cnk || !g) {
|
||||||
|
free (cnk);
|
||||||
|
free (g);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -396,6 +402,8 @@ static int print_double_linked_list_bin_graph_32(RCore *core, ut32 bin, RHeap_Ma
|
|||||||
next = cnk->bk;
|
next = cnk->bk;
|
||||||
if (next < brk_start || next > main_arena->top) {
|
if (next < brk_start || next > main_arena->top) {
|
||||||
PRINT_RA ("Double linked list corrupted\n");
|
PRINT_RA ("Double linked list corrupted\n");
|
||||||
|
free (cnk);
|
||||||
|
free (g);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -414,26 +422,28 @@ static int print_double_linked_list_bin_graph_32(RCore *core, ut32 bin, RHeap_Ma
|
|||||||
|
|
||||||
free (cnk);
|
free (cnk);
|
||||||
r_agraph_free (g);
|
r_agraph_free (g);
|
||||||
|
return 0;
|
||||||
return 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int print_double_linked_list_bin_32(RCore *core, RHeap_MallocState32 *main_arena, ut32 m_arena, ut32 offset, ut32 num_bin, int graph) {
|
static int print_double_linked_list_bin_32(RCore *core, RHeap_MallocState32 *main_arena, ut32 m_arena, ut32 offset, ut32 num_bin, int graph) {
|
||||||
int ret = 0;
|
|
||||||
ut32 brk_start = UT32_MAX, brk_end = UT32_MAX;
|
|
||||||
ut32 bin = main_arena->bins[num_bin];
|
|
||||||
if (!bin) {
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!core || !core->dbg || !core->dbg->maps) {
|
if (!core || !core->dbg || !core->dbg->maps) {
|
||||||
return ret;
|
return -1;
|
||||||
|
}
|
||||||
|
int ret = 0;
|
||||||
|
ut32 brk_start = UT32_MAX, brk_end = UT32_MAX;
|
||||||
|
if (num_bin < 0 || num_bin > 126) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
ut32 bin = main_arena->bins[num_bin];
|
||||||
|
|
||||||
|
if (!bin) {
|
||||||
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
get_brks_32 (core, &brk_start, &brk_end);
|
get_brks_32 (core, &brk_start, &brk_end);
|
||||||
if (brk_start == UT32_MAX || brk_end == UT32_MAX) {
|
if (brk_start == UT32_MAX || brk_end == UT32_MAX) {
|
||||||
eprintf ("No Heap section\n");
|
eprintf ("No Heap section\n");
|
||||||
return ret;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
bin = m_arena + offset + SZ * num_bin * 2 - SZ * 2;
|
bin = m_arena + offset + SZ * num_bin * 2 - SZ * 2;
|
||||||
@ -457,7 +467,6 @@ static int print_double_linked_list_bin_32(RCore *core, RHeap_MallocState32 *ma
|
|||||||
}
|
}
|
||||||
|
|
||||||
PRINT_GA ("\n }\n");
|
PRINT_GA ("\n }\n");
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -496,27 +505,26 @@ static void print_heap_bin_32(RCore *core, ut32 m_arena, RHeap_MallocState32 *ma
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int print_single_linked_list_bin_32(RCore *core, RHeap_MallocState32 *main_arena, ut32 m_arena, ut32 offset, ut32 bin_num) {
|
static int print_single_linked_list_bin_32(RCore *core, RHeap_MallocState32 *main_arena, ut32 m_arena, ut32 offset, ut32 bin_num) {
|
||||||
|
if (!core || !core->dbg || !core->dbg->maps) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
ut32 next = UT32_MAX, brk_start = UT32_MAX, brk_end = UT32_MAX;
|
ut32 next = UT32_MAX, brk_start = UT32_MAX, brk_end = UT32_MAX;
|
||||||
ut32 bin = main_arena->fastbinsY[bin_num];
|
ut32 bin = main_arena->fastbinsY[bin_num];
|
||||||
if (!bin) {
|
if (!bin) {
|
||||||
return 0;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
RHeapChunk32 *cnk = R_NEW0 (RHeapChunk32);
|
RHeapChunk32 *cnk = R_NEW0 (RHeapChunk32);
|
||||||
|
|
||||||
if (!cnk) {
|
if (!cnk) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!core || !core->dbg || !core->dbg->maps) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
bin = m_arena + offset + SZ * bin_num;
|
bin = m_arena + offset + SZ * bin_num;
|
||||||
r_core_read_at (core, bin, (ut8 *)&next, SZ);
|
r_core_read_at (core, bin, (ut8 *)&next, SZ);
|
||||||
|
|
||||||
get_brks_32 (core, &brk_start, &brk_end);
|
get_brks_32 (core, &brk_start, &brk_end);
|
||||||
if (brk_start == UT32_MAX || brk_end == UT32_MAX) {
|
if (brk_start == UT32_MAX || brk_end == UT32_MAX) {
|
||||||
eprintf ("No Heap section\n");
|
eprintf ("No Heap section\n");
|
||||||
|
free (cnk);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -545,6 +553,7 @@ static int print_single_linked_list_bin_32(RCore *core, RHeap_MallocState32 *mai
|
|||||||
PRINTF_RA (" 0x%"PFMT32x, next);
|
PRINTF_RA (" 0x%"PFMT32x, next);
|
||||||
PRINT_RA (" Linked list corrupted\n");
|
PRINT_RA (" Linked list corrupted\n");
|
||||||
PRINT_GA ("\n }\n");
|
PRINT_GA ("\n }\n");
|
||||||
|
free (cnk);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -553,6 +562,7 @@ static int print_single_linked_list_bin_32(RCore *core, RHeap_MallocState32 *mai
|
|||||||
PRINTF_RA ("0x%"PFMT32x, next);
|
PRINTF_RA ("0x%"PFMT32x, next);
|
||||||
PRINT_RA (" Double free detected\n");
|
PRINT_RA (" Double free detected\n");
|
||||||
PRINT_GA ("\n }\n");
|
PRINT_GA ("\n }\n");
|
||||||
|
free (cnk);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -561,11 +571,13 @@ static int print_single_linked_list_bin_32(RCore *core, RHeap_MallocState32 *mai
|
|||||||
PRINTF_RA ("0x%"PFMT32x, next);
|
PRINTF_RA ("0x%"PFMT32x, next);
|
||||||
PRINT_RA (" Linked list corrupted\n");
|
PRINT_RA (" Linked list corrupted\n");
|
||||||
PRINT_GA ("\n }\n");
|
PRINT_GA ("\n }\n");
|
||||||
return 1;
|
free (cnk);
|
||||||
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
PRINT_GA ("\n }\n");
|
PRINT_GA ("\n }\n");
|
||||||
return -1;
|
free (cnk);
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void print_heap_fastbin_32(RCore *core, ut32 m_arena, RHeap_MallocState32 *main_arena, const char *input) {
|
void print_heap_fastbin_32(RCore *core, ut32 m_arena, RHeap_MallocState32 *main_arena, const char *input) {
|
||||||
@ -600,24 +612,24 @@ void print_heap_fastbin_32(RCore *core, ut32 m_arena, RHeap_MallocState32 *main_
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void print_mmap_graph_32(RCore *core, RHeap_MallocState32 *malloc_state, ut32 m_state) {
|
static void print_mmap_graph_32(RCore *core, RHeap_MallocState32 *malloc_state, ut32 m_state) {
|
||||||
int w, h;
|
|
||||||
ut32 top_size = UT32_MAX;
|
|
||||||
|
|
||||||
if (!core || !core->dbg || !core->dbg->maps) {
|
if (!core || !core->dbg || !core->dbg->maps) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int w, h;
|
||||||
|
ut32 top_size = UT32_MAX;
|
||||||
w = r_cons_get_size (&h);
|
w = r_cons_get_size (&h);
|
||||||
RConsCanvas *can = r_cons_canvas_new (w, h);
|
RConsCanvas *can = r_cons_canvas_new (w, h);
|
||||||
can->color = r_config_get_i (core->config, "scr.color");
|
can->color = r_config_get_i (core->config, "scr.color");
|
||||||
RAGraph *g = r_agraph_new (can);
|
RAGraph *g = r_agraph_new (can);
|
||||||
RANode *top = {0}, *chunk_node = {0}, *prev_node = {0};
|
RANode *top = {0}, *chunk_node = {0}, *prev_node = {0};
|
||||||
RHeapChunk32 *cnk = R_NEW0 (RHeapChunk32),
|
RHeapChunk32 *cnk = R_NEW0 (RHeapChunk32),*prev_c = R_NEW0 (RHeapChunk32);
|
||||||
*prev_c = R_NEW0 (RHeapChunk32);
|
|
||||||
|
|
||||||
if (!cnk || !prev_c) {
|
if (!cnk || !prev_c || !g || !can) {
|
||||||
free (cnk);
|
free (cnk);
|
||||||
free (prev_c);
|
free (prev_c);
|
||||||
|
free (can);
|
||||||
|
free (g);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -640,7 +652,7 @@ static void print_mmap_graph_32(RCore *core, RHeap_MallocState32 *malloc_state,
|
|||||||
r_core_read_at (core, next_chunk_ref, (ut8 *)prev_c, sizeof (RHeapChunk32));
|
r_core_read_at (core, next_chunk_ref, (ut8 *)prev_c, sizeof (RHeapChunk32));
|
||||||
node_title = r_str_newf (" Malloc chunk @ 0x%"PFMT32x" ", prev_chunk_ref);
|
node_title = r_str_newf (" Malloc chunk @ 0x%"PFMT32x" ", prev_chunk_ref);
|
||||||
size_tmp = (prev_c->size >> 3) << 3;
|
size_tmp = (prev_c->size >> 3) << 3;
|
||||||
if (top_size != UT64_MAX && (size_tmp > top_size || next_chunk_ref + size_tmp > malloc_state->top)) {
|
if (size_tmp > top_size || next_chunk_ref + size_tmp > malloc_state->top) {
|
||||||
node_data = r_str_newf ("[corrupted] size: 0x%x\n fd: 0x%"PFMT32x", bk: 0x%"PFMT64x"\nHeap graph could not be recovered\n", prev_c->size, prev_c->fd, prev_c->bk) ;
|
node_data = r_str_newf ("[corrupted] size: 0x%x\n fd: 0x%"PFMT32x", bk: 0x%"PFMT64x"\nHeap graph could not be recovered\n", prev_c->size, prev_c->fd, prev_c->bk) ;
|
||||||
r_agraph_add_node (g, node_title, node_data);
|
r_agraph_add_node (g, node_title, node_data);
|
||||||
if (first_node) first_node = false;
|
if (first_node) first_node = false;
|
||||||
@ -665,14 +677,19 @@ static void print_mmap_graph_32(RCore *core, RHeap_MallocState32 *malloc_state,
|
|||||||
free (node_title);
|
free (node_title);
|
||||||
}
|
}
|
||||||
r_agraph_print (g);
|
r_agraph_print (g);
|
||||||
|
free (g);
|
||||||
free (cnk);
|
free (cnk);
|
||||||
|
free (can);
|
||||||
free (prev_c);
|
free (prev_c);
|
||||||
free (top_data);
|
free (top_data);
|
||||||
free (top_title);
|
free (top_title);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void print_heap_graph_32(RCore *core, RHeap_MallocState32 *main_arena, ut32 *initial_brk) {
|
static void print_heap_graph_32(RCore *core, RHeap_MallocState32 *main_arena, ut32 *initial_brk) {
|
||||||
|
if (!core || !core->dbg || !core->dbg->maps) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
int w, h;
|
int w, h;
|
||||||
ut32 top_size = UT32_MAX;
|
ut32 top_size = UT32_MAX;
|
||||||
w = r_cons_get_size (&h);
|
w = r_cons_get_size (&h);
|
||||||
@ -683,6 +700,10 @@ static void print_heap_graph_32(RCore *core, RHeap_MallocState32 *main_arena, ut
|
|||||||
RHeapChunk32 *cnk = R_NEW0 (RHeapChunk32), *prev_c = R_NEW0 (RHeapChunk32);
|
RHeapChunk32 *cnk = R_NEW0 (RHeapChunk32), *prev_c = R_NEW0 (RHeapChunk32);
|
||||||
|
|
||||||
if (!cnk || !prev_c) {
|
if (!cnk || !prev_c) {
|
||||||
|
free (can);
|
||||||
|
free (cnk);
|
||||||
|
free (prev_c);
|
||||||
|
free (g);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -693,14 +714,15 @@ static void print_heap_graph_32(RCore *core, RHeap_MallocState32 *main_arena, ut
|
|||||||
r_agraph_set_title (g, "Heap Layout");
|
r_agraph_set_title (g, "Heap Layout");
|
||||||
top_title = r_str_newf ("Top chunk @ 0x%"PFMT32x"\n", main_arena->top);
|
top_title = r_str_newf ("Top chunk @ 0x%"PFMT32x"\n", main_arena->top);
|
||||||
|
|
||||||
if (!core || !core->dbg || !core->dbg->maps) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
get_brks_32 (core, &brk_start, &brk_end);
|
get_brks_32 (core, &brk_start, &brk_end);
|
||||||
*initial_brk = (brk_start >> 12) << 12;
|
*initial_brk = (brk_start >> 12) << 12;
|
||||||
if (brk_start == UT32_MAX || brk_end == UT32_MAX || *initial_brk == UT32_MAX) {
|
if (brk_start == UT32_MAX || brk_end == UT32_MAX || *initial_brk == UT32_MAX) {
|
||||||
eprintf ("No Heap section\n");
|
eprintf ("No Heap section\n");
|
||||||
|
free (can);
|
||||||
|
free (cnk);
|
||||||
|
free (prev_c);
|
||||||
|
free (g);
|
||||||
|
free (top_title);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -738,39 +760,42 @@ static void print_heap_graph_32(RCore *core, RHeap_MallocState32 *main_arena, ut
|
|||||||
free (node_title);
|
free (node_title);
|
||||||
}
|
}
|
||||||
r_agraph_print (g);
|
r_agraph_print (g);
|
||||||
|
|
||||||
free (cnk);
|
free (cnk);
|
||||||
|
free (g);
|
||||||
|
free (can);
|
||||||
free (prev_c);
|
free (prev_c);
|
||||||
free (top_data);
|
free (top_data);
|
||||||
free (top_title);
|
free (top_title);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void print_heap_segment32(RCore *core, RHeap_MallocState32 *main_arena, ut32 *initial_brk) {
|
static void print_heap_segment32(RCore *core, RHeap_MallocState32 *main_arena, ut32 *initial_brk) {
|
||||||
|
if (!core || !core->dbg || !core->dbg->maps){
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
ut32 brk_start = UT32_MAX, brk_end = UT32_MAX, size_tmp, top_size = UT32_MAX;
|
ut32 brk_start = UT32_MAX, brk_end = UT32_MAX, size_tmp, top_size = UT32_MAX;
|
||||||
RHeapChunk32 *cnk = R_NEW0 (RHeapChunk32);
|
RHeapChunk32 *cnk = R_NEW0 (RHeapChunk32);
|
||||||
|
|
||||||
if (!cnk) {
|
if (!cnk) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!core || !core->dbg || !core->dbg->maps){
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
get_brks_32 (core, &brk_start, &brk_end);
|
get_brks_32 (core, &brk_start, &brk_end);
|
||||||
*initial_brk = (brk_start >> 12) << 12;
|
*initial_brk = (brk_start >> 12) << 12;
|
||||||
|
|
||||||
if (brk_start == UT32_MAX || brk_end == UT32_MAX || *initial_brk == UT32_MAX) {
|
if (brk_start == UT32_MAX || brk_end == UT32_MAX || *initial_brk == UT32_MAX) {
|
||||||
eprintf ("No Heap section\n");
|
eprintf ("No Heap section\n");
|
||||||
|
free (cnk);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
ut32 next_chunk = *initial_brk, prev_chunk = next_chunk;
|
ut32 next_chunk = *initial_brk, prev_chunk = next_chunk;
|
||||||
top_size = main_arena->top - brk_start;
|
top_size = main_arena->top - brk_start;
|
||||||
bool list_corrupted = false;
|
|
||||||
while (next_chunk && next_chunk >= brk_start && next_chunk < main_arena->top) {
|
while (next_chunk && next_chunk >= brk_start && next_chunk < main_arena->top) {
|
||||||
r_core_read_at (core, next_chunk, (ut8 *)cnk, sizeof (RHeapChunk32));
|
r_core_read_at (core, next_chunk, (ut8 *)cnk, sizeof (RHeapChunk32));
|
||||||
size_tmp = (cnk->size >> 3) << 3;
|
size_tmp = (cnk->size >> 3) << 3;
|
||||||
if (top_size != UT32_MAX && (size_tmp > top_size || next_chunk + size_tmp > main_arena->top)) {
|
if (size_tmp > top_size || next_chunk + size_tmp > main_arena->top) {
|
||||||
PRINT_YA ("\n Malloc chunk @ ");
|
PRINT_YA ("\n Malloc chunk @ ");
|
||||||
PRINTF_BA ("0x%"PFMT32x" ", next_chunk);
|
PRINTF_BA ("0x%"PFMT32x" ", next_chunk);
|
||||||
PRINT_RA ("[corrupted]\n");
|
PRINT_RA ("[corrupted]\n");
|
||||||
@ -801,11 +826,6 @@ static void print_heap_segment32(RCore *core, RHeap_MallocState32 *main_arena, u
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (list_corrupted) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
next_chunk += size_tmp;
|
next_chunk += size_tmp;
|
||||||
prev_chunk = next_chunk;
|
prev_chunk = next_chunk;
|
||||||
r_core_read_at (core, next_chunk, (ut8 *)cnk, sizeof (RHeapChunk32));
|
r_core_read_at (core, next_chunk, (ut8 *)cnk, sizeof (RHeapChunk32));
|
||||||
@ -832,16 +852,18 @@ static void print_heap_segment32(RCore *core, RHeap_MallocState32 *main_arena, u
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void print_heap_mmaped32(RCore *core, ut32 malloc_state) {
|
static void print_heap_mmaped32(RCore *core, ut32 malloc_state) {
|
||||||
|
if (!core || !core->dbg || !core->dbg->maps){
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
ut32 mmap_start = UT32_MAX, mmap_end = UT32_MAX, size_tmp;
|
ut32 mmap_start = UT32_MAX, mmap_end = UT32_MAX, size_tmp;
|
||||||
ut32 top_size = UT32_MAX;
|
ut32 top_size = UT32_MAX;
|
||||||
RHeapChunk32 *cnk = R_NEW0 (RHeapChunk32);
|
RHeapChunk32 *cnk = R_NEW0 (RHeapChunk32);
|
||||||
RHeap_MallocState32 *ms = R_NEW0 (RHeap_MallocState32);
|
RHeap_MallocState32 *ms = R_NEW0 (RHeap_MallocState32);
|
||||||
|
|
||||||
if (!cnk) {
|
if (!cnk || !ms) {
|
||||||
return;
|
free (cnk);
|
||||||
}
|
free (ms);
|
||||||
|
|
||||||
if (!core || !core->dbg || !core->dbg->maps){
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -849,13 +871,11 @@ static void print_heap_mmaped32(RCore *core, ut32 malloc_state) {
|
|||||||
r_core_read_at (core, malloc_state, (ut8*)ms, sizeof (RHeap_MallocState32));
|
r_core_read_at (core, malloc_state, (ut8*)ms, sizeof (RHeap_MallocState32));
|
||||||
mmap_end = ms->top;
|
mmap_end = ms->top;
|
||||||
|
|
||||||
|
|
||||||
ut32 next_chunk = mmap_start, prev_chunk = next_chunk;
|
ut32 next_chunk = mmap_start, prev_chunk = next_chunk;
|
||||||
r_core_read_at (core, malloc_state, (ut8*)ms, sizeof (RHeap_MallocState32));
|
r_core_read_at (core, malloc_state, (ut8*)ms, sizeof (RHeap_MallocState32));
|
||||||
r_core_read_at (core, ms->top, (ut8*)cnk, sizeof (RHeapChunk32));
|
r_core_read_at (core, ms->top, (ut8*)cnk, sizeof (RHeapChunk32));
|
||||||
top_size = (cnk->size >> 3) << 3;
|
top_size = (cnk->size >> 3) << 3;
|
||||||
|
|
||||||
bool list_corrupted = false;
|
|
||||||
while (next_chunk && next_chunk >= mmap_start && next_chunk < ms->top) {
|
while (next_chunk && next_chunk >= mmap_start && next_chunk < ms->top) {
|
||||||
r_core_read_at (core, next_chunk, (ut8 *)cnk, sizeof (RHeapChunk32));
|
r_core_read_at (core, next_chunk, (ut8 *)cnk, sizeof (RHeapChunk32));
|
||||||
size_tmp = (cnk->size >> 3) << 3;
|
size_tmp = (cnk->size >> 3) << 3;
|
||||||
@ -890,14 +910,10 @@ static void print_heap_mmaped32(RCore *core, ut32 malloc_state) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (list_corrupted) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
next_chunk += size_tmp;
|
next_chunk += size_tmp;
|
||||||
prev_chunk = next_chunk;
|
prev_chunk = next_chunk;
|
||||||
r_core_read_at (core, next_chunk, (ut8 *)cnk, sizeof (RHeapChunk32));
|
r_core_read_at (core, next_chunk, (ut8 *)cnk, sizeof (RHeapChunk32));
|
||||||
|
|
||||||
if (is_free) {
|
if (is_free) {
|
||||||
PRINT_GA ("[free]");
|
PRINT_GA ("[free]");
|
||||||
} else {
|
} else {
|
||||||
@ -924,10 +940,17 @@ static void print_heap_mmaped32(RCore *core, ut32 malloc_state) {
|
|||||||
|
|
||||||
void print_malloc_states32 ( RCore *core, ut32 m_arena, RHeap_MallocState32 *main_arena) {
|
void print_malloc_states32 ( RCore *core, ut32 m_arena, RHeap_MallocState32 *main_arena) {
|
||||||
RHeap_MallocState32 *ta = R_NEW0 (RHeap_MallocState32);
|
RHeap_MallocState32 *ta = R_NEW0 (RHeap_MallocState32);
|
||||||
|
if (!ta) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
PRINT_YA ("main_arena @ ");
|
PRINT_YA ("main_arena @ ");
|
||||||
PRINTF_BA ("0x%"PFMT32x"\n", m_arena);
|
PRINTF_BA ("0x%"PFMT32x"\n", m_arena);
|
||||||
|
|
||||||
if (main_arena->next == m_arena) return;
|
if (main_arena->next == m_arena) {
|
||||||
|
free (ta);
|
||||||
|
return;
|
||||||
|
}
|
||||||
else {
|
else {
|
||||||
ta->next = main_arena->next;
|
ta->next = main_arena->next;
|
||||||
while (ta->next != UT32_MAX && ta->next != m_arena) {
|
while (ta->next != UT32_MAX && ta->next != m_arena) {
|
||||||
@ -1059,7 +1082,8 @@ static int cmd_dbg_map_heap_glibc_32(RCore *core, const char *input) {
|
|||||||
RHeap_MallocState32 *malloc_state = R_NEW0 (RHeap_MallocState32);
|
RHeap_MallocState32 *malloc_state = R_NEW0 (RHeap_MallocState32);
|
||||||
r_core_read_at (core, m_state, (ut8*)malloc_state, sizeof (RHeap_MallocState32));
|
r_core_read_at (core, m_state, (ut8*)malloc_state, sizeof (RHeap_MallocState32));
|
||||||
print_heap_bin_32 (core, m_state, malloc_state, bin);
|
print_heap_bin_32 (core, m_state, malloc_state, bin);
|
||||||
free(malloc_state);
|
free (malloc_state);
|
||||||
|
free (dup);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@ -1082,7 +1106,8 @@ static int cmd_dbg_map_heap_glibc_32(RCore *core, const char *input) {
|
|||||||
RHeap_MallocState32 *malloc_state = R_NEW0 (RHeap_MallocState32);
|
RHeap_MallocState32 *malloc_state = R_NEW0 (RHeap_MallocState32);
|
||||||
r_core_read_at (core, m_state, (ut8*)malloc_state, sizeof (RHeap_MallocState32));
|
r_core_read_at (core, m_state, (ut8*)malloc_state, sizeof (RHeap_MallocState32));
|
||||||
print_heap_fastbin_32 (core, m_state, malloc_state, bin);
|
print_heap_fastbin_32 (core, m_state, malloc_state, bin);
|
||||||
free(malloc_state);
|
free (malloc_state);
|
||||||
|
free (dup);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
@ -270,11 +270,11 @@ arena:
|
|||||||
}
|
}
|
||||||
not_arena:
|
not_arena:
|
||||||
eprintf ("Warning: glibc library with symbol main_arena could not be found. Is libc6-dbg installed?\n");
|
eprintf ("Warning: glibc library with symbol main_arena could not be found. Is libc6-dbg installed?\n");
|
||||||
|
free (path);
|
||||||
return false;
|
return false;
|
||||||
} else {
|
} else {
|
||||||
update_main_arena_64 (core, *m_arena, main_arena);
|
update_main_arena_64 (core, *m_arena, main_arena);
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -316,7 +316,7 @@ static void print_heap_chunk_64(RCore *core) {
|
|||||||
|
|
||||||
PRINT_GA (",\n}\n");
|
PRINT_GA (",\n}\n");
|
||||||
ut64 size = ((cnk->size >> 3) << 3) - SZ * 2;
|
ut64 size = ((cnk->size >> 3) << 3) - SZ * 2;
|
||||||
if (size > SZ * 128) {
|
if (size > (ut64)SZ * 128) {
|
||||||
PRINT_GA ("chunk too big to be displayed\n");
|
PRINT_GA ("chunk too big to be displayed\n");
|
||||||
size = SZ * 128;
|
size = SZ * 128;
|
||||||
}
|
}
|
||||||
@ -345,6 +345,7 @@ static int print_double_linked_list_bin_simple_64(RCore *core, ut64 bin, RHeap_M
|
|||||||
next = cnk->fd;
|
next = cnk->fd;
|
||||||
if (next < brk_start || next > main_arena->top) {
|
if (next < brk_start || next > main_arena->top) {
|
||||||
PRINT_RA ("Double linked list corrupted\n");
|
PRINT_RA ("Double linked list corrupted\n");
|
||||||
|
free (cnk);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
r_core_read_at (core, next, (ut8 *)cnk, sizeof (RHeapChunk64));
|
r_core_read_at (core, next, (ut8 *)cnk, sizeof (RHeapChunk64));
|
||||||
@ -355,6 +356,7 @@ static int print_double_linked_list_bin_simple_64(RCore *core, ut64 bin, RHeap_M
|
|||||||
|
|
||||||
if (next != bin) {
|
if (next != bin) {
|
||||||
PRINT_RA ("Double linked list corrupted\n");
|
PRINT_RA ("Double linked list corrupted\n");
|
||||||
|
free (cnk);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
r_core_read_at (core, next, (ut8 *)cnk, sizeof (RHeapChunk64));
|
r_core_read_at (core, next, (ut8 *)cnk, sizeof (RHeapChunk64));
|
||||||
@ -365,6 +367,7 @@ static int print_double_linked_list_bin_simple_64(RCore *core, ut64 bin, RHeap_M
|
|||||||
next = cnk->bk;
|
next = cnk->bk;
|
||||||
if (next < brk_start || next > main_arena->top) {
|
if (next < brk_start || next > main_arena->top) {
|
||||||
PRINT_RA ("Double linked list corrupted\n");
|
PRINT_RA ("Double linked list corrupted\n");
|
||||||
|
free (cnk);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
r_core_read_at (core, next, (ut8 *)cnk, sizeof (RHeapChunk64));
|
r_core_read_at (core, next, (ut8 *)cnk, sizeof (RHeapChunk64));
|
||||||
@ -372,7 +375,7 @@ static int print_double_linked_list_bin_simple_64(RCore *core, ut64 bin, RHeap_M
|
|||||||
|
|
||||||
PRINTF_GA ("->bk = 0x%"PFMT64x, cnk->bk);
|
PRINTF_GA ("->bk = 0x%"PFMT64x, cnk->bk);
|
||||||
free (cnk);
|
free (cnk);
|
||||||
return 1;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int print_double_linked_list_bin_graph_64(RCore *core, ut64 bin, RHeap_MallocState64 *main_arena, ut64 brk_start) {
|
static int print_double_linked_list_bin_graph_64(RCore *core, ut64 bin, RHeap_MallocState64 *main_arena, ut64 brk_start) {
|
||||||
@ -383,7 +386,9 @@ static int print_double_linked_list_bin_graph_64(RCore *core, ut64 bin, RHeap_Ma
|
|||||||
RANode *bin_node = NULL, *prev_node = NULL, *next_node = NULL;
|
RANode *bin_node = NULL, *prev_node = NULL, *next_node = NULL;
|
||||||
RHeapChunk64 *cnk = R_NEW0 (RHeapChunk64);
|
RHeapChunk64 *cnk = R_NEW0 (RHeapChunk64);
|
||||||
|
|
||||||
if (!cnk) {
|
if (!cnk || !g) {
|
||||||
|
free (cnk);
|
||||||
|
free (g);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -397,6 +402,8 @@ static int print_double_linked_list_bin_graph_64(RCore *core, ut64 bin, RHeap_Ma
|
|||||||
next = cnk->bk;
|
next = cnk->bk;
|
||||||
if (next < brk_start || next > main_arena->top) {
|
if (next < brk_start || next > main_arena->top) {
|
||||||
PRINT_RA ("Double linked list corrupted\n");
|
PRINT_RA ("Double linked list corrupted\n");
|
||||||
|
free (g);
|
||||||
|
free (cnk);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -412,32 +419,34 @@ static int print_double_linked_list_bin_graph_64(RCore *core, ut64 bin, RHeap_Ma
|
|||||||
r_agraph_add_edge (g, prev_node, bin_node);
|
r_agraph_add_edge (g, prev_node, bin_node);
|
||||||
r_agraph_add_edge (g, bin_node, prev_node);
|
r_agraph_add_edge (g, bin_node, prev_node);
|
||||||
r_agraph_print (g);
|
r_agraph_print (g);
|
||||||
|
|
||||||
free (cnk);
|
free (cnk);
|
||||||
r_agraph_free (g);
|
r_agraph_free (g);
|
||||||
|
return 0;
|
||||||
return 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int print_double_linked_list_bin_64(RCore *core, RHeap_MallocState64 *main_arena, ut64 m_arena, ut64 offset, ut64 num_bin, int graph) {
|
static int print_double_linked_list_bin_64(RCore *core, RHeap_MallocState64 *main_arena, ut64 m_arena, ut64 offset, ut64 num_bin, int graph) {
|
||||||
int ret = 0;
|
if (!core || !core->dbg || !core->dbg->maps) {
|
||||||
ut64 brk_start = UT64_MAX, brk_end = UT64_MAX;
|
return -1;
|
||||||
ut64 bin = main_arena->bins[num_bin];
|
|
||||||
if (!bin) {
|
|
||||||
return ret;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!core || !core->dbg || !core->dbg->maps) {
|
int ret = 0;
|
||||||
return ret;
|
ut64 brk_start = UT64_MAX, brk_end = UT64_MAX;
|
||||||
|
if (num_bin > 126 || num_bin < 0) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
ut64 bin = main_arena->bins[num_bin];
|
||||||
|
|
||||||
|
if (!bin) {
|
||||||
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
get_brks_64 (core, &brk_start, &brk_end);
|
get_brks_64 (core, &brk_start, &brk_end);
|
||||||
if (brk_start == UT64_MAX || brk_end == UT64_MAX) {
|
if (brk_start == UT64_MAX || brk_end == UT64_MAX) {
|
||||||
eprintf ("No Heap section\n");
|
eprintf ("No Heap section\n");
|
||||||
return ret;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
bin = m_arena + offset + SZ * num_bin * 2 - SZ * 2;
|
bin = m_arena + offset + SZ * num_bin * 2 - (unsigned long long)SZ * 2;
|
||||||
|
|
||||||
switch (num_bin) {
|
switch (num_bin) {
|
||||||
case 0:
|
case 0:
|
||||||
@ -458,7 +467,6 @@ static int print_double_linked_list_bin_64(RCore *core, RHeap_MallocState64 *ma
|
|||||||
}
|
}
|
||||||
|
|
||||||
PRINT_GA ("\n }\n");
|
PRINT_GA ("\n }\n");
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -497,28 +505,30 @@ static void print_heap_bin_64(RCore *core, ut64 m_arena, RHeap_MallocState64 *ma
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int print_single_linked_list_bin_64(RCore *core, RHeap_MallocState64 *main_arena, ut64 m_arena, ut64 offset, ut64 bin_num) {
|
static int print_single_linked_list_bin_64(RCore *core, RHeap_MallocState64 *main_arena, ut64 m_arena, ut64 offset, ut64 bin_num) {
|
||||||
|
if (!core || !core->dbg || !core->dbg->maps) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
ut64 next = UT64_MAX, brk_start = UT64_MAX, brk_end = UT64_MAX;
|
ut64 next = UT64_MAX, brk_start = UT64_MAX, brk_end = UT64_MAX;
|
||||||
ut64 bin = main_arena->fastbinsY[bin_num];
|
ut64 bin = main_arena->fastbinsY[bin_num];
|
||||||
if (!bin) {
|
if (!bin) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
RHeapChunk64 *cnk = R_NEW0 (RHeapChunk64);
|
RHeapChunk64 *cnk = R_NEW0 (RHeapChunk64);
|
||||||
|
|
||||||
if (!cnk) {
|
if (!cnk) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!core || !core->dbg || !core->dbg->maps) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
bin = m_arena + offset + SZ * bin_num;
|
bin = m_arena + offset + SZ * bin_num;
|
||||||
r_core_read_at (core, bin, (ut8 *)&next, SZ);
|
r_core_read_at (core, bin, (ut8 *)&next, SZ);
|
||||||
|
|
||||||
get_brks_64 (core, &brk_start, &brk_end);
|
get_brks_64 (core, &brk_start, &brk_end);
|
||||||
if (brk_start == UT64_MAX || brk_end == UT64_MAX) {
|
if (brk_start == UT64_MAX || brk_end == UT64_MAX) {
|
||||||
eprintf ("No Heap section\n");
|
eprintf ("No Heap section\n");
|
||||||
return 0;
|
free (cnk);
|
||||||
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
PRINTF_GA (" fastbin %d @ ", bin_num + 1);
|
PRINTF_GA (" fastbin %d @ ", bin_num + 1);
|
||||||
@ -546,6 +556,7 @@ static int print_single_linked_list_bin_64(RCore *core, RHeap_MallocState64 *mai
|
|||||||
PRINTF_RA (" 0x%"PFMT64x, next);
|
PRINTF_RA (" 0x%"PFMT64x, next);
|
||||||
PRINT_RA (" Linked list corrupted\n");
|
PRINT_RA (" Linked list corrupted\n");
|
||||||
PRINT_GA ("\n }\n");
|
PRINT_GA ("\n }\n");
|
||||||
|
free (cnk);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -554,6 +565,7 @@ static int print_single_linked_list_bin_64(RCore *core, RHeap_MallocState64 *mai
|
|||||||
PRINTF_RA ("0x%"PFMT64x, next);
|
PRINTF_RA ("0x%"PFMT64x, next);
|
||||||
PRINT_RA (" Double free detected\n");
|
PRINT_RA (" Double free detected\n");
|
||||||
PRINT_GA ("\n }\n");
|
PRINT_GA ("\n }\n");
|
||||||
|
free (cnk);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -562,11 +574,13 @@ static int print_single_linked_list_bin_64(RCore *core, RHeap_MallocState64 *mai
|
|||||||
PRINTF_RA ("0x%"PFMT64x, next);
|
PRINTF_RA ("0x%"PFMT64x, next);
|
||||||
PRINT_RA (" Linked list corrupted\n");
|
PRINT_RA (" Linked list corrupted\n");
|
||||||
PRINT_GA ("\n }\n");
|
PRINT_GA ("\n }\n");
|
||||||
return 1;
|
free (cnk);
|
||||||
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
PRINT_GA ("\n }\n");
|
PRINT_GA ("\n }\n");
|
||||||
return -1;
|
free (cnk);
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void print_heap_fastbin_64(RCore *core, ut64 m_arena, RHeap_MallocState64 *main_arena, const char *input) {
|
static void print_heap_fastbin_64(RCore *core, ut64 m_arena, RHeap_MallocState64 *main_arena, const char *input) {
|
||||||
@ -601,13 +615,12 @@ static void print_heap_fastbin_64(RCore *core, ut64 m_arena, RHeap_MallocState64
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void print_mmap_graph_64(RCore *core, RHeap_MallocState64 *malloc_state, ut64 m_state) {
|
static void print_mmap_graph_64(RCore *core, RHeap_MallocState64 *malloc_state, ut64 m_state) {
|
||||||
int w, h;
|
|
||||||
ut64 top_size = UT64_MAX;
|
|
||||||
|
|
||||||
if (!core || !core->dbg || !core->dbg->maps) {
|
if (!core || !core->dbg || !core->dbg->maps) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int w, h;
|
||||||
|
ut64 top_size = UT64_MAX;
|
||||||
w = r_cons_get_size (&h);
|
w = r_cons_get_size (&h);
|
||||||
RConsCanvas *can = r_cons_canvas_new (w, h);
|
RConsCanvas *can = r_cons_canvas_new (w, h);
|
||||||
can->color = r_config_get_i (core->config, "scr.color");
|
can->color = r_config_get_i (core->config, "scr.color");
|
||||||
@ -615,9 +628,11 @@ static void print_mmap_graph_64(RCore *core, RHeap_MallocState64 *malloc_state,
|
|||||||
RANode *top = {0}, *chunk_node = {0}, *prev_node = {0};
|
RANode *top = {0}, *chunk_node = {0}, *prev_node = {0};
|
||||||
RHeapChunk64 *cnk = R_NEW0 (RHeapChunk64), *prev_c = R_NEW0 (RHeapChunk64);
|
RHeapChunk64 *cnk = R_NEW0 (RHeapChunk64), *prev_c = R_NEW0 (RHeapChunk64);
|
||||||
|
|
||||||
if (!cnk || !prev_c) {
|
if (!cnk || !prev_c || !can || !g) {
|
||||||
free (cnk);
|
free (cnk);
|
||||||
free (prev_c);
|
free (prev_c);
|
||||||
|
free (can);
|
||||||
|
free (g);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -665,14 +680,19 @@ static void print_mmap_graph_64(RCore *core, RHeap_MallocState64 *malloc_state,
|
|||||||
free (node_title);
|
free (node_title);
|
||||||
}
|
}
|
||||||
r_agraph_print (g);
|
r_agraph_print (g);
|
||||||
|
|
||||||
|
free (g);
|
||||||
free (cnk);
|
free (cnk);
|
||||||
|
free (can);
|
||||||
free (prev_c);
|
free (prev_c);
|
||||||
free (top_data);
|
free (top_data);
|
||||||
free (top_title);
|
free (top_title);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void print_heap_graph_64(RCore *core, RHeap_MallocState64 *main_arena, ut64 *initial_brk) {
|
static void print_heap_graph_64(RCore *core, RHeap_MallocState64 *main_arena, ut64 *initial_brk) {
|
||||||
|
if (!core || !core->dbg || !core->dbg->maps) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
int w, h;
|
int w, h;
|
||||||
ut64 top_size = UT64_MAX;
|
ut64 top_size = UT64_MAX;
|
||||||
w = r_cons_get_size (&h);
|
w = r_cons_get_size (&h);
|
||||||
@ -682,7 +702,11 @@ static void print_heap_graph_64(RCore *core, RHeap_MallocState64 *main_arena, ut
|
|||||||
RANode *top = {0}, *chunk_node = {0}, *prev_node = {0};
|
RANode *top = {0}, *chunk_node = {0}, *prev_node = {0};
|
||||||
RHeapChunk64 *cnk = R_NEW0 (RHeapChunk64), *prev_c = R_NEW0 (RHeapChunk64);
|
RHeapChunk64 *cnk = R_NEW0 (RHeapChunk64), *prev_c = R_NEW0 (RHeapChunk64);
|
||||||
|
|
||||||
if (!cnk || !prev_c) {
|
if (!cnk || !prev_c || !can || !g) {
|
||||||
|
free (cnk);
|
||||||
|
free (prev_c);
|
||||||
|
free (can);
|
||||||
|
free (g);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -693,14 +717,15 @@ static void print_heap_graph_64(RCore *core, RHeap_MallocState64 *main_arena, ut
|
|||||||
r_agraph_set_title (g, "Heap Layout");
|
r_agraph_set_title (g, "Heap Layout");
|
||||||
top_title = r_str_newf ("Top chunk @ 0x%"PFMT64x"\n", main_arena->top);
|
top_title = r_str_newf ("Top chunk @ 0x%"PFMT64x"\n", main_arena->top);
|
||||||
|
|
||||||
if (!core || !core->dbg || !core->dbg->maps) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
get_brks_64 (core, &brk_start, &brk_end);
|
get_brks_64 (core, &brk_start, &brk_end);
|
||||||
*initial_brk = (brk_start >> 12) << 12;
|
*initial_brk = (brk_start >> 12) << 12;
|
||||||
if (brk_start == UT64_MAX || brk_end == UT64_MAX || *initial_brk == UT64_MAX) {
|
if (brk_start == UT64_MAX || brk_end == UT64_MAX || *initial_brk == UT64_MAX) {
|
||||||
eprintf ("No Heap section\n");
|
eprintf ("No Heap section\n");
|
||||||
|
free (cnk);
|
||||||
|
free (prev_c);
|
||||||
|
free (can);
|
||||||
|
free (g);
|
||||||
|
free (top_title);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -738,35 +763,36 @@ static void print_heap_graph_64(RCore *core, RHeap_MallocState64 *main_arena, ut
|
|||||||
free (node_title);
|
free (node_title);
|
||||||
}
|
}
|
||||||
r_agraph_print (g);
|
r_agraph_print (g);
|
||||||
|
free (g);
|
||||||
free (cnk);
|
free (cnk);
|
||||||
|
free (can);
|
||||||
free (prev_c);
|
free (prev_c);
|
||||||
free (top_data);
|
free (top_data);
|
||||||
free (top_title);
|
free (top_title);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void print_heap_segment64(RCore *core, RHeap_MallocState64 *main_arena, ut64 *initial_brk) {
|
static void print_heap_segment64(RCore *core, RHeap_MallocState64 *main_arena, ut64 *initial_brk) {
|
||||||
ut64 brk_start = UT64_MAX, brk_end = UT64_MAX, size_tmp;
|
if (!core || !core->dbg || !core->dbg->maps){
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
ut64 brk_start = UT64_MAX, brk_end = UT64_MAX, size_tmp;
|
||||||
ut64 top_size = UT64_MAX;
|
ut64 top_size = UT64_MAX;
|
||||||
RHeapChunk64 *cnk = R_NEW0 (RHeapChunk64);
|
RHeapChunk64 *cnk = R_NEW0 (RHeapChunk64);
|
||||||
|
|
||||||
if (!cnk) {
|
if (!cnk) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!core || !core->dbg || !core->dbg->maps){
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
get_brks_64 (core, &brk_start, &brk_end);
|
get_brks_64 (core, &brk_start, &brk_end);
|
||||||
*initial_brk = (brk_start >> 12) << 12;
|
*initial_brk = (brk_start >> 12) << 12;
|
||||||
if (brk_start == UT64_MAX || brk_end == UT64_MAX || *initial_brk == UT64_MAX) {
|
|
||||||
|
if (brk_start == UT64_MAX || brk_end == UT64_MAX || *initial_brk == UT64_MAX) {
|
||||||
eprintf ("No Heap section\n");
|
eprintf ("No Heap section\n");
|
||||||
|
free (cnk);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
ut64 next_chunk = *initial_brk, prev_chunk = next_chunk;
|
ut64 next_chunk = *initial_brk, prev_chunk = next_chunk;
|
||||||
top_size = main_arena->top - brk_start;
|
top_size = main_arena->top - brk_start;
|
||||||
bool list_corrupted = false;
|
|
||||||
while (next_chunk && next_chunk >= brk_start && next_chunk < main_arena->top) {
|
while (next_chunk && next_chunk >= brk_start && next_chunk < main_arena->top) {
|
||||||
r_core_read_at (core, next_chunk, (ut8 *)cnk, sizeof (RHeapChunk64));
|
r_core_read_at (core, next_chunk, (ut8 *)cnk, sizeof (RHeapChunk64));
|
||||||
size_tmp = (cnk->size >> 3) << 3;
|
size_tmp = (cnk->size >> 3) << 3;
|
||||||
@ -779,8 +805,8 @@ static void print_heap_segment64(RCore *core, RHeap_MallocState64 *main_arena, u
|
|||||||
}
|
}
|
||||||
PRINT_YA ("\n Malloc chunk @ ");
|
PRINT_YA ("\n Malloc chunk @ ");
|
||||||
PRINTF_BA ("0x%"PFMT64x" ", prev_chunk);
|
PRINTF_BA ("0x%"PFMT64x" ", prev_chunk);
|
||||||
|
|
||||||
bool is_free = false;
|
bool is_free = false;
|
||||||
ut64 double_free = UT64_MAX;
|
ut64 double_free = UT64_MAX;
|
||||||
if (size_tmp >= SZ * 4 && size_tmp <= SZ * 24) {
|
if (size_tmp >= SZ * 4 && size_tmp <= SZ * 24) {
|
||||||
int i = (size_tmp / (SZ * 2)) - 2;
|
int i = (size_tmp / (SZ * 2)) - 2;
|
||||||
@ -801,11 +827,6 @@ static void print_heap_segment64(RCore *core, RHeap_MallocState64 *main_arena, u
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (list_corrupted) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
next_chunk += size_tmp;
|
next_chunk += size_tmp;
|
||||||
prev_chunk = next_chunk;
|
prev_chunk = next_chunk;
|
||||||
r_core_read_at (core, next_chunk, (ut8 *)cnk, sizeof (RHeapChunk64));
|
r_core_read_at (core, next_chunk, (ut8 *)cnk, sizeof (RHeapChunk64));
|
||||||
@ -832,12 +853,11 @@ static void print_heap_segment64(RCore *core, RHeap_MallocState64 *main_arena, u
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void print_heap_mmaped64(RCore *core, ut64 malloc_state) {
|
static void print_heap_mmaped64(RCore *core, ut64 malloc_state) {
|
||||||
ut64 mmap_start = UT64_MAX, mmap_end = UT64_MAX, size_tmp;
|
|
||||||
ut64 top_size = UT64_MAX;
|
|
||||||
|
|
||||||
if (!core || !core->dbg || !core->dbg->maps){
|
if (!core || !core->dbg || !core->dbg->maps){
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
ut64 mmap_start = UT64_MAX, mmap_end = UT64_MAX, size_tmp;
|
||||||
|
ut64 top_size = UT64_MAX;
|
||||||
RHeapChunk64 *cnk = R_NEW0 (RHeapChunk64);
|
RHeapChunk64 *cnk = R_NEW0 (RHeapChunk64);
|
||||||
|
|
||||||
if (!cnk) {
|
if (!cnk) {
|
||||||
@ -854,7 +874,6 @@ static void print_heap_mmaped64(RCore *core, ut64 malloc_state) {
|
|||||||
r_core_read_at (core, ms->top, (ut8*)cnk, sizeof (RHeapChunk64));
|
r_core_read_at (core, ms->top, (ut8*)cnk, sizeof (RHeapChunk64));
|
||||||
top_size = (cnk->size >> 3) << 3;
|
top_size = (cnk->size >> 3) << 3;
|
||||||
|
|
||||||
bool list_corrupted = false;
|
|
||||||
|
|
||||||
while ( next_chunk && next_chunk >= mmap_start && next_chunk < ms->top) {
|
while ( next_chunk && next_chunk >= mmap_start && next_chunk < ms->top) {
|
||||||
r_core_read_at (core, next_chunk, (ut8 *)cnk, sizeof (RHeapChunk64));
|
r_core_read_at (core, next_chunk, (ut8 *)cnk, sizeof (RHeapChunk64));
|
||||||
@ -872,7 +891,7 @@ static void print_heap_mmaped64(RCore *core, ut64 malloc_state) {
|
|||||||
|
|
||||||
bool is_free = false;
|
bool is_free = false;
|
||||||
ut64 double_free = UT64_MAX;
|
ut64 double_free = UT64_MAX;
|
||||||
if (size_tmp >= SZ * 4 && size_tmp <= SZ * 24) {
|
if (size_tmp >= (ut64)SZ * 4 && size_tmp <= SZ * 24) {
|
||||||
int i = (size_tmp / (SZ * 2)) - 2;
|
int i = (size_tmp / (SZ * 2)) - 2;
|
||||||
ut64 next = ms->fastbinsY[i];
|
ut64 next = ms->fastbinsY[i];
|
||||||
double_free = next;
|
double_free = next;
|
||||||
@ -892,10 +911,6 @@ static void print_heap_mmaped64(RCore *core, ut64 malloc_state) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (list_corrupted) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
next_chunk += size_tmp;
|
next_chunk += size_tmp;
|
||||||
prev_chunk = next_chunk;
|
prev_chunk = next_chunk;
|
||||||
r_core_read_at (core, next_chunk, (ut8 *)cnk, sizeof (RHeapChunk64));
|
r_core_read_at (core, next_chunk, (ut8 *)cnk, sizeof (RHeapChunk64));
|
||||||
@ -925,10 +940,14 @@ static void print_heap_mmaped64(RCore *core, ut64 malloc_state) {
|
|||||||
|
|
||||||
void print_malloc_states64( RCore *core, ut64 m_arena, RHeap_MallocState64 *main_arena) {
|
void print_malloc_states64( RCore *core, ut64 m_arena, RHeap_MallocState64 *main_arena) {
|
||||||
RHeap_MallocState64 *ta = R_NEW0 (RHeap_MallocState64);
|
RHeap_MallocState64 *ta = R_NEW0 (RHeap_MallocState64);
|
||||||
|
if (!ta) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
PRINT_YA ("main_arena @ ");
|
PRINT_YA ("main_arena @ ");
|
||||||
PRINTF_BA ("0x%"PFMT64x"\n", m_arena);
|
PRINTF_BA ("0x%"PFMT64x"\n", m_arena);
|
||||||
|
|
||||||
if (main_arena->next == m_arena) {
|
if (main_arena->next == m_arena) {
|
||||||
|
free (ta);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
ta->next = main_arena->next;
|
ta->next = main_arena->next;
|
||||||
@ -1062,6 +1081,7 @@ static int cmd_dbg_map_heap_glibc_64(RCore *core, const char *input) {
|
|||||||
r_core_read_at (core, m_state, (ut8*)malloc_state, sizeof (RHeap_MallocState64));
|
r_core_read_at (core, m_state, (ut8*)malloc_state, sizeof (RHeap_MallocState64));
|
||||||
print_heap_bin_64 (core, m_state, malloc_state, bin);
|
print_heap_bin_64 (core, m_state, malloc_state, bin);
|
||||||
free (malloc_state);
|
free (malloc_state);
|
||||||
|
free (dup);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@ -1085,6 +1105,7 @@ static int cmd_dbg_map_heap_glibc_64(RCore *core, const char *input) {
|
|||||||
r_core_read_at (core, m_state, (ut8*)malloc_state, sizeof (RHeap_MallocState64));
|
r_core_read_at (core, m_state, (ut8*)malloc_state, sizeof (RHeap_MallocState64));
|
||||||
print_heap_fastbin_64 (core, m_state, malloc_state, bin);
|
print_heap_fastbin_64 (core, m_state, malloc_state, bin);
|
||||||
free (malloc_state);
|
free (malloc_state);
|
||||||
|
free (dup);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user