Implment AST vmalloc buffer poisoning

This is to help debug issue #398 without going all the way of replacing
AST vmalloc with the system malloc. It causes buffers allocated (other
than via `calloc()`) and freed to be poisoned with a known pattern that
will result in a SIGSEGV if it is used as a pointer.

.travis.yml

@@ -24,7 +24,8 @@ before_install:
     - docker pull ${OS_TYPE}
 
 script:
-    # TODO: Check how to set MESON_TESTTHREADS dynamically
+    # TODO: Check how to set MESON_TESTTHREADS dynamically.
+    # TODO: Change "meson test" to "meson test --setup=malloc" when #398 is fixed.
     - echo > build.sh "set -e;
         export CFLAGS='-fno-strict-aliasing -Wno-unknown-pragmas -Wno-missing-braces -Wno-unused-result -Wno-return-type -Wno-int-to-pointer-cast -Wno-parentheses -Wno-unused -Wno-unused-but-set-variable -Wno-cpp -Wno-char-subscripts';
         cd /source;
@@ -37,7 +38,7 @@ script:
         echo ==== Running unit tests;
         ulimit -n 1024;
         export MESON_TESTTHREADS=$(( 4 * CORE_COUNT ));
-        if ! meson test --setup=malloc; then cat meson-logs/testlog-malloc.txt; exit 1; fi;
+        if ! meson test; then cat meson-logs/testlog-malloc.txt; exit 1; fi;
         "
 
     - chmod a+x build.sh

meson.build

@@ -22,6 +22,8 @@ feature_test_args = ['-std=gnu99', '-D_GNU_SOURCE']
 # To use these add `--setup=malloc` to your `meson test` command.
 #
 malloc_debug_env = environment()
+# These env vars are recognized by AST vmalloc.
+malloc_debug_env.set('VMALLOC_OPTIONS', 'junk')
 # These env vars are recognized by GNU malloc.
 malloc_debug_env.set('MALLOC_CHECK_', '3')
 malloc_debug_env.set('MALLOC_PERTURB_', '165')  # 0xA5

src/lib/libast/vmalloc/malloc.c

@@ -354,6 +354,9 @@ void _vmoptions(int boot) {
                                 _Vmassert &= ~b;
                         } while ((v = strchr(v, ':')) && ++v);
                     break;
+                case 'j': /* junk */
+                    if (boot & 1) _Vmassert |= VM_junk;
+                    break;
                 case 'k': /* keep */
                     if (boot & 2) _Vmassert |= VM_keep;
                     break;
@@ -619,6 +622,7 @@ extern Void_t *malloc(size_t size) {
 
     VMPROLOGUE(0);
     addr = (*Vmregion->meth.allocf)(Vmregion, size, 0);
+    if (addr && (_Vmassert & VM_junk)) memset(addr, 0x55, size);
     VMEPILOGUE(0);
 
     return VMRECORD(addr);
@@ -632,8 +636,16 @@ extern Void_t *realloc(Void_t *data, size_t size) {
 
     if (!data)
         return malloc(size);
-    else if ((vm = vmregion(data)))
+    else if ((vm = vmregion(data))) {
+        int old_size = TRUEBDSZ(BLOCK(data)) / sizeof(unsigned int);
         addr = (*vm->meth.resizef)(vm, data, size, VM_RSCOPY | VM_RSMOVE, 0);
+        if (addr && (_Vmassert & VM_junk)) {
+            int new_size = TRUEBDSZ(BLOCK(addr)) / sizeof(unsigned int);
+            for (int i = old_size; i < new_size; i++) {
+                ((unsigned int *)addr)[i] = 0x66666666;
+            }
+        }
+    }
     else /* not our data */
 #if USE_NATIVE
         addr = native_realloc(data, size);
@@ -651,10 +663,18 @@ extern void free(Void_t *data) {
     VMPROLOGUE(1);
 
     if (data && !(_Vmassert & VM_keep)) {
-        if ((vm = vmregion(data))) (void)(*vm->meth.freef)(vm, data, 0);
+        if ((vm = vmregion(data))) {
+            if (_Vmassert & VM_junk) {
+                int old_size = TRUEBDSZ(BLOCK(data)) / sizeof(unsigned int);
+                for (int i = 0; i < old_size; i++) {
+                    ((unsigned int *)data)[i] = 0xA5A5A5A5;
+                }
+            }
+            (void)(*vm->meth.freef)(vm, data, 0);
+        }
 #if USE_NATIVE
-        else /* not our data */
-            native_free(data);
+            else /* not our data */
+                native_free(data);
 #endif
     }
 

src/lib/libast/vmalloc/vmhdr.h

@@ -129,6 +129,8 @@ typedef struct _seg_s Seg_t;     /* the type of a raw memory segment	*/
 #define VM_safe 0x08000000   /* safe MAP_ANON emulation of sbrk()	*/
 #define VM_zero 0x10000000   /* /dev/zero block allocator		*/
 
+#define VM_junk 0x20000000   /* fill allocated and freed blocks with junk */
+
 #define VM_GETMEMORY (VM_anon | VM_break | VM_native | VM_safe | VM_zero)
 
 #ifndef DEBUG