Another round of review fixes.

* handle gracefully older libc, without tcache * use aligned size for consistency with other bins
pwndbg · Mar 18, 2018 · e9d093f · e9d093f
1 parent 04778da
commit e9d093f
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 4 deletions.
diff --git a/pwndbg/commands/heap.py b/pwndbg/commands/heap.py
@@ -250,7 +250,8 @@ def bins(addr=None, tcache_addr=None):
     Prints out the contents of the tcachebins, fastbins, unsortedbin, smallbins, and largebins from the
     main_arena or the specified address.
     """
-    tcachebins(tcache_addr)
+    if pwndbg.heap.current.has_tcache():
+        tcachebins(tcache_addr)
     fastbins(addr)
     unsortedbin(addr)
     smallbins(addr)

diff --git a/pwndbg/heap/ptmalloc.py b/pwndbg/heap/ptmalloc.py
@@ -38,11 +38,14 @@ def main_arena(self):
         if main_arena_addr is not None:
             self._main_arena = pwndbg.memory.poi(self.malloc_state, main_arena_addr)
         else:
-            print(message.error('Symbol \'main arena\' not found. Try installing libc '
+            print(message.error('Symbol \'main_arena\' not found. Try installing libc '
                                 'debugging symbols and try again.'))
 
         return self._main_arena
 
+    def has_tcache(self):
+        return (self.mp and self.mp['tcache_bins'])
+
 
     @property
     def thread_cache(self):
@@ -55,8 +58,11 @@ def thread_cache(self):
             except Exception as e:
                 print(message.error('Error fetching tcache. GDB cannot access '
                                     'thread-local variables unless you compile with -lpthread.'))
-                self._thread_cache = None
         else:
+            if not has_tcache():
+                print(message.warning('Your libc does not use thread cache'))
+                return None
+
             print(message.error('Symbol \'tcache\' not found. Try installing libc '
                                 'debugging symbols and try again.'))
 
@@ -134,6 +140,12 @@ def size_sz(self):
         return pwndbg.arch.ptrsize
 
 
+    @property
+    @pwndbg.memoize.reset_on_objfile
+    def malloc_align_mask(self):
+        """Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c"""
+        return self.malloc_alignment - 1
+
     @property
     @pwndbg.memoize.reset_on_objfile
     def minsize(self):
@@ -147,6 +159,12 @@ def min_chunk_size(self):
         """Corresponds to MIN_CHUNK_SIZE in glibc malloc.c"""
         return pwndbg.arch.ptrsize * 4
 
+    def _request2size(self, req):
+        """Corresponds to request2size in glibc malloc.c"""
+        if req + self.size_sz + self.malloc_align_mask < self.minsize:
+            return self.minsize
+        return (req + self.size_sz + self.malloc_align_mask) & ~self.malloc_align_mask
+
 
     def _spaces_table(self):
         spaces_table =  [ pwndbg.arch.ptrsize * 2 ]      * 64 \
@@ -311,7 +329,7 @@ def tidx2usize(idx):
 
         result = OrderedDict()
         for i in range(num_tcachebins):
-            size = tidx2usize(i)
+            size = self._request2size(tidx2usize(i))
             count = int(counts[i])
             chain = pwndbg.chain.get(int(entries[i]), offset=self.tcache_next_offset, limit=heap_chain_limit)