Hi,
On Sat, Jul 12, 2014 at 02:27:06AM +0200, B??lint R??czey wrote:
> I plan using ASAN for all programs which would catch (among others)
> use-after-free and reading below or over the malloc()-ed
> memory area. Those can't be caught if the program uses another layer
> of bulk memory allocations.
> g_malloc() and g_slice_* has the same problem, but they can be
> overrideb by passing G_SLICE=always-malloc .
We have these environment variables also, ver{3, 4} introduce WIRESHARK_DEBUG_WMEM_OBJECT_POOL_SKIP,
where you can set, and object pool will not maintain free list of objects.
I see no problem with enabling it by default when building with ASAN.
Also it should be quite easy to use ASAN manual poisoning[1] with object pool API.
wmem_object_pool_alloc(wmem_allocator_t *allocator, wmem_object_pool_t *pool):
if (pool->current_count > 0) {
...
ASAN_UNPOISON_MEMORY_REGION(pool->free_list, pool->object_size);
pool->free_list = pool->free_list->next;
wmem_object_pool_free(wmem_allocator_t *allocator, wmem_object_pool_t *pool, void *ptr)
...
ASAN_POISON_MEMORY_REGION(ptr, pool->object_size);
(not tested).
Cheers,
Jakub.
[1] http://code.google.com/p/address-sanitizer/wiki/ManualPoisoning