| // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| #include <stdio.h> |
| #include "base/allocator/allocator_shim.h" |
| |
| #include "testing/gtest/include/gtest/gtest.h" |
| |
| // TCMalloc header files |
| #include "common.h" // For TCMalloc constants like page size, etc. |
| |
| using base::allocator::TCMallocDoMallocForTest; |
| using base::allocator::TCMallocDoFreeForTest; |
| using base::allocator::ExcludeSpaceForMarkForTest; |
| |
| TEST(TCMallocFreeCheck, BadPointerInFirstPageOfTheLargeObject) { |
| char* p = reinterpret_cast<char*>( |
| TCMallocDoMallocForTest(ExcludeSpaceForMarkForTest(kMaxSize + 1))); |
| for (int offset = 1; offset < kPageSize ; offset <<= 1) { |
| ASSERT_DEATH(TCMallocDoFreeForTest(p + offset), |
| "Pointer is not pointing to the start of a span"); |
| } |
| } |
| |
| TEST(TCMallocFreeCheck, BadPageAlignedPointerInsideLargeObject) { |
| char* p = reinterpret_cast<char*>( |
| TCMallocDoMallocForTest(ExcludeSpaceForMarkForTest(kMaxSize + 1))); |
| |
| for (int offset = kPageSize; offset < kMaxSize; offset += kPageSize) { |
| // Only the first and last page of a span are in heap map. So for others |
| // tcmalloc will give a general error of invalid pointer. |
| ASSERT_DEATH(TCMallocDoFreeForTest(p + offset), |
| "Attempt to free invalid pointer"); |
| } |
| ASSERT_DEATH(TCMallocDoFreeForTest(p + kMaxSize), |
| "Pointer is not pointing to the start of a span"); |
| } |
| |
| TEST(TCMallocFreeCheck, DoubleFreeLargeObject) { |
| char* p = reinterpret_cast<char*>( |
| TCMallocDoMallocForTest(ExcludeSpaceForMarkForTest(kMaxSize + 1))); |
| ASSERT_DEATH(TCMallocDoFreeForTest(p); TCMallocDoFreeForTest(p), |
| "Object was not in-use"); |
| } |
| |
| |
| #ifdef NDEBUG |
| TEST(TCMallocFreeCheck, DoubleFreeSmallObject) { |
| for (size_t size = 1; |
| size <= ExcludeSpaceForMarkForTest(kMaxSize); |
| size <<= 1) { |
| char* p = reinterpret_cast<char*>(TCMallocDoMallocForTest(size)); |
| ASSERT_DEATH(TCMallocDoFreeForTest(p); TCMallocDoFreeForTest(p), |
| "Circular loop in list detected"); |
| } |
| } |
| #else |
| TEST(TCMallocFreeCheck, DoubleFreeSmallObject) { |
| size_t size = 1; |
| |
| // When the object is small, tcmalloc validation can not distinguish normal |
| // memory corruption or double free, because there's not enough space in |
| // freed objects to keep the mark. |
| for (; size <= ExcludeSpaceForMarkForTest(kMinClassSize); size <<= 1) { |
| char* p = reinterpret_cast<char*>(TCMallocDoMallocForTest(size)); |
| ASSERT_DEATH(TCMallocDoFreeForTest(p); TCMallocDoFreeForTest(p), |
| "Memory corrupted"); |
| } |
| |
| for (; size <= ExcludeSpaceForMarkForTest(kMaxSize); size <<= 1) { |
| char* p = reinterpret_cast<char*>(TCMallocDoMallocForTest(size)); |
| ASSERT_DEATH(TCMallocDoFreeForTest(p); TCMallocDoFreeForTest(p), |
| "Attempt to double free"); |
| } |
| } |
| #endif |
| |
| int main(int argc, char **argv) { |
| testing::InitGoogleTest(&argc, argv); |
| return RUN_ALL_TESTS(); |
| } |