For the ultimate in heap checking, if you are using the GNU compiler you can use the -fcheck-memory-usage option. This instructs the compiler to place error-checking calls before each read or write to memory. The functions that are called then check to ensure that the memory access does not overflow a heap memory allocation or access free memory.
The following test (which can be found in tests/fail/test17.c) has an example of a read from memory which overflows a memory allocation's boundaries.
23 /*
24 * Allocates a single byte of memory and then attempts to read the
25 * byte as a word, resulting in some uninitialised bytes being read.
26 * This can sometimes be detected with PAGEALLOC=UPPER but can always
27 * be detected with OFLOWWATCH or by using the -fcheck-memory-usage
28 * option of gcc.
29 */
32 #include "mpatrol.h"
35 int main(void)
36 {
37 int *p;
38 int r;
40 if (p = (int *) calloc(1, 1))
41 {
42 r = p[0];
43 free(p);
44 }
45 return EXIT_SUCCESS;
46 }
For this example, the above test must be compiled with gcc with the
-fcheck-memory-usage option on the compiler command line and linked
with the mpatrol library. Normally, the test will pass and not cause any
problems, since most malloc libraries will allocate at least one word anyway.
However, there are some instances where that will not be the case, especially
on systems where misaligned memory accesses are legal. Also, if the
implementation of calloc() only initialised the number of bytes requested
then the number read back might not be zero.
If you now run the program it should abort and produce something similar to the following in the resulting mpatrol.log.
ERROR: [RNGOVF]: range [0x00022568,0x0002256B] overflows
[0x00022568,0x00022568]
0x00022568 (1 byte) {calloc:19:0} [main|test17.c|40]
0x00010A0C main+96
0x0001087C _start+100
As you can see, the mpatrol library detected a read beyond the boundaries of the one byte memory allocation starting at `0x00022568'.