[u/mdw/putty] / misc.c

#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include "putty.h"

/*
 * My own versions of malloc, realloc and free. Because I want
 * malloc and realloc to bomb out and exit the program if they run
 * out of memory, realloc to reliably call malloc if passed a NULL
 * pointer, and free to reliably do nothing if passed a NULL
 * pointer. We can also put trace printouts in, if we need to; and
 * we can also replace the allocator with an ElectricFence-like
 * one.
 */

#ifdef MINEFIELD
/*
 * Minefield - a Windows equivalent for Electric Fence
 */

#define PAGESIZE 4096

/*
 * Design:
 * 
 * We start by reserving as much virtual address space as Windows
 * will sensibly (or not sensibly) let us have. We flag it all as
 * invalid memory.
 * 
 * Any allocation attempt is satisfied by committing one or more
 * pages, with an uncommitted page on either side. The returned
 * memory region is jammed up against the _end_ of the pages.
 * 
 * Freeing anything causes instantaneous decommitment of the pages
 * involved, so stale pointers are caught as soon as possible.
 */

static int minefield_initialised = 0;
static void *minefield_region = NULL;
static long minefield_size = 0;
static long minefield_npages = 0;
static long minefield_curpos = 0;
static unsigned short *minefield_admin = NULL;
static void *minefield_pages = NULL;

static void minefield_admin_hide(int hide) {
    int access = hide ? PAGE_NOACCESS : PAGE_READWRITE;
    VirtualProtect(minefield_admin, minefield_npages*2, access, NULL);
}

static void minefield_init(void) {
    int size;
    int admin_size;
    int i;

    for (size = 0x40000000; size > 0; size = ((size >> 3) * 7) &~ 0xFFF) {
        printf("trying size=%d\n", size);
        minefield_region = VirtualAlloc(NULL, size,
                                        MEM_RESERVE, PAGE_NOACCESS);
        if (minefield_region)
            break;
    }
    minefield_size = size;
    printf("got region %p size %d\n", minefield_region, minefield_size);

    /*
     * Firstly, allocate a section of that to be the admin block.
     * We'll need a two-byte field for each page.
     */
    minefield_admin = minefield_region;
    minefield_npages = minefield_size / PAGESIZE;
    admin_size = (minefield_npages * 2 + PAGESIZE-1) &~ (PAGESIZE-1);
    minefield_npages = (minefield_size - admin_size) / PAGESIZE;
    minefield_pages = (char *)minefield_region + admin_size;
    printf("admin at %p, pages at %p, npages %x, admin_size %x\n",
           minefield_admin, minefield_pages, minefield_npages,
           admin_size);

    /*
     * Commit the admin region.
     */
    VirtualAlloc(minefield_admin, minefield_npages * 2,
                 MEM_COMMIT, PAGE_READWRITE);

    /*
     * Mark all pages as unused (0xFFFF).
     */
    for (i = 0; i < minefield_npages; i++)
        minefield_admin[i] = 0xFFFF;

    /*
     * Hide the admin region.
     */
    minefield_admin_hide(1);

    minefield_initialised = 1;
}

static void minefield_bomb(void) {
    div(1, *(int*)minefield_pages);
}

static void *minefield_alloc(int size) {
    int npages;
    int pos, lim, region_end, region_start;
    int start;
    int i;

    npages = (size + PAGESIZE-1) / PAGESIZE;

    minefield_admin_hide(0);

    /*
     * Search from current position until we find a contiguous
     * bunch of npages+2 unused pages.
     */
    pos = minefield_curpos;
    lim = minefield_npages;
    while (1) {
        /* Skip over used pages. */
        while (pos < lim && minefield_admin[pos] != 0xFFFF)
            pos++;
        /* Count unused pages. */
        start = pos;
        while (pos < lim && pos - start < npages+2 &&
               minefield_admin[pos] == 0xFFFF)
            pos++;
        if (pos - start == npages+2)
            break;
        /* If we've reached the limit, reset the limit or stop. */
        if (pos >= lim) {
            if (lim == minefield_npages) {
                /* go round and start again at zero */
                lim = minefield_curpos;
                pos = 0;
            } else {
                minefield_admin_hide(1);
                return NULL;
            }
        }
    }

    minefield_curpos = pos-1;

    /*
     * We have npages+2 unused pages starting at start. We leave
     * the first and last of these alone and use the rest.
     */
    region_end = (start + npages+1) * PAGESIZE;
    region_start = region_end - size;
    /* FIXME: could align here if we wanted */

    /*
     * Update the admin region.
     */
    for (i = start + 2; i < start + npages-1; i++)
        minefield_admin[i] = 0xFFFE;   /* used but no region starts here */
    minefield_admin[start+1] = region_start % PAGESIZE;

    minefield_admin_hide(1);

    VirtualAlloc((char *)minefield_pages + region_start, size,
                 MEM_COMMIT, PAGE_READWRITE);
    return (char *)minefield_pages + region_start;
}

static void minefield_free(void *ptr) {
    int region_start, i, j;

    minefield_admin_hide(0);

    region_start = (char *)ptr - (char *)minefield_pages;
    i = region_start / PAGESIZE;
    if (i < 0 || i >= minefield_npages ||
        minefield_admin[i] != region_start % PAGESIZE)
        minefield_bomb();
    for (j = i; j < minefield_npages && minefield_admin[j] != 0xFFFF; j++) {
        minefield_admin[j] = 0xFFFF;
    }

    VirtualFree(ptr, j*PAGESIZE - region_start, MEM_DECOMMIT);

    minefield_admin_hide(1);
}

static int minefield_get_size(void *ptr) {
    int region_start, i, j;

    minefield_admin_hide(0);

    region_start = (char *)ptr - (char *)minefield_pages;
    i = region_start / PAGESIZE;
    if (i < 0 || i >= minefield_npages ||
        minefield_admin[i] != region_start % PAGESIZE)
        minefield_bomb();
    for (j = i; j < minefield_npages && minefield_admin[j] != 0xFFFF; j++);

    minefield_admin_hide(1);

    return j*PAGESIZE - region_start;
}

static void *minefield_c_malloc(size_t size) {
    if (!minefield_initialised) minefield_init();
    return minefield_alloc(size);
}

static void minefield_c_free(void *p) {
    if (!minefield_initialised) minefield_init();
    minefield_free(p);
}

/*
 * realloc _always_ moves the chunk, for rapid detection of code
 * that assumes it won't.
 */
static void *minefield_c_realloc(void *p, size_t size) {
    size_t oldsize;
    void *q;
    if (!minefield_initialised) minefield_init();
    q = minefield_alloc(size);
    oldsize = minefield_get_size(p);
    memcpy(q, p, (oldsize < size ? oldsize : size));
    minefield_free(p);
    return q;
}

#endif /* MINEFIELD */

#ifdef MALLOC_LOG
static FILE *fp = NULL;

void mlog(char *file, int line) {
    if (!fp) {
	fp = fopen("putty_mem.log", "w");
	setvbuf(fp, NULL, _IONBF, BUFSIZ);
    }
    if (fp)
	fprintf (fp, "%s:%d: ", file, line);
}
#endif

void *safemalloc(size_t size) {
    void *p;
#ifdef MINEFIELD
    p = minefield_c_malloc (size);
#else
    p = malloc (size);
#endif
    if (!p) {
	MessageBox(NULL, "Out of memory!", "PuTTY Fatal Error",
		   MB_SYSTEMMODAL | MB_ICONERROR | MB_OK);
	exit(1);
    }
#ifdef MALLOC_LOG
    if (fp)
	fprintf(fp, "malloc(%d) returns %p\n", size, p);
#endif
    return p;
}

void *saferealloc(void *ptr, size_t size) {
    void *p;
    if (!ptr) {
#ifdef MINEFIELD
	p = minefield_c_malloc (size);
#else
	p = malloc (size);
#endif
    } else {
#ifdef MINEFIELD
	p = minefield_c_realloc (ptr, size);
#else
	p = realloc (ptr, size);
#endif
    }
    if (!p) {
	MessageBox(NULL, "Out of memory!", "PuTTY Fatal Error",
		   MB_SYSTEMMODAL | MB_ICONERROR | MB_OK);
	exit(1);
    }
#ifdef MALLOC_LOG
    if (fp)
	fprintf(fp, "realloc(%p,%d) returns %p\n", ptr, size, p);
#endif
    return p;
}

void safefree(void *ptr) {
    if (ptr) {
#ifdef MALLOC_LOG
	if (fp)
	    fprintf(fp, "free(%p)\n", ptr);
#endif
#ifdef MINEFIELD
	minefield_c_free (ptr);
#else
	free (ptr);
#endif
    }
#ifdef MALLOC_LOG
    else if (fp)
	fprintf(fp, "freeing null pointer - no action taken\n");
#endif
}

#ifdef DEBUG
static FILE *debug_fp = NULL;
static int debug_got_console = 0;

void dprintf(char *fmt, ...) {
    char buf[2048];
    DWORD dw;
    va_list ap;

    if (!debug_got_console) {
	AllocConsole();
	debug_got_console = 1;
    }
    if (!debug_fp) {
	debug_fp = fopen("debug.log", "w");
    }

    va_start(ap, fmt);
    vsprintf(buf, fmt, ap);
    WriteFile(GetStdHandle(STD_OUTPUT_HANDLE), buf, strlen(buf), &dw, NULL);
    fputs(buf, debug_fp);
    fflush(debug_fp);
    va_end(ap);
}
#endif
Commit	Line	Data
374330e2	1	#include <windows.h>
	2	#include <stdio.h>
	3	#include <stdlib.h>
	4	#include "putty.h"
	5
b191636d	6	/*
	7	* My own versions of malloc, realloc and free. Because I want
	8	* malloc and realloc to bomb out and exit the program if they run
	9	* out of memory, realloc to reliably call malloc if passed a NULL
	10	* pointer, and free to reliably do nothing if passed a NULL
	11	* pointer. We can also put trace printouts in, if we need to; and
	12	* we can also replace the allocator with an ElectricFence-like
	13	* one.
	14	*/
	15
	16	#ifdef MINEFIELD
	17	/*
	18	* Minefield - a Windows equivalent for Electric Fence
	19	*/
	20
	21	#define PAGESIZE 4096
	22
	23	/*
	24	* Design:
	25	*
	26	* We start by reserving as much virtual address space as Windows
	27	* will sensibly (or not sensibly) let us have. We flag it all as
	28	* invalid memory.
	29	*
	30	* Any allocation attempt is satisfied by committing one or more
	31	* pages, with an uncommitted page on either side. The returned
	32	* memory region is jammed up against the _end_ of the pages.
	33	*
	34	* Freeing anything causes instantaneous decommitment of the pages
	35	* involved, so stale pointers are caught as soon as possible.
	36	*/
	37
	38	static int minefield_initialised = 0;
	39	static void *minefield_region = NULL;
	40	static long minefield_size = 0;
	41	static long minefield_npages = 0;
	42	static long minefield_curpos = 0;
	43	static unsigned short *minefield_admin = NULL;
	44	static void *minefield_pages = NULL;
	45
	46	static void minefield_admin_hide(int hide) {
	47	int access = hide ? PAGE_NOACCESS : PAGE_READWRITE;
	48	VirtualProtect(minefield_admin, minefield_npages*2, access, NULL);
	49	}
	50
	51	static void minefield_init(void) {
	52	int size;
	53	int admin_size;
	54	int i;
	55
	56	for (size = 0x40000000; size > 0; size = ((size >> 3) * 7) &~ 0xFFF) {
	57	printf("trying size=%d\n", size);
	58	minefield_region = VirtualAlloc(NULL, size,
	59	MEM_RESERVE, PAGE_NOACCESS);
	60	if (minefield_region)
	61	break;
	62	}
	63	minefield_size = size;
	64	printf("got region %p size %d\n", minefield_region, minefield_size);
	65
	66	/*
	67	* Firstly, allocate a section of that to be the admin block.
	68	* We'll need a two-byte field for each page.
	69	*/
70	minefield_admin = minefield_region;
71	minefield_npages = minefield_size / PAGESIZE;
72	admin_size = (minefield_npages * 2 + PAGESIZE-1) &~ (PAGESIZE-1);
73	minefield_npages = (minefield_size - admin_size) / PAGESIZE;
74	minefield_pages = (char *)minefield_region + admin_size;
75	printf("admin at %p, pages at %p, npages %x, admin_size %x\n",
76	minefield_admin, minefield_pages, minefield_npages,
77	admin_size);
78
79	/*
80	* Commit the admin region.
81	*/
82	VirtualAlloc(minefield_admin, minefield_npages * 2,
83	MEM_COMMIT, PAGE_READWRITE);
84
85	/*
86	* Mark all pages as unused (0xFFFF).
87	*/
88	for (i = 0; i < minefield_npages; i++)
89	minefield_admin[i] = 0xFFFF;
90
91	/*
92	* Hide the admin region.
93	*/
94	minefield_admin_hide(1);
95
96	minefield_initialised = 1;
97	}
98
99	static void minefield_bomb(void) {
100	div(1, (int)minefield_pages);
101	}
102
103	static void *minefield_alloc(int size) {
104	int npages;
105	int pos, lim, region_end, region_start;
106	int start;
107	int i;
108
109	npages = (size + PAGESIZE-1) / PAGESIZE;
110
111	minefield_admin_hide(0);
112
113	/*
114	* Search from current position until we find a contiguous
115	* bunch of npages+2 unused pages.
116	*/
117	pos = minefield_curpos;
118	lim = minefield_npages;
119	while (1) {
120	/* Skip over used pages. */
121	while (pos < lim && minefield_admin[pos] != 0xFFFF)
122	pos++;
123	/* Count unused pages. */
124	start = pos;
125	while (pos < lim && pos - start < npages+2 &&
126	minefield_admin[pos] == 0xFFFF)
127	pos++;
128	if (pos - start == npages+2)
129	break;
130	/* If we've reached the limit, reset the limit or stop. */
131	if (pos >= lim) {
132	if (lim == minefield_npages) {
133	/* go round and start again at zero */
134	lim = minefield_curpos;
135	pos = 0;
136	} else {
137	minefield_admin_hide(1);
138	return NULL;
139	}
140	}
141	}
142
143	minefield_curpos = pos-1;
144
145	/*
146	* We have npages+2 unused pages starting at start. We leave
147	* the first and last of these alone and use the rest.
148	*/
149	region_end = (start + npages+1) * PAGESIZE;
150	region_start = region_end - size;
151	/* FIXME: could align here if we wanted */
152
153	/*
154	* Update the admin region.
155	*/
156	for (i = start + 2; i < start + npages-1; i++)
157	minefield_admin[i] = 0xFFFE; /* used but no region starts here */
158	minefield_admin[start+1] = region_start % PAGESIZE;
159
160	minefield_admin_hide(1);
161
162	VirtualAlloc((char *)minefield_pages + region_start, size,
163	MEM_COMMIT, PAGE_READWRITE);
164	return (char *)minefield_pages + region_start;
165	}
166
167	static void minefield_free(void *ptr) {
168	int region_start, i, j;
169
170	minefield_admin_hide(0);
171
172	region_start = (char )ptr - (char )minefield_pages;
173	i = region_start / PAGESIZE;
174	if (i < 0 \|\| i >= minefield_npages \|\|
175	minefield_admin[i] != region_start % PAGESIZE)
176	minefield_bomb();
177	for (j = i; j < minefield_npages && minefield_admin[j] != 0xFFFF; j++) {
178	minefield_admin[j] = 0xFFFF;
179	}
180
181	VirtualFree(ptr, j*PAGESIZE - region_start, MEM_DECOMMIT);
182
183	minefield_admin_hide(1);
184	}
185
186	static int minefield_get_size(void *ptr) {
187	int region_start, i, j;
188
189	minefield_admin_hide(0);
190
191	region_start = (char )ptr - (char )minefield_pages;
192	i = region_start / PAGESIZE;
193	if (i < 0 \|\| i >= minefield_npages \|\|
194	minefield_admin[i] != region_start % PAGESIZE)
195	minefield_bomb();
196	for (j = i; j < minefield_npages && minefield_admin[j] != 0xFFFF; j++);
197
198	minefield_admin_hide(1);
199
200	return j*PAGESIZE - region_start;
201	}
202
203	static void *minefield_c_malloc(size_t size) {
204	if (!minefield_initialised) minefield_init();
205	return minefield_alloc(size);
206	}
207
208	static void minefield_c_free(void *p) {
209	if (!minefield_initialised) minefield_init();
210	minefield_free(p);
211	}
212
213	/*
214	* realloc _always_ moves the chunk, for rapid detection of code
215	* that assumes it won't.
216	*/
217	static void minefield_c_realloc(void p, size_t size) {
218	size_t oldsize;
219	void *q;
220	if (!minefield_initialised) minefield_init();
221	q = minefield_alloc(size);
222	oldsize = minefield_get_size(p);
223	memcpy(q, p, (oldsize < size ? oldsize : size));
224	minefield_free(p);
225	return q;
226	}
227
228	#endif /* MINEFIELD */
374330e2	229
	230	#ifdef MALLOC_LOG
	231	static FILE *fp = NULL;
	232
	233	void mlog(char *file, int line) {
c662dbc0	234	if (!fp) {
374330e2	235	fp = fopen("putty_mem.log", "w");
c662dbc0	236	setvbuf(fp, NULL, _IONBF, BUFSIZ);
c662dbc0	237	}
374330e2	238	if (fp)
	239	fprintf (fp, "%s:%d: ", file, line);
	240	}
	241	#endif
	242
	243	void *safemalloc(size_t size) {
b191636d	244	void *p;
	245	#ifdef MINEFIELD
	246	p = minefield_c_malloc (size);
	247	#else
	248	p = malloc (size);
	249	#endif
374330e2	250	if (!p) {
	251	MessageBox(NULL, "Out of memory!", "PuTTY Fatal Error",
	252	MB_SYSTEMMODAL \| MB_ICONERROR \| MB_OK);
	253	exit(1);
	254	}
	255	#ifdef MALLOC_LOG
	256	if (fp)
	257	fprintf(fp, "malloc(%d) returns %p\n", size, p);
	258	#endif
	259	return p;
	260	}
	261
	262	void saferealloc(void ptr, size_t size) {
	263	void *p;
b191636d	264	if (!ptr) {
	265	#ifdef MINEFIELD
	266	p = minefield_c_malloc (size);
	267	#else
374330e2	268	p = malloc (size);
b191636d	269	#endif
	270	} else {
	271	#ifdef MINEFIELD
	272	p = minefield_c_realloc (ptr, size);
	273	#else
374330e2	274	p = realloc (ptr, size);
b191636d	275	#endif
b191636d	276	}
374330e2	277	if (!p) {
	278	MessageBox(NULL, "Out of memory!", "PuTTY Fatal Error",
	279	MB_SYSTEMMODAL \| MB_ICONERROR \| MB_OK);
	280	exit(1);
	281	}
	282	#ifdef MALLOC_LOG
	283	if (fp)
	284	fprintf(fp, "realloc(%p,%d) returns %p\n", ptr, size, p);
	285	#endif
	286	return p;
	287	}
	288
	289	void safefree(void *ptr) {
	290	if (ptr) {
	291	#ifdef MALLOC_LOG
	292	if (fp)
	293	fprintf(fp, "free(%p)\n", ptr);
	294	#endif
b191636d	295	#ifdef MINEFIELD
	296	minefield_c_free (ptr);
	297	#else
374330e2	298	free (ptr);
b191636d	299	#endif
374330e2	300	}
	301	#ifdef MALLOC_LOG
	302	else if (fp)
	303	fprintf(fp, "freeing null pointer - no action taken\n");
	304	#endif
	305	}
c82bda52	306
	307	#ifdef DEBUG
	308	static FILE *debug_fp = NULL;
	309	static int debug_got_console = 0;
	310
	311	void dprintf(char *fmt, ...) {
	312	char buf[2048];
	313	DWORD dw;
	314	va_list ap;
	315
	316	if (!debug_got_console) {
	317	AllocConsole();
	318	debug_got_console = 1;
	319	}
	320	if (!debug_fp) {
	321	debug_fp = fopen("debug.log", "w");
	322	}
	323
	324	va_start(ap, fmt);
	325	vsprintf(buf, fmt, ap);
	326	WriteFile(GetStdHandle(STD_OUTPUT_HANDLE), buf, strlen(buf), &dw, NULL);
	327	fputs(buf, debug_fp);
	328	fflush(debug_fp);
	329	va_end(ap);
	330	}
	331	#endif