374330e2 |
1 | #include <windows.h> |
2 | #include <stdio.h> |
3 | #include <stdlib.h> |
4 | #include "putty.h" |
5 | |
b191636d |
6 | /* |
7 | * My own versions of malloc, realloc and free. Because I want |
8 | * malloc and realloc to bomb out and exit the program if they run |
9 | * out of memory, realloc to reliably call malloc if passed a NULL |
10 | * pointer, and free to reliably do nothing if passed a NULL |
11 | * pointer. We can also put trace printouts in, if we need to; and |
12 | * we can also replace the allocator with an ElectricFence-like |
13 | * one. |
14 | */ |
15 | |
16 | #ifdef MINEFIELD |
17 | /* |
18 | * Minefield - a Windows equivalent for Electric Fence |
19 | */ |
20 | |
21 | #define PAGESIZE 4096 |
22 | |
23 | /* |
24 | * Design: |
25 | * |
26 | * We start by reserving as much virtual address space as Windows |
27 | * will sensibly (or not sensibly) let us have. We flag it all as |
28 | * invalid memory. |
29 | * |
30 | * Any allocation attempt is satisfied by committing one or more |
31 | * pages, with an uncommitted page on either side. The returned |
32 | * memory region is jammed up against the _end_ of the pages. |
33 | * |
34 | * Freeing anything causes instantaneous decommitment of the pages |
35 | * involved, so stale pointers are caught as soon as possible. |
36 | */ |
37 | |
38 | static int minefield_initialised = 0; |
39 | static void *minefield_region = NULL; |
40 | static long minefield_size = 0; |
41 | static long minefield_npages = 0; |
42 | static long minefield_curpos = 0; |
43 | static unsigned short *minefield_admin = NULL; |
44 | static void *minefield_pages = NULL; |
45 | |
46 | static void minefield_admin_hide(int hide) { |
47 | int access = hide ? PAGE_NOACCESS : PAGE_READWRITE; |
48 | VirtualProtect(minefield_admin, minefield_npages*2, access, NULL); |
49 | } |
50 | |
51 | static void minefield_init(void) { |
52 | int size; |
53 | int admin_size; |
54 | int i; |
55 | |
56 | for (size = 0x40000000; size > 0; size = ((size >> 3) * 7) &~ 0xFFF) { |
57 | printf("trying size=%d\n", size); |
58 | minefield_region = VirtualAlloc(NULL, size, |
59 | MEM_RESERVE, PAGE_NOACCESS); |
60 | if (minefield_region) |
61 | break; |
62 | } |
63 | minefield_size = size; |
64 | printf("got region %p size %d\n", minefield_region, minefield_size); |
65 | |
66 | /* |
67 | * Firstly, allocate a section of that to be the admin block. |
68 | * We'll need a two-byte field for each page. |
69 | */ |
70 | minefield_admin = minefield_region; |
71 | minefield_npages = minefield_size / PAGESIZE; |
72 | admin_size = (minefield_npages * 2 + PAGESIZE-1) &~ (PAGESIZE-1); |
73 | minefield_npages = (minefield_size - admin_size) / PAGESIZE; |
74 | minefield_pages = (char *)minefield_region + admin_size; |
75 | printf("admin at %p, pages at %p, npages %x, admin_size %x\n", |
76 | minefield_admin, minefield_pages, minefield_npages, |
77 | admin_size); |
78 | |
79 | /* |
80 | * Commit the admin region. |
81 | */ |
82 | VirtualAlloc(minefield_admin, minefield_npages * 2, |
83 | MEM_COMMIT, PAGE_READWRITE); |
84 | |
85 | /* |
86 | * Mark all pages as unused (0xFFFF). |
87 | */ |
88 | for (i = 0; i < minefield_npages; i++) |
89 | minefield_admin[i] = 0xFFFF; |
90 | |
91 | /* |
92 | * Hide the admin region. |
93 | */ |
94 | minefield_admin_hide(1); |
95 | |
96 | minefield_initialised = 1; |
97 | } |
98 | |
99 | static void minefield_bomb(void) { |
100 | div(1, *(int*)minefield_pages); |
101 | } |
102 | |
103 | static void *minefield_alloc(int size) { |
104 | int npages; |
105 | int pos, lim, region_end, region_start; |
106 | int start; |
107 | int i; |
108 | |
109 | npages = (size + PAGESIZE-1) / PAGESIZE; |
110 | |
111 | minefield_admin_hide(0); |
112 | |
113 | /* |
114 | * Search from current position until we find a contiguous |
115 | * bunch of npages+2 unused pages. |
116 | */ |
117 | pos = minefield_curpos; |
118 | lim = minefield_npages; |
119 | while (1) { |
120 | /* Skip over used pages. */ |
121 | while (pos < lim && minefield_admin[pos] != 0xFFFF) |
122 | pos++; |
123 | /* Count unused pages. */ |
124 | start = pos; |
125 | while (pos < lim && pos - start < npages+2 && |
126 | minefield_admin[pos] == 0xFFFF) |
127 | pos++; |
128 | if (pos - start == npages+2) |
129 | break; |
130 | /* If we've reached the limit, reset the limit or stop. */ |
131 | if (pos >= lim) { |
132 | if (lim == minefield_npages) { |
133 | /* go round and start again at zero */ |
134 | lim = minefield_curpos; |
135 | pos = 0; |
136 | } else { |
137 | minefield_admin_hide(1); |
138 | return NULL; |
139 | } |
140 | } |
141 | } |
142 | |
143 | minefield_curpos = pos-1; |
144 | |
145 | /* |
146 | * We have npages+2 unused pages starting at start. We leave |
147 | * the first and last of these alone and use the rest. |
148 | */ |
149 | region_end = (start + npages+1) * PAGESIZE; |
150 | region_start = region_end - size; |
151 | /* FIXME: could align here if we wanted */ |
152 | |
153 | /* |
154 | * Update the admin region. |
155 | */ |
156 | for (i = start + 2; i < start + npages-1; i++) |
157 | minefield_admin[i] = 0xFFFE; /* used but no region starts here */ |
158 | minefield_admin[start+1] = region_start % PAGESIZE; |
159 | |
160 | minefield_admin_hide(1); |
161 | |
162 | VirtualAlloc((char *)minefield_pages + region_start, size, |
163 | MEM_COMMIT, PAGE_READWRITE); |
164 | return (char *)minefield_pages + region_start; |
165 | } |
166 | |
167 | static void minefield_free(void *ptr) { |
168 | int region_start, i, j; |
169 | |
170 | minefield_admin_hide(0); |
171 | |
172 | region_start = (char *)ptr - (char *)minefield_pages; |
173 | i = region_start / PAGESIZE; |
174 | if (i < 0 || i >= minefield_npages || |
175 | minefield_admin[i] != region_start % PAGESIZE) |
176 | minefield_bomb(); |
177 | for (j = i; j < minefield_npages && minefield_admin[j] != 0xFFFF; j++) { |
178 | minefield_admin[j] = 0xFFFF; |
179 | } |
180 | |
181 | VirtualFree(ptr, j*PAGESIZE - region_start, MEM_DECOMMIT); |
182 | |
183 | minefield_admin_hide(1); |
184 | } |
185 | |
186 | static int minefield_get_size(void *ptr) { |
187 | int region_start, i, j; |
188 | |
189 | minefield_admin_hide(0); |
190 | |
191 | region_start = (char *)ptr - (char *)minefield_pages; |
192 | i = region_start / PAGESIZE; |
193 | if (i < 0 || i >= minefield_npages || |
194 | minefield_admin[i] != region_start % PAGESIZE) |
195 | minefield_bomb(); |
196 | for (j = i; j < minefield_npages && minefield_admin[j] != 0xFFFF; j++); |
197 | |
198 | minefield_admin_hide(1); |
199 | |
200 | return j*PAGESIZE - region_start; |
201 | } |
202 | |
203 | static void *minefield_c_malloc(size_t size) { |
204 | if (!minefield_initialised) minefield_init(); |
205 | return minefield_alloc(size); |
206 | } |
207 | |
208 | static void minefield_c_free(void *p) { |
209 | if (!minefield_initialised) minefield_init(); |
210 | minefield_free(p); |
211 | } |
212 | |
213 | /* |
214 | * realloc _always_ moves the chunk, for rapid detection of code |
215 | * that assumes it won't. |
216 | */ |
217 | static void *minefield_c_realloc(void *p, size_t size) { |
218 | size_t oldsize; |
219 | void *q; |
220 | if (!minefield_initialised) minefield_init(); |
221 | q = minefield_alloc(size); |
222 | oldsize = minefield_get_size(p); |
223 | memcpy(q, p, (oldsize < size ? oldsize : size)); |
224 | minefield_free(p); |
225 | return q; |
226 | } |
227 | |
228 | #endif /* MINEFIELD */ |
374330e2 |
229 | |
230 | #ifdef MALLOC_LOG |
231 | static FILE *fp = NULL; |
232 | |
233 | void mlog(char *file, int line) { |
c662dbc0 |
234 | if (!fp) { |
374330e2 |
235 | fp = fopen("putty_mem.log", "w"); |
c662dbc0 |
236 | setvbuf(fp, NULL, _IONBF, BUFSIZ); |
237 | } |
374330e2 |
238 | if (fp) |
239 | fprintf (fp, "%s:%d: ", file, line); |
240 | } |
241 | #endif |
242 | |
243 | void *safemalloc(size_t size) { |
b191636d |
244 | void *p; |
245 | #ifdef MINEFIELD |
246 | p = minefield_c_malloc (size); |
247 | #else |
248 | p = malloc (size); |
249 | #endif |
374330e2 |
250 | if (!p) { |
251 | MessageBox(NULL, "Out of memory!", "PuTTY Fatal Error", |
252 | MB_SYSTEMMODAL | MB_ICONERROR | MB_OK); |
253 | exit(1); |
254 | } |
255 | #ifdef MALLOC_LOG |
256 | if (fp) |
257 | fprintf(fp, "malloc(%d) returns %p\n", size, p); |
258 | #endif |
259 | return p; |
260 | } |
261 | |
262 | void *saferealloc(void *ptr, size_t size) { |
263 | void *p; |
b191636d |
264 | if (!ptr) { |
265 | #ifdef MINEFIELD |
266 | p = minefield_c_malloc (size); |
267 | #else |
374330e2 |
268 | p = malloc (size); |
b191636d |
269 | #endif |
270 | } else { |
271 | #ifdef MINEFIELD |
272 | p = minefield_c_realloc (ptr, size); |
273 | #else |
374330e2 |
274 | p = realloc (ptr, size); |
b191636d |
275 | #endif |
276 | } |
374330e2 |
277 | if (!p) { |
278 | MessageBox(NULL, "Out of memory!", "PuTTY Fatal Error", |
279 | MB_SYSTEMMODAL | MB_ICONERROR | MB_OK); |
280 | exit(1); |
281 | } |
282 | #ifdef MALLOC_LOG |
283 | if (fp) |
284 | fprintf(fp, "realloc(%p,%d) returns %p\n", ptr, size, p); |
285 | #endif |
286 | return p; |
287 | } |
288 | |
289 | void safefree(void *ptr) { |
290 | if (ptr) { |
291 | #ifdef MALLOC_LOG |
292 | if (fp) |
293 | fprintf(fp, "free(%p)\n", ptr); |
294 | #endif |
b191636d |
295 | #ifdef MINEFIELD |
296 | minefield_c_free (ptr); |
297 | #else |
374330e2 |
298 | free (ptr); |
b191636d |
299 | #endif |
374330e2 |
300 | } |
301 | #ifdef MALLOC_LOG |
302 | else if (fp) |
303 | fprintf(fp, "freeing null pointer - no action taken\n"); |
304 | #endif |
305 | } |
c82bda52 |
306 | |
307 | #ifdef DEBUG |
308 | static FILE *debug_fp = NULL; |
309 | static int debug_got_console = 0; |
310 | |
311 | void dprintf(char *fmt, ...) { |
312 | char buf[2048]; |
313 | DWORD dw; |
314 | va_list ap; |
315 | |
316 | if (!debug_got_console) { |
317 | AllocConsole(); |
318 | debug_got_console = 1; |
319 | } |
320 | if (!debug_fp) { |
321 | debug_fp = fopen("debug.log", "w"); |
322 | } |
323 | |
324 | va_start(ap, fmt); |
325 | vsprintf(buf, fmt, ap); |
326 | WriteFile(GetStdHandle(STD_OUTPUT_HANDLE), buf, strlen(buf), &dw, NULL); |
327 | fputs(buf, debug_fp); |
328 | fflush(debug_fp); |
329 | va_end(ap); |
330 | } |
331 | #endif |