You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by jo...@apache.org on 2005/10/25 15:14:21 UTC
svn commit: r328355 - /apr/apr/trunk/memory/unix/apr_pools.c
Author: jorton
Date: Tue Oct 25 06:14:14 2005
New Revision: 328355
URL: http://svn.apache.org/viewcvs?rev=328355&view=rev
Log:
* memory/unix/apr_pools.c (pool_clear_debug): Scribble over blocks
with a poison byte before freeing them to help highlight
use-after-free bugs.
Modified:
apr/apr/trunk/memory/unix/apr_pools.c
Modified: apr/apr/trunk/memory/unix/apr_pools.c
URL: http://svn.apache.org/viewcvs/apr/apr/trunk/memory/unix/apr_pools.c?rev=328355&r1=328354&r2=328355&view=diff
==============================================================================
--- apr/apr/trunk/memory/unix/apr_pools.c (original)
+++ apr/apr/trunk/memory/unix/apr_pools.c Tue Oct 25 06:14:14 2005
@@ -1356,6 +1356,8 @@
* Pool creation/destruction (debug)
*/
+#define POOL_POISON_BYTE 'A'
+
static void pool_clear_debug(apr_pool_t *pool, const char *file_line)
{
debug_node_t *node;
@@ -1383,13 +1385,18 @@
/* Clear the user data. */
pool->user_data = NULL;
- /* Free the blocks */
+ /* Free the blocks, scribbling over them first to help highlight
+ * use-after-free issues. */
while ((node = pool->nodes) != NULL) {
pool->nodes = node->next;
- for (index = 0; index < node->index; index++)
+ for (index = 0; index < node->index; index++) {
+ memset(node->beginp[index], POOL_POISON_BYTE,
+ node->endp[index] - node->beginp[index]);
free(node->beginp[index]);
+ }
+ memset(node, POOL_POISON_BYTE, SIZEOF_DEBUG_NODE_T);
free(node);
}