Wireshark-dev: Re: [Wireshark-dev] tvb allocator (was: Re: [Wireshark-commits] master b6d20a2:
Date: Tue, 22 Jul 2014 00:52:00 +0200
Hi,

On Sat, Jul 12, 2014 at 02:27:06AM +0200, B??lint R??czey wrote:
> I plan using ASAN for all programs which would catch (among others)
> use-after-free and reading below or over the malloc()-ed
> memory area. Those can't be caught if the program uses another layer
> of bulk memory allocations.
> g_malloc() and g_slice_* has the same problem, but they can be
> overrideb by passing G_SLICE=always-malloc .

We have these environment variables also, ver{3, 4} introduce WIRESHARK_DEBUG_WMEM_OBJECT_POOL_SKIP, 
where you can set, and object pool will not maintain free list of objects.

I see no problem with enabling it by default when building with ASAN.

Also it should be quite easy to use ASAN manual poisoning[1] with object pool API.

wmem_object_pool_alloc(wmem_allocator_t *allocator, wmem_object_pool_t *pool):
    if (pool->current_count > 0) {
        ...
	ASAN_UNPOISON_MEMORY_REGION(pool->free_list, pool->object_size);
	pool->free_list = pool->free_list->next;

wmem_object_pool_free(wmem_allocator_t *allocator, wmem_object_pool_t *pool, void *ptr)
    ...
    ASAN_POISON_MEMORY_REGION(ptr, pool->object_size);

(not tested).

Cheers,
Jakub.

[1] http://code.google.com/p/address-sanitizer/wiki/ManualPoisoning