Add magic number and canary checks to malloc and free implementation (#39)

felixnagele · web-flow · commit 547cf2381101 · 2025-12-20T01:19:00.000+01:00
## Description Add magic number and canary checks to malloc and free implementation. ## Issues  Closes #37  Related: #<issue-number> ## Testing
diff --git a/include/malloc_from_scratch/memory_internal.h b/include/malloc_from_scratch/memory_internal.h
@@ -11,6 +11,7 @@ namespace internal
 
 struct MemoryBlock
 {
+    size_t magic_;
     size_t size_;
     bool allocated_;
     MemoryBlock* next_;
@@ -22,20 +23,24 @@ inline size_t total_memory_allocated = 0;
 inline pthread_mutex_t allocator_mutex = PTHREAD_MUTEX_INITIALIZER;
 
 constexpr size_t BLOCK_METADATA_SIZE = sizeof(MemoryBlock);
-constexpr size_t BLOCK_SIZE = 16;
 constexpr size_t CHUNK_SIZE = 65536;
+constexpr size_t MAGIC_NUMBER = 0xDEADBEEF;
+constexpr size_t CANARY_VALUE = 0xC0FFEE00;
+constexpr size_t CANARY_SIZE = sizeof(size_t);
 
 // malloc
 void* increaseHeap(size_t size);
 MemoryBlock* findLargeEnoughFreeMemoryBlock(MemoryBlock** block_list_head, size_t size);
 void* splitFreeMemoryBlockIfPossible(MemoryBlock* new_block, size_t size);
 void* getMemoryBlockSplitAddress(MemoryBlock* new_block, size_t size);
 void insertMemoryBlockAtEnd(MemoryBlock** block_list_head, MemoryBlock* new_block);
+void setCanary(MemoryBlock* block);
 
 // free
 void decreaseHeap(MemoryBlock* block_heap_end);
 void mergeFreeMemoryBlocks();
 void getLastMemoryBlock(MemoryBlock** block_list_tail, MemoryBlock** block_previous_from_last);
+bool isBlockCorrupted(MemoryBlock* block);
 
 // helpers
 void* getPayloadAddress(MemoryBlock* block);
@@ -44,6 +49,8 @@ MemoryBlock* getMemoryBlockFromAddress(void* address);
 size_t getSizeOfAllocatedMemoryBlock(MemoryBlock* block);
 bool isPointerInHeap(void* ptr);
 void* getErrorCodeInVoidPtr(size_t error_code);
+bool isValidBlock(MemoryBlock* block);
+bool checkCanary(MemoryBlock* block);
 
 // Test helper functions to inspect allocator state
 inline size_t getTotalUsedMemory() { return total_memory_allocated; }
diff --git a/src/free.cpp b/src/free.cpp
@@ -20,15 +20,20 @@ void free(void* ptr)
     }
 
     internal::MemoryBlock* block_to_free = internal::getMetadata(ptr);
-    if (block_to_free == nullptr || block_to_free->allocated_ == false)
+    if (!internal::isValidBlock(block_to_free))
     {
-        if (block_to_free)
+        if (internal::isBlockCorrupted(block_to_free))
         {
             exit(-1);
         }
         return;
     }
 
+    if (!internal::checkCanary(block_to_free))
+    {
+        exit(-1);
+    }
+
     internal::total_memory_allocated -= block_to_free->size_;
     block_to_free->allocated_ = false;
 
@@ -91,7 +96,7 @@ void mergeFreeMemoryBlocks()
     {
         if (current->allocated_ == false && current->next_->allocated_ == false)
         {
-            current->size_ += BLOCK_METADATA_SIZE + current->next_->size_;
+            current->size_ += BLOCK_METADATA_SIZE + CANARY_SIZE + current->next_->size_;
             current->next_ = current->next_->next_;
         }
         else
@@ -116,5 +121,7 @@ void getLastMemoryBlock(MemoryBlock** block_list_tail, MemoryBlock** block_previ
     *block_previous_from_last = previous;
 }
 
+bool isBlockCorrupted(MemoryBlock* block) { return (block && block->magic_ != MAGIC_NUMBER); }
+
 } // namespace internal
 } // namespace mem
diff --git a/src/malloc.cpp b/src/malloc.cpp
@@ -37,7 +37,7 @@ void* malloc(size_t size)
     }
     else
     {
-        total_size = internal::BLOCK_METADATA_SIZE + size;
+        total_size = internal::BLOCK_METADATA_SIZE + size + internal::CANARY_SIZE;
         is_frame_used = false;
     }
 
@@ -50,6 +50,7 @@ void* malloc(size_t size)
     internal::MemoryBlock* new_block = internal::getMemoryBlockFromAddress(new_memory_allocation);
     if (is_frame_used)
     {
+        new_block->magic_ = internal::MAGIC_NUMBER;
         new_block->size_ = internal::CHUNK_SIZE;
         new_block->allocated_ = false;
         new_block->next_ = nullptr;
@@ -59,10 +60,12 @@ void* malloc(size_t size)
     }
     else
     {
+        new_block->magic_ = internal::MAGIC_NUMBER;
         new_block->size_ = size;
         new_block->allocated_ = true;
         new_block->next_ = nullptr;
         internal::insertMemoryBlockAtEnd(&internal::block_list_head, new_block);
+        internal::setCanary(new_block);
         internal::total_memory_allocated += size;
     }
 
@@ -86,14 +89,16 @@ void* increaseHeap(size_t size)
 MemoryBlock* findLargeEnoughFreeMemoryBlock(MemoryBlock** block_list_head, size_t size)
 {
     MemoryBlock* current = *block_list_head;
+    size_t size_needed = size + CANARY_SIZE;
     while (current != nullptr)
     {
-        if (current->allocated_ == false && current->size_ >= size)
+        if (current->allocated_ == false && current->size_ >= size_needed)
         {
             return current;
         }
         current = current->next_;
     }
+
     return nullptr;
 }
 
@@ -104,12 +109,14 @@ void* splitFreeMemoryBlockIfPossible(MemoryBlock* new_block, size_t size)
         return nullptr;
     }
 
-    size_t remaining_size = new_block->size_ - size;
+    size_t size_with_canary = size + CANARY_SIZE;
+    size_t remaining_size = new_block->size_ - size_with_canary;
     char one_byte_payload_size_requirement = 1;
     if (remaining_size >= BLOCK_METADATA_SIZE + one_byte_payload_size_requirement)
     {
         void* split_address = getMemoryBlockSplitAddress(new_block, size);
         MemoryBlock* new_temp_block = getMemoryBlockFromAddress(split_address);
+        new_temp_block->magic_ = MAGIC_NUMBER;
         new_temp_block->size_ = remaining_size - BLOCK_METADATA_SIZE;
         new_temp_block->allocated_ = false;
         new_temp_block->next_ = new_block->next_;
@@ -120,17 +127,19 @@ void* splitFreeMemoryBlockIfPossible(MemoryBlock* new_block, size_t size)
     }
     else
     {
-        new_block->size_ = new_block->size_;
+        new_block->size_ = new_block->size_ - CANARY_SIZE;
         new_block->allocated_ = true;
     }
 
+    setCanary(new_block);
     total_memory_allocated += new_block->size_;
+
     return getPayloadAddress(new_block);
 }
 
 void* getMemoryBlockSplitAddress(MemoryBlock* new_block, size_t size)
 {
-    return (reinterpret_cast<char*>(new_block) + BLOCK_METADATA_SIZE + size);
+    return (reinterpret_cast<char*>(new_block) + BLOCK_METADATA_SIZE + size + CANARY_SIZE);
 }
 
 void insertMemoryBlockAtEnd(MemoryBlock** block_list_head, MemoryBlock* new_block)
@@ -150,6 +159,18 @@ void insertMemoryBlockAtEnd(MemoryBlock** block_list_head, MemoryBlock* new_bloc
     }
 }
 
+void setCanary(MemoryBlock* block)
+{
+    if (!block || block->allocated_ == false)
+    {
+        return;
+    }
+
+    size_t* canary = reinterpret_cast<size_t*>(reinterpret_cast<char*>(block) +
+                                               BLOCK_METADATA_SIZE + block->size_);
+    *canary = CANARY_VALUE;
+}
+
 // helpers
 void* getPayloadAddress(MemoryBlock* block)
 {
@@ -180,15 +201,28 @@ size_t getSizeOfAllocatedMemoryBlock(MemoryBlock* block)
 bool isPointerInHeap(void* ptr)
 {
     void* current_program_break = sbrk(0);
-    if (ptr < heap_start || ptr >= current_program_break)
+    return (ptr >= heap_start && ptr < current_program_break);
+}
+
+void* getErrorCodeInVoidPtr(size_t error_code) { return reinterpret_cast<void*>(error_code); }
+
+bool isValidBlock(MemoryBlock* block)
+{
+    return block != nullptr && block->magic_ == MAGIC_NUMBER && block->allocated_ == true;
+}
+
+bool checkCanary(MemoryBlock* block)
+{
+    if (!block)
     {
         return false;
     }
 
-    return true;
-}
+    size_t* canary = reinterpret_cast<size_t*>(reinterpret_cast<char*>(block) +
+                                               BLOCK_METADATA_SIZE + block->size_);
 
-void* getErrorCodeInVoidPtr(size_t error_code) { return reinterpret_cast<void*>(error_code); }
+    return (*canary == CANARY_VALUE);
+}
 
 } // namespace internal
 } // namespace mem

Original file line number	Diff line number	Diff line change
`@@ -20,15 +20,20 @@ void free(void* ptr)`
`20`	`20`	`}`
`21`	`21`
`22`	`22`	`internal::MemoryBlock* block_to_free = internal::getMetadata(ptr);`
`23`		`- if (block_to_free == nullptr \|\| block_to_free->allocated_ == false)`
	`23`	`+ if (!internal::isValidBlock(block_to_free))`
`24`	`24`	`{`
`25`		`- if (block_to_free)`
	`25`	`+ if (internal::isBlockCorrupted(block_to_free))`
`26`	`26`	`{`
`27`	`27`	`exit(-1);`
`28`	`28`	`}`
`29`	`29`	`return;`
`30`	`30`	`}`
`31`	`31`
	`32`	`+ if (!internal::checkCanary(block_to_free))`
	`33`	`+ {`
	`34`	`+ exit(-1);`
	`35`	`+ }`
	`36`	`+`
`32`	`37`	`internal::total_memory_allocated -= block_to_free->size_;`
`33`	`38`	`block_to_free->allocated_ = false;`
`34`	`39`
`@@ -91,7 +96,7 @@ void mergeFreeMemoryBlocks()`
`91`	`96`	`{`
`92`	`97`	`if (current->allocated_ == false && current->next_->allocated_ == false)`
`93`	`98`	`{`
`94`		`- current->size_ += BLOCK_METADATA_SIZE + current->next_->size_;`
	`99`	`+ current->size_ += BLOCK_METADATA_SIZE + CANARY_SIZE + current->next_->size_;`
`95`	`100`	`current->next_ = current->next_->next_;`
`96`	`101`	`}`
`97`	`102`	`else`
`@@ -116,5 +121,7 @@ void getLastMemoryBlock(MemoryBlock block_list_tail, MemoryBlock block_previ`
`116`	`121`	`*block_previous_from_last = previous;`
`117`	`122`	`}`
`118`	`123`
	`124`	`+bool isBlockCorrupted(MemoryBlock* block) { return (block && block->magic_ != MAGIC_NUMBER); }`
	`125`	`+`
`119`	`126`	`} // namespace internal`
`120`	`127`	`} // namespace mem`
Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ void* malloc(size_t size)`
`37`	`37`	`}`
`38`	`38`	`else`
`39`	`39`	`{`
`40`		`- total_size = internal::BLOCK_METADATA_SIZE + size;`
	`40`	`+ total_size = internal::BLOCK_METADATA_SIZE + size + internal::CANARY_SIZE;`
`41`	`41`	`is_frame_used = false;`
`42`	`42`	`}`
`43`	`43`
`@@ -50,6 +50,7 @@ void* malloc(size_t size)`
`50`	`50`	`internal::MemoryBlock* new_block = internal::getMemoryBlockFromAddress(new_memory_allocation);`
`51`	`51`	`if (is_frame_used)`
`52`	`52`	`{`
	`53`	`+ new_block->magic_ = internal::MAGIC_NUMBER;`
`53`	`54`	`new_block->size_ = internal::CHUNK_SIZE;`
`54`	`55`	`new_block->allocated_ = false;`
`55`	`56`	`new_block->next_ = nullptr;`
`@@ -59,10 +60,12 @@ void* malloc(size_t size)`
`59`	`60`	`}`
`60`	`61`	`else`
`61`	`62`	`{`
	`63`	`+ new_block->magic_ = internal::MAGIC_NUMBER;`
`62`	`64`	`new_block->size_ = size;`
`63`	`65`	`new_block->allocated_ = true;`
`64`	`66`	`new_block->next_ = nullptr;`
`65`	`67`	`internal::insertMemoryBlockAtEnd(&internal::block_list_head, new_block);`
	`68`	`+ internal::setCanary(new_block);`
`66`	`69`	`internal::total_memory_allocated += size;`
`67`	`70`	`}`
`68`	`71`
`@@ -86,14 +89,16 @@ void* increaseHeap(size_t size)`
`86`	`89`	`MemoryBlock* findLargeEnoughFreeMemoryBlock(MemoryBlock** block_list_head, size_t size)`
`87`	`90`	`{`
`88`	`91`	`MemoryBlock* current = *block_list_head;`
	`92`	`+ size_t size_needed = size + CANARY_SIZE;`
`89`	`93`	`while (current != nullptr)`
`90`	`94`	`{`
`91`		`- if (current->allocated_ == false && current->size_ >= size)`
	`95`	`+ if (current->allocated_ == false && current->size_ >= size_needed)`
`92`	`96`	`{`
`93`	`97`	`return current;`
`94`	`98`	`}`
`95`	`99`	`current = current->next_;`
`96`	`100`	`}`
	`101`	`+`
`97`	`102`	`return nullptr;`
`98`	`103`	`}`
`99`	`104`
`@@ -104,12 +109,14 @@ void* splitFreeMemoryBlockIfPossible(MemoryBlock* new_block, size_t size)`
`104`	`109`	`return nullptr;`
`105`	`110`	`}`
`106`	`111`
`107`		`- size_t remaining_size = new_block->size_ - size;`
	`112`	`+ size_t size_with_canary = size + CANARY_SIZE;`
	`113`	`+ size_t remaining_size = new_block->size_ - size_with_canary;`
`108`	`114`	`char one_byte_payload_size_requirement = 1;`
`109`	`115`	`if (remaining_size >= BLOCK_METADATA_SIZE + one_byte_payload_size_requirement)`
`110`	`116`	`{`
`111`	`117`	`void* split_address = getMemoryBlockSplitAddress(new_block, size);`
`112`	`118`	`MemoryBlock* new_temp_block = getMemoryBlockFromAddress(split_address);`
	`119`	`+ new_temp_block->magic_ = MAGIC_NUMBER;`
`113`	`120`	`new_temp_block->size_ = remaining_size - BLOCK_METADATA_SIZE;`
`114`	`121`	`new_temp_block->allocated_ = false;`
`115`	`122`	`new_temp_block->next_ = new_block->next_;`
`@@ -120,17 +127,19 @@ void* splitFreeMemoryBlockIfPossible(MemoryBlock* new_block, size_t size)`
`120`	`127`	`}`
`121`	`128`	`else`
`122`	`129`	`{`
`123`		`- new_block->size_ = new_block->size_;`
	`130`	`+ new_block->size_ = new_block->size_ - CANARY_SIZE;`
`124`	`131`	`new_block->allocated_ = true;`
`125`	`132`	`}`
`126`	`133`
	`134`	`+ setCanary(new_block);`
`127`	`135`	`total_memory_allocated += new_block->size_;`
	`136`	`+`
`128`	`137`	`return getPayloadAddress(new_block);`
`129`	`138`	`}`
`130`	`139`
`131`	`140`	`void* getMemoryBlockSplitAddress(MemoryBlock* new_block, size_t size)`
`132`	`141`	`{`
`133`		`- return (reinterpret_cast<char*>(new_block) + BLOCK_METADATA_SIZE + size);`
	`142`	`+ return (reinterpret_cast<char*>(new_block) + BLOCK_METADATA_SIZE + size + CANARY_SIZE);`
`134`	`143`	`}`
`135`	`144`
`136`	`145`	`void insertMemoryBlockAtEnd(MemoryBlock** block_list_head, MemoryBlock* new_block)`
`@@ -150,6 +159,18 @@ void insertMemoryBlockAtEnd(MemoryBlock** block_list_head, MemoryBlock* new_bloc`
`150`	`159`	`}`
`151`	`160`	`}`
`152`	`161`
	`162`	`+void setCanary(MemoryBlock* block)`
	`163`	`+{`
	`164`	`+ if (!block \|\| block->allocated_ == false)`
	`165`	`+ {`
	`166`	`+ return;`
	`167`	`+ }`
	`168`	`+`
	`169`	`+ size_t* canary = reinterpret_cast<size_t>(reinterpret_cast<char>(block) +`
	`170`	`+ BLOCK_METADATA_SIZE + block->size_);`
	`171`	`+ *canary = CANARY_VALUE;`
	`172`	`+}`
	`173`	`+`
`153`	`174`	`// helpers`
`154`	`175`	`void* getPayloadAddress(MemoryBlock* block)`
`155`	`176`	`{`
`@@ -180,15 +201,28 @@ size_t getSizeOfAllocatedMemoryBlock(MemoryBlock* block)`
`180`	`201`	`bool isPointerInHeap(void* ptr)`
`181`	`202`	`{`
`182`	`203`	`void* current_program_break = sbrk(0);`
`183`		`- if (ptr < heap_start \|\| ptr >= current_program_break)`
	`204`	`+ return (ptr >= heap_start && ptr < current_program_break);`
	`205`	`+}`
	`206`	`+`
	`207`	`+void* getErrorCodeInVoidPtr(size_t error_code) { return reinterpret_cast<void*>(error_code); }`
	`208`	`+`
	`209`	`+bool isValidBlock(MemoryBlock* block)`
	`210`	`+{`
	`211`	`+ return block != nullptr && block->magic_ == MAGIC_NUMBER && block->allocated_ == true;`
	`212`	`+}`
	`213`	`+`
	`214`	`+bool checkCanary(MemoryBlock* block)`
	`215`	`+{`
	`216`	`+ if (!block)`
`184`	`217`	`{`
`185`	`218`	`return false;`
`186`	`219`	`}`
`187`	`220`
`188`		`- return true;`
`189`		`-}`
	`221`	`+ size_t* canary = reinterpret_cast<size_t>(reinterpret_cast<char>(block) +`
	`222`	`+ BLOCK_METADATA_SIZE + block->size_);`
`190`	`223`
`191`		`-void* getErrorCodeInVoidPtr(size_t error_code) { return reinterpret_cast<void*>(error_code); }`
	`224`	`+ return (*canary == CANARY_VALUE);`
	`225`	`+}`
`192`	`226`
`193`	`227`	`} // namespace internal`
`194`	`228`	`} // namespace mem`