Home Explore Help
Sign In
levovix
/
Nim
mirror of https://github.com/nim-lang/Nim
Watch 1
Star 0
Fork 1
Files Issues 0 Wiki
Tree: aad2dcd474
Branches Tags
Nim
/
tinyc
/
lib
/
bcheck.c

bcheck.c 27 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980 
  1. /*
    2. 

  2.  *  Tiny C Memory and bounds checker
    3. 

  3.  * 
    4. 

  4.  *  Copyright (c) 2002 Fabrice Bellard
    5. 

  5.  *
    6. 

  6.  * This library is free software; you can redistribute it and/or
    7. 

  7.  * modify it under the terms of the GNU Lesser General Public
    8. 

  8.  * License as published by the Free Software Foundation; either
    9. 

  9.  * version 2 of the License, or (at your option) any later version.
    10. 

  10.  *
    11. 

  11.  * This library is distributed in the hope that it will be useful,
    12. 

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    14. 

  14.  * Lesser General Public License for more details.
    15. 

  15.  *
    16. 

  16.  * You should have received a copy of the GNU Lesser General Public
    17. 

  17.  * License along with this library; if not, write to the Free Software
    18. 

  18.  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
    19. 

  19.  */
    20. 

  20. #include <stdlib.h>
    21. 

  21. #include <stdio.h>
    22. 

  22. #include <stdarg.h>
    23. 

  23. #include <string.h>
    24. 

  24. 

  25. #if !defined(__FreeBSD__) \
    26. 

  26.  && !defined(__FreeBSD_kernel__) \
    27. 

  27.  && !defined(__DragonFly__) \
    28. 

  28.  && !defined(__OpenBSD__) \
    29. 

  29.  && !defined(__NetBSD__)
    30. 

  30. #include <malloc.h>
    31. 

  31. #endif
    32. 

  32. 

  33. #if !defined(_WIN32)
    34. 

  34. #include <unistd.h>
    35. 

  35. #endif
    36. 

  36. 

  37. /* #define BOUND_DEBUG */
    38. 

  38. 

  39. #ifdef BOUND_DEBUG
    40. 

  40.  #define dprintf(a...) fprintf(a)
    41. 

  41. #else
    42. 

  42.  #define dprintf(a...)
    43. 

  43. #endif
    44. 

  44. 

  45. /* define so that bound array is static (faster, but use memory if
    46. 

  46.    bound checking not used) */
    47. 

  47. /* #define BOUND_STATIC */
    48. 

  48. 

  49. /* use malloc hooks. Currently the code cannot be reliable if no hooks */
    50. 

  50. #define CONFIG_TCC_MALLOC_HOOKS
    51. 

  51. #define HAVE_MEMALIGN
    52. 

  52. 

  53. #if defined(__FreeBSD__) \
    54. 

  54.  || defined(__FreeBSD_kernel__) \
    55. 

  55.  || defined(__DragonFly__) \
    56. 

  56.  || defined(__OpenBSD__) \
    57. 

  57.  || defined(__NetBSD__) \
    58. 

  58.  || defined(__dietlibc__) \
    59. 

  59.  || defined(_WIN32)
    60. 

  60. //#warning Bound checking does not support malloc (etc.) in this environment.
    61. 

  61. #undef CONFIG_TCC_MALLOC_HOOKS
    62. 

  62. #undef HAVE_MEMALIGN
    63. 

  63. #endif
    64. 

  64. 

  65. #define BOUND_T1_BITS 13
    66. 

  66. #define BOUND_T2_BITS 11
    67. 

  67. #define BOUND_T3_BITS (sizeof(size_t)*8 - BOUND_T1_BITS - BOUND_T2_BITS)
    68. 

  68. #define BOUND_E_BITS  (sizeof(size_t))
    69. 

  69. 

  70. #define BOUND_T1_SIZE ((size_t)1 << BOUND_T1_BITS)
    71. 

  71. #define BOUND_T2_SIZE ((size_t)1 << BOUND_T2_BITS)
    72. 

  72. #define BOUND_T3_SIZE ((size_t)1 << BOUND_T3_BITS)
    73. 

  73. 

  74. #define BOUND_T23_BITS (BOUND_T2_BITS + BOUND_T3_BITS)
    75. 

  75. #define BOUND_T23_SIZE ((size_t)1 << BOUND_T23_BITS)
    76. 

  76. 

  77. 

  78. /* this pointer is generated when bound check is incorrect */
    79. 

  79. #define INVALID_POINTER ((void *)(-2))
    80. 

  80. /* size of an empty region */
    81. 

  81. #define EMPTY_SIZE  ((size_t)(-1))
    82. 

  82. /* size of an invalid region */
    83. 

  83. #define INVALID_SIZE      0
    84. 

  84. 

  85. typedef struct BoundEntry {
    86. 

  86.     size_t start;
    87. 

  87.     size_t size;
    88. 

  88.     struct BoundEntry *next;
    89. 

  89.     size_t is_invalid; /* true if pointers outside region are invalid */
    90. 

  90. } BoundEntry;
    91. 

  91. 

  92. /* external interface */
    93. 

  93. void __bound_init(void);
    94. 

  94. void __bound_new_region(void *p, size_t size);
    95. 

  95. int __bound_delete_region(void *p);
    96. 

  96. 

  97. #ifdef __attribute__
    98. 

  98.   /* an __attribute__ macro is defined in the system headers */
    99. 

  99.   #undef __attribute__ 
    100. 

  100. #endif
    101. 

  101. #define FASTCALL __attribute__((regparm(3)))
    102. 

  102. 

  103. void *__bound_malloc(size_t size, const void *caller);
    104. 

  104. void *__bound_memalign(size_t size, size_t align, const void *caller);
    105. 

  105. void __bound_free(void *ptr, const void *caller);
    106. 

  106. void *__bound_realloc(void *ptr, size_t size, const void *caller);
    107. 

  107. static void *libc_malloc(size_t size);
    108. 

  108. static void libc_free(void *ptr);
    109. 

  109. static void install_malloc_hooks(void);
    110. 

  110. static void restore_malloc_hooks(void);
    111. 

  111. 

  112. #ifdef CONFIG_TCC_MALLOC_HOOKS
    113. 

  113. static void *saved_malloc_hook;
    114. 

  114. static void *saved_free_hook;
    115. 

  115. static void *saved_realloc_hook;
    116. 

  116. static void *saved_memalign_hook;
    117. 

  117. #endif
    118. 

  118. 

  119. /* TCC definitions */
    120. 

  120. extern char __bounds_start; /* start of static bounds table */
    121. 

  121. /* error message, just for TCC */
    122. 

  122. const char *__bound_error_msg;
    123. 

  123. 

  124. /* runtime error output */
    125. 

  125. extern void rt_error(size_t pc, const char *fmt, ...);
    126. 

  126. 

  127. #ifdef BOUND_STATIC
    128. 

  128. static BoundEntry *__bound_t1[BOUND_T1_SIZE]; /* page table */
    129. 

  129. #else
    130. 

  130. static BoundEntry **__bound_t1; /* page table */
    131. 

  131. #endif
    132. 

  132. static BoundEntry *__bound_empty_t2;   /* empty page, for unused pages */
    133. 

  133. static BoundEntry *__bound_invalid_t2; /* invalid page, for invalid pointers */
    134. 

  134. 

  135. static BoundEntry *__bound_find_region(BoundEntry *e1, void *p)
    136. 

  136. {
    137. 

  137.     size_t addr, tmp;
    138. 

  138.     BoundEntry *e;
    139. 

  139. 

  140.     e = e1;
    141. 

  141.     while (e != NULL) {
    142. 

  142.         addr = (size_t)p;
    143. 

  143.         addr -= e->start;
    144. 

  144.         if (addr <= e->size) {
    145. 

  145.             /* put region at the head */
    146. 

  146.             tmp = e1->start;
    147. 

  147.             e1->start = e->start;
    148. 

  148.             e->start = tmp;
    149. 

  149.             tmp = e1->size;
    150. 

  150.             e1->size = e->size;
    151. 

  151.             e->size = tmp;
    152. 

  152.             return e1;
    153. 

  153.         }
    154. 

  154.         e = e->next;
    155. 

  155.     }
    156. 

  156.     /* no entry found: return empty entry or invalid entry */
    157. 

  157.     if (e1->is_invalid)
    158. 

  158.         return __bound_invalid_t2;
    159. 

  159.     else
    160. 

  160.         return __bound_empty_t2;
    161. 

  161. }
    162. 

  162. 

  163. /* print a bound error message */
    164. 

  164. static void bound_error(const char *fmt, ...)
    165. 

  165. {
    166. 

  166.     __bound_error_msg = fmt;
    167. 

  167.     fprintf(stderr,"%s %s: %s\n", __FILE__, __FUNCTION__, fmt);
    168. 

  168.     *(void **)0 = 0; /* force a runtime error */
    169. 

  169. }
    170. 

  170. 

  171. static void bound_alloc_error(void)
    172. 

  172. {
    173. 

  173.     bound_error("not enough memory for bound checking code");
    174. 

  174. }
    175. 

  175. 

  176. /* return '(p + offset)' for pointer arithmetic (a pointer can reach
    177. 

  177.    the end of a region in this case */
    178. 

  178. void * FASTCALL __bound_ptr_add(void *p, size_t offset)
    179. 

  179. {
    180. 

  180.     size_t addr = (size_t)p;
    181. 

  181.     BoundEntry *e;
    182. 

  182. 

  183.     dprintf(stderr, "%s %s: %p %x\n",
    184. 

  184.         __FILE__, __FUNCTION__, p, (unsigned)offset);
    185. 

  185. 

  186.     __bound_init();
    187. 

  187. 

  188.     e = __bound_t1[addr >> (BOUND_T2_BITS + BOUND_T3_BITS)];
    189. 

  189.     e = (BoundEntry *)((char *)e + 
    190. 

  190.                        ((addr >> (BOUND_T3_BITS - BOUND_E_BITS)) & 
    191. 

  191.                         ((BOUND_T2_SIZE - 1) << BOUND_E_BITS)));
    192. 

  192.     addr -= e->start;
    193. 

  193.     if (addr > e->size) {
    194. 

  194.         e = __bound_find_region(e, p);
    195. 

  195.         addr = (size_t)p - e->start;
    196. 

  196.     }
    197. 

  197.     addr += offset;
    198. 

  198.     if (addr >= e->size) {
    199. 

  199. 	fprintf(stderr,"%s %s: %p is outside of the region\n",
    200. 

  200.             __FILE__, __FUNCTION__, p + offset);
    201. 

  201.         return INVALID_POINTER; /* return an invalid pointer */
    202. 

  202.     }
    203. 

  203.     return p + offset;
    204. 

  204. }
    205. 

  205. 

  206. /* return '(p + offset)' for pointer indirection (the resulting must
    207. 

  207.    be strictly inside the region */
    208. 

  208. #define BOUND_PTR_INDIR(dsize)                                          \
    209. 

  209. void * FASTCALL __bound_ptr_indir ## dsize (void *p, size_t offset)     \
    210. 

  210. {                                                                       \
    211. 

  211.     size_t addr = (size_t)p;                                            \
    212. 

  212.     BoundEntry *e;                                                      \
    213. 

  213.                                                                         \
    214. 

  214.     dprintf(stderr, "%s %s: %p %x start\n",                             \
    215. 

  215.         __FILE__, __FUNCTION__, p, (unsigned)offset);	                \
    216. 

  216. 									\
    217. 

  217.     __bound_init();							\
    218. 

  218.     e = __bound_t1[addr >> (BOUND_T2_BITS + BOUND_T3_BITS)];            \
    219. 

  219.     e = (BoundEntry *)((char *)e +                                      \
    220. 

  220.                        ((addr >> (BOUND_T3_BITS - BOUND_E_BITS)) &      \
    221. 

  221.                         ((BOUND_T2_SIZE - 1) << BOUND_E_BITS)));        \
    222. 

  222.     addr -= e->start;                                                   \
    223. 

  223.     if (addr > e->size) {                                               \
    224. 

  224.         e = __bound_find_region(e, p);                                  \
    225. 

  225.         addr = (size_t)p - e->start;                                    \
    226. 

  226.     }                                                                   \
    227. 

  227.     addr += offset + dsize;                                             \
    228. 

  228.     if (addr > e->size) {                                               \
    229. 

  229. 	fprintf(stderr,"%s %s: %p is outside of the region\n",          \
    230. 

  230.             __FILE__, __FUNCTION__, p + offset);                        \
    231. 

  231.         return INVALID_POINTER; /* return an invalid pointer */         \
    232. 

  232.     }									\
    233. 

  233.     dprintf(stderr, "%s %s: return p+offset = %p\n",                    \
    234. 

  234.         __FILE__, __FUNCTION__, p + offset);                            \
    235. 

  235.     return p + offset;                                                  \
    236. 

  236. }
    237. 

  237. 

  238. BOUND_PTR_INDIR(1)
    239. 

  239. BOUND_PTR_INDIR(2)
    240. 

  240. BOUND_PTR_INDIR(4)
    241. 

  241. BOUND_PTR_INDIR(8)
    242. 

  242. BOUND_PTR_INDIR(12)
    243. 

  243. BOUND_PTR_INDIR(16)
    244. 

  244. 

  245. #if defined(__GNUC__) && (__GNUC__ >= 6)
    246. 

  246. /*
    247. 

  247.  * At least gcc 6.2 complains when __builtin_frame_address is used with
    248. 

  248.  * nonzero argument.
    249. 

  249.  */
    250. 

  250. #pragma GCC diagnostic push
    251. 

  251. #pragma GCC diagnostic ignored "-Wframe-address"
    252. 

  252. #endif
    253. 

  253. 

  254. /* return the frame pointer of the caller */
    255. 

  255. #define GET_CALLER_FP(fp)\
    256. 

  256. {\
    257. 

  257.     fp = (size_t)__builtin_frame_address(1);\
    258. 

  258. }
    259. 

  259. 

  260. /* called when entering a function to add all the local regions */
    261. 

  261. void FASTCALL __bound_local_new(void *p1) 
    262. 

  262. {
    263. 

  263.     size_t addr, size, fp, *p = p1;
    264. 

  264. 

  265.     dprintf(stderr, "%s, %s start p1=%p\n", __FILE__, __FUNCTION__, p);
    266. 

  266.     GET_CALLER_FP(fp);
    267. 

  267.     for(;;) {
    268. 

  268.         addr = p[0];
    269. 

  269.         if (addr == 0)
    270. 

  270.             break;
    271. 

  271.         addr += fp;
    272. 

  272.         size = p[1];
    273. 

  273.         p += 2;
    274. 

  274.         __bound_new_region((void *)addr, size);
    275. 

  275.     }
    276. 

  276.     dprintf(stderr, "%s, %s end\n", __FILE__, __FUNCTION__);
    277. 

  277. }
    278. 

  278. 

  279. /* called when leaving a function to delete all the local regions */
    280. 

  280. void FASTCALL __bound_local_delete(void *p1) 
    281. 

  281. {
    282. 

  282.     size_t addr, fp, *p = p1;
    283. 

  283.     GET_CALLER_FP(fp);
    284. 

  284.     for(;;) {
    285. 

  285.         addr = p[0];
    286. 

  286.         if (addr == 0)
    287. 

  287.             break;
    288. 

  288.         addr += fp;
    289. 

  289.         p += 2;
    290. 

  290.         __bound_delete_region((void *)addr);
    291. 

  291.     }
    292. 

  292. }
    293. 

  293. 

  294. #if defined(__GNUC__) && (__GNUC__ >= 6)
    295. 

  295. #pragma GCC diagnostic pop
    296. 

  296. #endif
    297. 

  297. 

  298. static BoundEntry *__bound_new_page(void)
    299. 

  299. {
    300. 

  300.     BoundEntry *page;
    301. 

  301.     size_t i;
    302. 

  302. 

  303.     page = libc_malloc(sizeof(BoundEntry) * BOUND_T2_SIZE);
    304. 

  304.     if (!page)
    305. 

  305.         bound_alloc_error();
    306. 

  306.     for(i=0;i<BOUND_T2_SIZE;i++) {
    307. 

  307.         /* put empty entries */
    308. 

  308.         page[i].start = 0;
    309. 

  309.         page[i].size = EMPTY_SIZE;
    310. 

  310.         page[i].next = NULL;
    311. 

  311.         page[i].is_invalid = 0;
    312. 

  312.     }
    313. 

  313.     return page;
    314. 

  314. }
    315. 

  315. 

  316. /* currently we use malloc(). Should use bound_new_page() */
    317. 

  317. static BoundEntry *bound_new_entry(void)
    318. 

  318. {
    319. 

  319.     BoundEntry *e;
    320. 

  320.     e = libc_malloc(sizeof(BoundEntry));
    321. 

  321.     return e;
    322. 

  322. }
    323. 

  323. 

  324. static void bound_free_entry(BoundEntry *e)
    325. 

  325. {
    326. 

  326.     libc_free(e);
    327. 

  327. }
    328. 

  328. 

  329. static BoundEntry *get_page(size_t index)
    330. 

  330. {
    331. 

  331.     BoundEntry *page;
    332. 

  332.     page = __bound_t1[index];
    333. 

  333.     if (!page || page == __bound_empty_t2 || page == __bound_invalid_t2) {
    334. 

  334.         /* create a new page if necessary */
    335. 

  335.         page = __bound_new_page();
    336. 

  336.         __bound_t1[index] = page;
    337. 

  337.     }
    338. 

  338.     return page;
    339. 

  339. }
    340. 

  340. 

  341. /* mark a region as being invalid (can only be used during init) */
    342. 

  342. static void mark_invalid(size_t addr, size_t size)
    343. 

  343. {
    344. 

  344.     size_t start, end;
    345. 

  345.     BoundEntry *page;
    346. 

  346.     size_t t1_start, t1_end, i, j, t2_start, t2_end;
    347. 

  347. 

  348.     start = addr;
    349. 

  349.     end = addr + size;
    350. 

  350. 

  351.     t2_start = (start + BOUND_T3_SIZE - 1) >> BOUND_T3_BITS;
    352. 

  352.     if (end != 0)
    353. 

  353.         t2_end = end >> BOUND_T3_BITS;
    354. 

  354.     else
    355. 

  355.         t2_end = 1 << (BOUND_T1_BITS + BOUND_T2_BITS);
    356. 

  356. 

  357. #if 0
    358. 

  358.     dprintf(stderr, "mark_invalid: start = %x %x\n", t2_start, t2_end);
    359. 

  359. #endif
    360. 

  360.     
    361. 

  361.     /* first we handle full pages */
    362. 

  362.     t1_start = (t2_start + BOUND_T2_SIZE - 1) >> BOUND_T2_BITS;
    363. 

  363.     t1_end = t2_end >> BOUND_T2_BITS;
    364. 

  364. 

  365.     i = t2_start & (BOUND_T2_SIZE - 1);
    366. 

  366.     j = t2_end & (BOUND_T2_SIZE - 1);
    367. 

  367.     
    368. 

  368.     if (t1_start == t1_end) {
    369. 

  369.         page = get_page(t2_start >> BOUND_T2_BITS);
    370. 

  370.         for(; i < j; i++) {
    371. 

  371.             page[i].size = INVALID_SIZE;
    372. 

  372.             page[i].is_invalid = 1;
    373. 

  373.         }
    374. 

  374.     } else {
    375. 

  375.         if (i > 0) {
    376. 

  376.             page = get_page(t2_start >> BOUND_T2_BITS);
    377. 

  377.             for(; i < BOUND_T2_SIZE; i++) {
    378. 

  378.                 page[i].size = INVALID_SIZE;
    379. 

  379.                 page[i].is_invalid = 1;
    380. 

  380.             }
    381. 

  381.         }
    382. 

  382.         for(i = t1_start; i < t1_end; i++) {
    383. 

  383.             __bound_t1[i] = __bound_invalid_t2;
    384. 

  384.         }
    385. 

  385.         if (j != 0) {
    386. 

  386.             page = get_page(t1_end);
    387. 

  387.             for(i = 0; i < j; i++) {
    388. 

  388.                 page[i].size = INVALID_SIZE;
    389. 

  389.                 page[i].is_invalid = 1;
    390. 

  390.             }
    391. 

  391.         }
    392. 

  392.     }
    393. 

  393. }
    394. 

  394. 

  395. void __bound_init(void)
    396. 

  396. {
    397. 

  397.     size_t i;
    398. 

  398.     BoundEntry *page;
    399. 

  399.     size_t start, size;
    400. 

  400.     size_t *p;
    401. 

  401. 

  402.     static int inited;
    403. 

  403.     if (inited)
    404. 

  404. 	return;
    405. 

  405. 

  406.     inited = 1;
    407. 

  407. 

  408.     dprintf(stderr, "%s, %s() start\n", __FILE__, __FUNCTION__);
    409. 

  409. 

  410.     /* save malloc hooks and install bound check hooks */
    411. 

  411.     install_malloc_hooks();
    412. 

  412. 

  413. #ifndef BOUND_STATIC
    414. 

  414.     __bound_t1 = libc_malloc(BOUND_T1_SIZE * sizeof(BoundEntry *));
    415. 

  415.     if (!__bound_t1)
    416. 

  416.         bound_alloc_error();
    417. 

  417. #endif
    418. 

  418.     __bound_empty_t2 = __bound_new_page();
    419. 

  419.     for(i=0;i<BOUND_T1_SIZE;i++) {
    420. 

  420.         __bound_t1[i] = __bound_empty_t2;
    421. 

  421.     }
    422. 

  422. 

  423.     page = __bound_new_page();
    424. 

  424.     for(i=0;i<BOUND_T2_SIZE;i++) {
    425. 

  425.         /* put invalid entries */
    426. 

  426.         page[i].start = 0;
    427. 

  427.         page[i].size = INVALID_SIZE;
    428. 

  428.         page[i].next = NULL;
    429. 

  429.         page[i].is_invalid = 1;
    430. 

  430.     }
    431. 

  431.     __bound_invalid_t2 = page;
    432. 

  432. 

  433.     /* invalid pointer zone */
    434. 

  434.     start = (size_t)INVALID_POINTER & ~(BOUND_T23_SIZE - 1);
    435. 

  435.     size = BOUND_T23_SIZE;
    436. 

  436.     mark_invalid(start, size);
    437. 

  437. 

  438. #if defined(CONFIG_TCC_MALLOC_HOOKS)
    439. 

  439.     /* malloc zone is also marked invalid. can only use that with
    440. 

  440.      * hooks because all libs should use the same malloc. The solution
    441. 

  441.      * would be to build a new malloc for tcc.
    442. 

  442.      *
    443. 

  443.      * usually heap (= malloc zone) comes right after bss, i.e. after _end, but
    444. 

  444.      * not always - either if we are running from under `tcc -b -run`, or if
    445. 

  445.      * address space randomization is turned on(a), heap start will be separated
    446. 

  446.      * from bss end.
    447. 

  447.      *
    448. 

  448.      * So sbrk(0) will be a good approximation for start_brk:
    449. 

  449.      *
    450. 

  450.      *   - if we are a separately compiled program, __bound_init() runs early,
    451. 

  451.      *     and sbrk(0) should be equal or very near to start_brk(b) (in case other
    452. 

  452.      *     constructors malloc something), or
    453. 

  453.      *
    454. 

  454.      *   - if we are running from under `tcc -b -run`, sbrk(0) will return
    455. 

  455.      *     start of heap portion which is under this program control, and not
    456. 

  456.      *     mark as invalid earlier allocated memory.
    457. 

  457.      *
    458. 

  458.      *
    459. 

  459.      * (a) /proc/sys/kernel/randomize_va_space = 2, on Linux;
    460. 

  460.      *     usually turned on by default.
    461. 

  461.      *
    462. 

  462.      * (b) on Linux >= v3.3, the alternative is to read
    463. 

  463.      *     start_brk from /proc/self/stat
    464. 

  464.      */
    465. 

  465.     start = (size_t)sbrk(0);
    466. 

  466.     size = 128 * 0x100000;
    467. 

  467.     mark_invalid(start, size);
    468. 

  468. #endif
    469. 

  469. 

  470.     /* add all static bound check values */
    471. 

  471.     p = (size_t *)&__bounds_start;
    472. 

  472.     while (p[0] != 0) {
    473. 

  473.         __bound_new_region((void *)p[0], p[1]);
    474. 

  474.         p += 2;
    475. 

  475.     }
    476. 

  476. 

  477.     dprintf(stderr, "%s, %s() end\n\n", __FILE__, __FUNCTION__);
    478. 

  478. }
    479. 

  479. 

  480. void __bound_main_arg(void **p)
    481. 

  481. {
    482. 

  482.     void *start = p;
    483. 

  483.     while (*p++);
    484. 

  484. 

  485.     dprintf(stderr, "%s, %s calling __bound_new_region(%p %x)\n",
    486. 

  486.             __FILE__, __FUNCTION__, start, (unsigned)((void *)p - start));
    487. 

  487. 

  488.     __bound_new_region(start, (void *) p - start);
    489. 

  489. }
    490. 

  490. 

  491. void __bound_exit(void)
    492. 

  492. {
    493. 

  493.     dprintf(stderr, "%s, %s()\n", __FILE__, __FUNCTION__);
    494. 

  494.     restore_malloc_hooks();
    495. 

  495. }
    496. 

  496. 

  497. static inline void add_region(BoundEntry *e, 
    498. 

  498.                               size_t start, size_t size)
    499. 

  499. {
    500. 

  500.     BoundEntry *e1;
    501. 

  501.     if (e->start == 0) {
    502. 

  502.         /* no region : add it */
    503. 

  503.         e->start = start;
    504. 

  504.         e->size = size;
    505. 

  505.     } else {
    506. 

  506.         /* already regions in the list: add it at the head */
    507. 

  507.         e1 = bound_new_entry();
    508. 

  508.         e1->start = e->start;
    509. 

  509.         e1->size = e->size;
    510. 

  510.         e1->next = e->next;
    511. 

  511.         e->start = start;
    512. 

  512.         e->size = size;
    513. 

  513.         e->next = e1;
    514. 

  514.     }
    515. 

  515. }
    516. 

  516. 

  517. /* create a new region. It should not already exist in the region list */
    518. 

  518. void __bound_new_region(void *p, size_t size)
    519. 

  519. {
    520. 

  520.     size_t start, end;
    521. 

  521.     BoundEntry *page, *e, *e2;
    522. 

  522.     size_t t1_start, t1_end, i, t2_start, t2_end;
    523. 

  523. 

  524.     dprintf(stderr, "%s, %s(%p, %x) start\n",
    525. 

  525.         __FILE__, __FUNCTION__, p, (unsigned)size);
    526. 

  526. 

  527.     __bound_init();
    528. 

  528. 

  529.     start = (size_t)p;
    530. 

  530.     end = start + size;
    531. 

  531.     t1_start = start >> (BOUND_T2_BITS + BOUND_T3_BITS);
    532. 

  532.     t1_end = end >> (BOUND_T2_BITS + BOUND_T3_BITS);
    533. 

  533. 

  534.     /* start */
    535. 

  535.     page = get_page(t1_start);
    536. 

  536.     t2_start = (start >> (BOUND_T3_BITS - BOUND_E_BITS)) & 
    537. 

  537.         ((BOUND_T2_SIZE - 1) << BOUND_E_BITS);
    538. 

  538.     t2_end = (end >> (BOUND_T3_BITS - BOUND_E_BITS)) & 
    539. 

  539.         ((BOUND_T2_SIZE - 1) << BOUND_E_BITS);
    540. 

  540. 

  541. 

  542.     e = (BoundEntry *)((char *)page + t2_start);
    543. 

  543.     add_region(e, start, size);
    544. 

  544. 

  545.     if (t1_end == t1_start) {
    546. 

  546.         /* same ending page */
    547. 

  547.         e2 = (BoundEntry *)((char *)page + t2_end);
    548. 

  548.         if (e2 > e) {
    549. 

  549.             e++;
    550. 

  550.             for(;e<e2;e++) {
    551. 

  551.                 e->start = start;
    552. 

  552.                 e->size = size;
    553. 

  553.             }
    554. 

  554.             add_region(e, start, size);
    555. 

  555.         }
    556. 

  556.     } else {
    557. 

  557.         /* mark until end of page */
    558. 

  558.         e2 = page + BOUND_T2_SIZE;
    559. 

  559.         e++;
    560. 

  560.         for(;e<e2;e++) {
    561. 

  561.             e->start = start;
    562. 

  562.             e->size = size;
    563. 

  563.         }
    564. 

  564.         /* mark intermediate pages, if any */
    565. 

  565.         for(i=t1_start+1;i<t1_end;i++) {
    566. 

  566.             page = get_page(i);
    567. 

  567.             e2 = page + BOUND_T2_SIZE;
    568. 

  568.             for(e=page;e<e2;e++) {
    569. 

  569.                 e->start = start;
    570. 

  570.                 e->size = size;
    571. 

  571.             }
    572. 

  572.         }
    573. 

  573.         /* last page */
    574. 

  574.         page = get_page(t1_end);
    575. 

  575.         e2 = (BoundEntry *)((char *)page + t2_end);
    576. 

  576.         for(e=page;e<e2;e++) {
    577. 

  577.             e->start = start;
    578. 

  578.             e->size = size;
    579. 

  579.         }
    580. 

  580.         add_region(e, start, size);
    581. 

  581.     }
    582. 

  582. 

  583.     dprintf(stderr, "%s, %s end\n", __FILE__, __FUNCTION__);
    584. 

  584. }
    585. 

  585. 

  586. /* delete a region */
    587. 

  587. static inline void delete_region(BoundEntry *e, void *p, size_t empty_size)
    588. 

  588. {
    589. 

  589.     size_t addr;
    590. 

  590.     BoundEntry *e1;
    591. 

  591. 

  592.     addr = (size_t)p;
    593. 

  593.     addr -= e->start;
    594. 

  594.     if (addr <= e->size) {
    595. 

  595.         /* region found is first one */
    596. 

  596.         e1 = e->next;
    597. 

  597.         if (e1 == NULL) {
    598. 

  598.             /* no more region: mark it empty */
    599. 

  599.             e->start = 0;
    600. 

  600.             e->size = empty_size;
    601. 

  601.         } else {
    602. 

  602.             /* copy next region in head */
    603. 

  603.             e->start = e1->start;
    604. 

  604.             e->size = e1->size;
    605. 

  605.             e->next = e1->next;
    606. 

  606.             bound_free_entry(e1);
    607. 

  607.         }
    608. 

  608.     } else {
    609. 

  609.         /* find the matching region */
    610. 

  610.         for(;;) {
    611. 

  611.             e1 = e;
    612. 

  612.             e = e->next;
    613. 

  613.             /* region not found: do nothing */
    614. 

  614.             if (e == NULL)
    615. 

  615.                 break;
    616. 

  616.             addr = (size_t)p - e->start;
    617. 

  617.             if (addr <= e->size) {
    618. 

  618.                 /* found: remove entry */
    619. 

  619.                 e1->next = e->next;
    620. 

  620.                 bound_free_entry(e);
    621. 

  621.                 break;
    622. 

  622.             }
    623. 

  623.         }
    624. 

  624.     }
    625. 

  625. }
    626. 

  626. 

  627. /* WARNING: 'p' must be the starting point of the region. */
    628. 

  628. /* return non zero if error */
    629. 

  629. int __bound_delete_region(void *p)
    630. 

  630. {
    631. 

  631.     size_t start, end, addr, size, empty_size;
    632. 

  632.     BoundEntry *page, *e, *e2;
    633. 

  633.     size_t t1_start, t1_end, t2_start, t2_end, i;
    634. 

  634. 

  635.     dprintf(stderr, "%s %s() start\n", __FILE__, __FUNCTION__);
    636. 

  636. 

  637.     __bound_init();
    638. 

  638. 

  639.     start = (size_t)p;
    640. 

  640.     t1_start = start >> (BOUND_T2_BITS + BOUND_T3_BITS);
    641. 

  641.     t2_start = (start >> (BOUND_T3_BITS - BOUND_E_BITS)) & 
    642. 

  642.         ((BOUND_T2_SIZE - 1) << BOUND_E_BITS);
    643. 

  643.     
    644. 

  644.     /* find region size */
    645. 

  645.     page = __bound_t1[t1_start];
    646. 

  646.     e = (BoundEntry *)((char *)page + t2_start);
    647. 

  647.     addr = start - e->start;
    648. 

  648.     if (addr > e->size)
    649. 

  649.         e = __bound_find_region(e, p);
    650. 

  650.     /* test if invalid region */
    651. 

  651.     if (e->size == EMPTY_SIZE || (size_t)p != e->start) 
    652. 

  652.         return -1;
    653. 

  653.     /* compute the size we put in invalid regions */
    654. 

  654.     if (e->is_invalid)
    655. 

  655.         empty_size = INVALID_SIZE;
    656. 

  656.     else
    657. 

  657.         empty_size = EMPTY_SIZE;
    658. 

  658.     size = e->size;
    659. 

  659.     end = start + size;
    660. 

  660. 

  661.     /* now we can free each entry */
    662. 

  662.     t1_end = end >> (BOUND_T2_BITS + BOUND_T3_BITS);
    663. 

  663.     t2_end = (end >> (BOUND_T3_BITS - BOUND_E_BITS)) & 
    664. 

  664.         ((BOUND_T2_SIZE - 1) << BOUND_E_BITS);
    665. 

  665. 

  666.     delete_region(e, p, empty_size);
    667. 

  667.     if (t1_end == t1_start) {
    668. 

  668.         /* same ending page */
    669. 

  669.         e2 = (BoundEntry *)((char *)page + t2_end);
    670. 

  670.         if (e2 > e) {
    671. 

  671.             e++;
    672. 

  672.             for(;e<e2;e++) {
    673. 

  673.                 e->start = 0;
    674. 

  674.                 e->size = empty_size;
    675. 

  675.             }
    676. 

  676.             delete_region(e, p, empty_size);
    677. 

  677.         }
    678. 

  678.     } else {
    679. 

  679.         /* mark until end of page */
    680. 

  680.         e2 = page + BOUND_T2_SIZE;
    681. 

  681.         e++;
    682. 

  682.         for(;e<e2;e++) {
    683. 

  683.             e->start = 0;
    684. 

  684.             e->size = empty_size;
    685. 

  685.         }
    686. 

  686.         /* mark intermediate pages, if any */
    687. 

  687.         /* XXX: should free them */
    688. 

  688.         for(i=t1_start+1;i<t1_end;i++) {
    689. 

  689.             page = get_page(i);
    690. 

  690.             e2 = page + BOUND_T2_SIZE;
    691. 

  691.             for(e=page;e<e2;e++) {
    692. 

  692.                 e->start = 0;
    693. 

  693.                 e->size = empty_size;
    694. 

  694.             }
    695. 

  695.         }
    696. 

  696.         /* last page */
    697. 

  697.         page = get_page(t1_end);
    698. 

  698.         e2 = (BoundEntry *)((char *)page + t2_end);
    699. 

  699.         for(e=page;e<e2;e++) {
    700. 

  700.             e->start = 0;
    701. 

  701.             e->size = empty_size;
    702. 

  702.         }
    703. 

  703.         delete_region(e, p, empty_size);
    704. 

  704.     }
    705. 

  705. 

  706.     dprintf(stderr, "%s %s() end\n", __FILE__, __FUNCTION__);
    707. 

  707. 

  708.     return 0;
    709. 

  709. }
    710. 

  710. 

  711. /* return the size of the region starting at p, or EMPTY_SIZE if non
    712. 

  712.    existent region. */
    713. 

  713. static size_t get_region_size(void *p)
    714. 

  714. {
    715. 

  715.     size_t addr = (size_t)p;
    716. 

  716.     BoundEntry *e;
    717. 

  717. 

  718.     e = __bound_t1[addr >> (BOUND_T2_BITS + BOUND_T3_BITS)];
    719. 

  719.     e = (BoundEntry *)((char *)e + 
    720. 

  720.                        ((addr >> (BOUND_T3_BITS - BOUND_E_BITS)) & 
    721. 

  721.                         ((BOUND_T2_SIZE - 1) << BOUND_E_BITS)));
    722. 

  722.     addr -= e->start;
    723. 

  723.     if (addr > e->size)
    724. 

  724.         e = __bound_find_region(e, p);
    725. 

  725.     if (e->start != (size_t)p)
    726. 

  726.         return EMPTY_SIZE;
    727. 

  727.     return e->size;
    728. 

  728. }
    729. 

  729. 

  730. /* patched memory functions */
    731. 

  731. 

  732. /* force compiler to perform stores coded up to this point */
    733. 

  733. #define barrier()   __asm__ __volatile__ ("": : : "memory")
    734. 

  734. 

  735. static void install_malloc_hooks(void)
    736. 

  736. {
    737. 

  737. #ifdef CONFIG_TCC_MALLOC_HOOKS
    738. 

  738.     saved_malloc_hook = __malloc_hook;
    739. 

  739.     saved_free_hook = __free_hook;
    740. 

  740.     saved_realloc_hook = __realloc_hook;
    741. 

  741.     saved_memalign_hook = __memalign_hook;
    742. 

  742.     __malloc_hook = __bound_malloc;
    743. 

  743.     __free_hook = __bound_free;
    744. 

  744.     __realloc_hook = __bound_realloc;
    745. 

  745.     __memalign_hook = __bound_memalign;
    746. 

  746. 

  747.     barrier();
    748. 

  748. #endif
    749. 

  749. }
    750. 

  750. 

  751. static void restore_malloc_hooks(void)
    752. 

  752. {
    753. 

  753. #ifdef CONFIG_TCC_MALLOC_HOOKS
    754. 

  754.     __malloc_hook = saved_malloc_hook;
    755. 

  755.     __free_hook = saved_free_hook;
    756. 

  756.     __realloc_hook = saved_realloc_hook;
    757. 

  757.     __memalign_hook = saved_memalign_hook;
    758. 

  758. 

  759.     barrier();
    760. 

  760. #endif
    761. 

  761. }
    762. 

  762. 

  763. static void *libc_malloc(size_t size)
    764. 

  764. {
    765. 

  765.     void *ptr;
    766. 

  766.     restore_malloc_hooks();
    767. 

  767.     ptr = malloc(size);
    768. 

  768.     install_malloc_hooks();
    769. 

  769.     return ptr;
    770. 

  770. }
    771. 

  771. 

  772. static void libc_free(void *ptr)
    773. 

  773. {
    774. 

  774.     restore_malloc_hooks();
    775. 

  775.     free(ptr);
    776. 

  776.     install_malloc_hooks();
    777. 

  777. }
    778. 

  778. 

  779. /* XXX: we should use a malloc which ensure that it is unlikely that
    780. 

  780.    two malloc'ed data have the same address if 'free' are made in
    781. 

  781.    between. */
    782. 

  782. void *__bound_malloc(size_t size, const void *caller)
    783. 

  783. {
    784. 

  784.     void *ptr;
    785. 

  785.     
    786. 

  786.     /* we allocate one more byte to ensure the regions will be
    787. 

  787.        separated by at least one byte. With the glibc malloc, it may
    788. 

  788.        be in fact not necessary */
    789. 

  789.     ptr = libc_malloc(size + 1);
    790. 

  790.     
    791. 

  791.     if (!ptr)
    792. 

  792.         return NULL;
    793. 

  793. 

  794.     dprintf(stderr, "%s, %s calling __bound_new_region(%p, %x)\n",
    795. 

  795.            __FILE__, __FUNCTION__, ptr, (unsigned)size);
    796. 

  796. 

  797.     __bound_new_region(ptr, size);
    798. 

  798.     return ptr;
    799. 

  799. }
    800. 

  800. 

  801. void *__bound_memalign(size_t size, size_t align, const void *caller)
    802. 

  802. {
    803. 

  803.     void *ptr;
    804. 

  804. 

  805.     restore_malloc_hooks();
    806. 

  806. 

  807. #ifndef HAVE_MEMALIGN
    808. 

  808.     if (align > 4) {
    809. 

  809.         /* XXX: handle it ? */
    810. 

  810.         ptr = NULL;
    811. 

  811.     } else {
    812. 

  812.         /* we suppose that malloc aligns to at least four bytes */
    813. 

  813.         ptr = malloc(size + 1);
    814. 

  814.     }
    815. 

  815. #else
    816. 

  816.     /* we allocate one more byte to ensure the regions will be
    817. 

  817.        separated by at least one byte. With the glibc malloc, it may
    818. 

  818.        be in fact not necessary */
    819. 

  819.     ptr = memalign(size + 1, align);
    820. 

  820. #endif
    821. 

  821.     
    822. 

  822.     install_malloc_hooks();
    823. 

  823.     
    824. 

  824.     if (!ptr)
    825. 

  825.         return NULL;
    826. 

  826. 

  827.     dprintf(stderr, "%s, %s calling __bound_new_region(%p, %x)\n",
    828. 

  828.            __FILE__, __FUNCTION__, ptr, (unsigned)size);
    829. 

  829. 

  830.     __bound_new_region(ptr, size);
    831. 

  831.     return ptr;
    832. 

  832. }
    833. 

  833. 

  834. void __bound_free(void *ptr, const void *caller)
    835. 

  835. {
    836. 

  836.     if (ptr == NULL)
    837. 

  837.         return;
    838. 

  838.     if (__bound_delete_region(ptr) != 0)
    839. 

  839.         bound_error("freeing invalid region");
    840. 

  840. 

  841.     libc_free(ptr);
    842. 

  842. }
    843. 

  843. 

  844. void *__bound_realloc(void *ptr, size_t size, const void *caller)
    845. 

  845. {
    846. 

  846.     void *ptr1;
    847. 

  847.     size_t old_size;
    848. 

  848. 

  849.     if (size == 0) {
    850. 

  850.         __bound_free(ptr, caller);
    851. 

  851.         return NULL;
    852. 

  852.     } else {
    853. 

  853.         ptr1 = __bound_malloc(size, caller);
    854. 

  854.         if (ptr == NULL || ptr1 == NULL)
    855. 

  855.             return ptr1;
    856. 

  856.         old_size = get_region_size(ptr);
    857. 

  857.         if (old_size == EMPTY_SIZE)
    858. 

  858.             bound_error("realloc'ing invalid pointer");
    859. 

  859.         memcpy(ptr1, ptr, old_size);
    860. 

  860.         __bound_free(ptr, caller);
    861. 

  861.         return ptr1;
    862. 

  862.     }
    863. 

  863. }
    864. 

  864. 

  865. #ifndef CONFIG_TCC_MALLOC_HOOKS
    866. 

  866. void *__bound_calloc(size_t nmemb, size_t size)
    867. 

  867. {
    868. 

  868.     void *ptr;
    869. 

  869.     size = size * nmemb;
    870. 

  870.     ptr = __bound_malloc(size, NULL);
    871. 

  871.     if (!ptr)
    872. 

  872.         return NULL;
    873. 

  873.     memset(ptr, 0, size);
    874. 

  874.     return ptr;
    875. 

  875. }
    876. 

  876. #endif
    877. 

  877. 

  878. #if 0
    879. 

  879. static void bound_dump(void)
    880. 

  880. {
    881. 

  881.     BoundEntry *page, *e;
    882. 

  882.     size_t i, j;
    883. 

  883. 

  884.     fprintf(stderr, "region dump:\n");
    885. 

  885.     for(i=0;i<BOUND_T1_SIZE;i++) {
    886. 

  886.         page = __bound_t1[i];
    887. 

  887.         for(j=0;j<BOUND_T2_SIZE;j++) {
    888. 

  888.             e = page + j;
    889. 

  889.             /* do not print invalid or empty entries */
    890. 

  890.             if (e->size != EMPTY_SIZE && e->start != 0) {
    891. 

  891.                 fprintf(stderr, "%08x:", 
    892. 

  892.                        (i << (BOUND_T2_BITS + BOUND_T3_BITS)) + 
    893. 

  893.                        (j << BOUND_T3_BITS));
    894. 

  894.                 do {
    895. 

  895.                     fprintf(stderr, " %08lx:%08lx", e->start, e->start + e->size);
    896. 

  896.                     e = e->next;
    897. 

  897.                 } while (e != NULL);
    898. 

  898.                 fprintf(stderr, "\n");
    899. 

  899.             }
    900. 

  900.         }
    901. 

  901.     }
    902. 

  902. }
    903. 

  903. #endif
    904. 

  904. 

  905. /* some useful checked functions */
    906. 

  906. 

  907. /* check that (p ... p + size - 1) lies inside 'p' region, if any */
    908. 

  908. static void __bound_check(const void *p, size_t size)
    909. 

  909. {
    910. 

  910.     if (size == 0)
    911. 

  911.         return;
    912. 

  912.     p = __bound_ptr_add((void *)p, size - 1);
    913. 

  913.     if (p == INVALID_POINTER)
    914. 

  914.         bound_error("invalid pointer");
    915. 

  915. }
    916. 

  916. 

  917. void *__bound_memcpy(void *dst, const void *src, size_t size)
    918. 

  918. {
    919. 

  919.     void* p;
    920. 

  920. 

  921.     dprintf(stderr, "%s %s: start, dst=%p src=%p size=%x\n",
    922. 

  922.             __FILE__, __FUNCTION__, dst, src, (unsigned)size);
    923. 

  923. 

  924.     __bound_check(dst, size);
    925. 

  925.     __bound_check(src, size);
    926. 

  926.     /* check also region overlap */
    927. 

  927.     if (src >= dst && src < dst + size)
    928. 

  928.         bound_error("overlapping regions in memcpy()");
    929. 

  929. 

  930.     p = memcpy(dst, src, size);
    931. 

  931. 

  932.     dprintf(stderr, "%s %s: end, p=%p\n", __FILE__, __FUNCTION__, p);
    933. 

  933.     return p;
    934. 

  934. }
    935. 

  935. 

  936. void *__bound_memmove(void *dst, const void *src, size_t size)
    937. 

  937. {
    938. 

  938.     __bound_check(dst, size);
    939. 

  939.     __bound_check(src, size);
    940. 

  940.     return memmove(dst, src, size);
    941. 

  941. }
    942. 

  942. 

  943. void *__bound_memset(void *dst, int c, size_t size)
    944. 

  944. {
    945. 

  945.     __bound_check(dst, size);
    946. 

  946.     return memset(dst, c, size);
    947. 

  947. }
    948. 

  948. 

  949. /* XXX: could be optimized */
    950. 

  950. int __bound_strlen(const char *s)
    951. 

  951. {
    952. 

  952.     const char *p;
    953. 

  953.     size_t len;
    954. 

  954. 

  955.     len = 0;
    956. 

  956.     for(;;) {
    957. 

  957.         p = __bound_ptr_indir1((char *)s, len);
    958. 

  958.         if (p == INVALID_POINTER)
    959. 

  959.             bound_error("bad pointer in strlen()");
    960. 

  960.         if (*p == '\0')
    961. 

  961.             break;
    962. 

  962.         len++;
    963. 

  963.     }
    964. 

  964.     return len;
    965. 

  965. }
    966. 

  966. 

  967. char *__bound_strcpy(char *dst, const char *src)
    968. 

  968. {
    969. 

  969.     size_t len;
    970. 

  970.     void *p;
    971. 

  971. 

  972.     dprintf(stderr, "%s %s: strcpy start, dst=%p src=%p\n",
    973. 

  973.             __FILE__, __FUNCTION__, dst, src);
    974. 

  974.     len = __bound_strlen(src);
    975. 

  975.     p = __bound_memcpy(dst, src, len + 1);
    976. 

  976.     dprintf(stderr, "%s %s: strcpy end, p = %p\n",
    977. 

  977.             __FILE__, __FUNCTION__, p);
    978. 

  978.     return p;
    979. 

  979. }
    980. 

  980.