View
132
Download
6
Category
Preview:
Citation preview
Heap Corruption/corruption?
Ferry Chen
2015 Spring @FIH
Agenda
Memory & Heap & Stack
Symptoms
Analysis Tools
How to address
Case Study & QA time
Memory
A pool or space used to store program or data in a computer. W.L.O.G., memory will be managed by OS.
Heap
an area of memory used for dynamic memory allocationW.L.O.G., memory will be managed by OS.
Stack
stack data structure that stores information about the active subroutines of a computer program
size limited
Symptoms
signal 6 (SIGABRT), code -6 (SI_TKILL)
SIGMAPPER may also be the symptoms
Double FreeBroken Data
Allocation Fail
heap corruption
Tools ?
http://valgrind.org
Tools
QCT/Porting/Compilation…….
How to use?
valgrind [valgrind_args] your_program [your_program_args]
Report will be output to stderr
Case Study on QCamera
Odin’s mm-qcamera-daemon, QCT’s driver framework crash randomly
Init rc#start camera server as daemon service qcamerasvr /system/bin/mm-qcamera-daemon class late_start user camera group camera system inet input graphics
#start camera server as daemon service qcamerasvr /system/bin/valgrind --tool=memcheck --leak-check=yes --log-file=/data/logs/camera_valgrind.log /system/bin/mm-qcamera-daemon
Invalid Read/Write
==19182== Invalid write of size 4....??
==19182== Invalid read of size 4....??
Using debug libraries at Runtime
To get more info, e.g. filename, and #line
module_imglib.c module_imglib_clear_session_params()
p_list = mct_list_find_custom(p_mod->session_params_list, &sessionid, module_imglib_find_session_params);
if (p_list && p_list->data) { p_mod->session_params_list = mct_list_remove(p_mod->session_params_list, p_list->data); free(p_list->data); }
return TRUE;
p_list = mct_list_find_custom(p_mod->session_params_list, &sessionid, module_imglib_find_session_params);
void* datap = p_list->data;
if (p_list && p_list->data) { p_mod->session_params_list = mct_list_remove(p_mod->session_params_list, p_list->data); free(datap); }
return TRUE;
Questions?
Recommended