Heap Corruption/corruption?

Ferry Chen

2015 Spring @FIH

Agenda

Memory & Heap & Stack

Symptoms

Analysis Tools

How to address

Case Study & QA time

Memory

A pool or space used to store program or data in a computer. W.L.O.G., memory will be managed by OS.

Heap

an area of memory used for dynamic memory allocationW.L.O.G., memory will be managed by OS.

Stack

stack data structure that stores information about the active subroutines of a computer program

size limited

Symptoms

signal 6 (SIGABRT), code -6 (SI_TKILL)

SIGMAPPER may also be the symptoms

Double FreeBroken Data

Allocation Fail

heap corruption

Tools ?

http://valgrind.org

Tools

QCT/Porting/Compilation…….

How to use?

valgrind [valgrind_args] your_program [your_program_args]

Report will be output to stderr

Case Study on QCamera

Odin’s mm-qcamera-daemon, QCT’s driver framework crash randomly

Init rc#start camera server as daemon service qcamerasvr /system/bin/mm-qcamera-daemon class late_start user camera group camera system inet input graphics

#start camera server as daemon service qcamerasvr /system/bin/valgrind --tool=memcheck --leak-check=yes --log-file=/data/logs/camera_valgrind.log /system/bin/mm-qcamera-daemon

Invalid Read/Write

==19182== Invalid write of size 4....??

==19182== Invalid read of size 4....??

Using debug libraries at Runtime

To get more info, e.g. filename, and #line

module_imglib.c module_imglib_clear_session_params()

p_list = mct_list_find_custom(p_mod->session_params_list, &sessionid,    module_imglib_find_session_params);

  if (p_list && p_list->data) {    p_mod->session_params_list =      mct_list_remove(p_mod->session_params_list, p_list->data);     free(p_list->data);  }

  return TRUE;

p_list = mct_list_find_custom(p_mod->session_params_list, &sessionid,    module_imglib_find_session_params);

void* datap = p_list->data;

  if (p_list && p_list->data) {    p_mod->session_params_list =      mct_list_remove(p_mod->session_params_list, p_list->data);     free(datap);  }

  return TRUE;

Questions?