From ec2ab73b87bb0c6da24cfc86dbc2d79b9c923da1 Mon Sep 17 00:00:00 2001
From: Ben Cheng <bccheng@google.com>
Date: Tue, 19 Jun 2012 07:11:38 -0700
Subject: [PATCH] Minor tweak to get memory around corrupted heap chunks
 dumped.

Change-Id: I8f72c5c7e23960b13fc53e2354cd74aca8aac3c0
---
 libc/bionic/dlmalloc.c | 42 ++++++++++++++++++++++--------------------
 1 file changed, 22 insertions(+), 20 deletions(-)

diff --git a/libc/bionic/dlmalloc.c b/libc/bionic/dlmalloc.c
index ec76acffc..f88a81303 100644
--- a/libc/bionic/dlmalloc.c
+++ b/libc/bionic/dlmalloc.c
@@ -2327,12 +2327,14 @@ static void __bionic_heap_error(const char* msg, const char* function, void* p)
     }
 
     __libc_android_log_write(ANDROID_LOG_FATAL,"libc",buffer);
-    abort();
+
+    /* So that we can get a memory dump around p */
+    *((int **) 0xdeadbaad) = (int *) p;
 }
 
 #  ifndef CORRUPTION_ERROR_ACTION
-#    define CORRUPTION_ERROR_ACTION(m)  \
-    __bionic_heap_error("HEAP MEMORY CORRUPTION", __FUNCTION__, 0)
+#    define CORRUPTION_ERROR_ACTION(m,p)  \
+    __bionic_heap_error("HEAP MEMORY CORRUPTION", __FUNCTION__, p)
 #  endif
 #  ifndef USAGE_ERROR_ACTION
 #    define USAGE_ERROR_ACTION(m,p)   \
@@ -2342,7 +2344,7 @@ static void __bionic_heap_error(const char* msg, const char* function, void* p)
 #else /* !LOG_ON_HEAP_ERROR */
 
 #  ifndef CORRUPTION_ERROR_ACTION
-#    define CORRUPTION_ERROR_ACTION(m) ABORT
+#    define CORRUPTION_ERROR_ACTION(m,p) ABORT
 #  endif /* CORRUPTION_ERROR_ACTION */
 
 #  ifndef USAGE_ERROR_ACTION
@@ -3079,7 +3081,7 @@ static void internal_malloc_stats(mstate m) {
   else if (RTCHECK(ok_address(M, B->fd)))\
     F = B->fd;\
   else {\
-    CORRUPTION_ERROR_ACTION(M);\
+    CORRUPTION_ERROR_ACTION(M, B);\
   }\
   B->fd = P;\
   F->bk = P;\
@@ -3096,7 +3098,7 @@ static void internal_malloc_stats(mstate m) {
   mchunkptr B = P->bk;\
   bindex_t I = small_index(S);\
   if (__builtin_expect (F->bk != P || B->fd != P, 0))\
-    CORRUPTION_ERROR_ACTION(M);\
+    CORRUPTION_ERROR_ACTION(M, P);\
   assert(P != B);\
   assert(P != F);\
   assert(chunksize(P) == small_index2size(I));\
@@ -3108,7 +3110,7 @@ static void internal_malloc_stats(mstate m) {
     B->fd = F;\
   }\
   else {\
-    CORRUPTION_ERROR_ACTION(M);\
+    CORRUPTION_ERROR_ACTION(M, P);\
   }\
 }
 
@@ -3119,7 +3121,7 @@ static void internal_malloc_stats(mstate m) {
 #define unlink_first_small_chunk(M, B, P, I) {\
   mchunkptr F = P->fd;\
   if (__builtin_expect (F->bk != P || B->fd != P, 0))\
-    CORRUPTION_ERROR_ACTION(M);\
+    CORRUPTION_ERROR_ACTION(M, P);\
   assert(P != B);\
   assert(P != F);\
   assert(chunksize(P) == small_index2size(I));\
@@ -3130,7 +3132,7 @@ static void internal_malloc_stats(mstate m) {
     F->bk = B;\
   }\
   else {\
-    CORRUPTION_ERROR_ACTION(M);\
+    CORRUPTION_ERROR_ACTION(M, P);\
   }\
 }
 
@@ -3179,7 +3181,7 @@ static void internal_malloc_stats(mstate m) {
           break;\
         }\
         else {\
-          CORRUPTION_ERROR_ACTION(M);\
+          CORRUPTION_ERROR_ACTION(M, C);\
           break;\
         }\
       }\
@@ -3193,7 +3195,7 @@ static void internal_malloc_stats(mstate m) {
           break;\
         }\
         else {\
-          CORRUPTION_ERROR_ACTION(M);\
+          CORRUPTION_ERROR_ACTION(M, F);\
           break;\
         }\
       }\
@@ -3228,13 +3230,13 @@ static void internal_malloc_stats(mstate m) {
     tchunkptr F = X->fd;\
     R = X->bk;\
     if (__builtin_expect (F->bk != X || R->fd != X, 0))\
-      CORRUPTION_ERROR_ACTION(M);\
+      CORRUPTION_ERROR_ACTION(M, X);\
     if (RTCHECK(ok_address(M, F))) {\
       F->bk = R;\
       R->fd = F;\
     }\
     else {\
-      CORRUPTION_ERROR_ACTION(M);\
+      CORRUPTION_ERROR_ACTION(M, F);\
     }\
   }\
   else {\
@@ -3249,7 +3251,7 @@ static void internal_malloc_stats(mstate m) {
       if (RTCHECK(ok_address(M, RP)))\
         *RP = 0;\
       else {\
-        CORRUPTION_ERROR_ACTION(M);\
+        CORRUPTION_ERROR_ACTION(M, RP);\
       }\
     }\
   }\
@@ -3266,7 +3268,7 @@ static void internal_malloc_stats(mstate m) {
         XP->child[1] = R;\
     }\
     else\
-      CORRUPTION_ERROR_ACTION(M);\
+      CORRUPTION_ERROR_ACTION(M, XP);\
     if (R != 0) {\
       if (RTCHECK(ok_address(M, R))) {\
         tchunkptr C0, C1;\
@@ -3277,7 +3279,7 @@ static void internal_malloc_stats(mstate m) {
             C0->parent = R;\
           }\
           else\
-            CORRUPTION_ERROR_ACTION(M);\
+            CORRUPTION_ERROR_ACTION(M, C0);\
         }\
         if ((C1 = X->child[1]) != 0) {\
           if (RTCHECK(ok_address(M, C1))) {\
@@ -3285,11 +3287,11 @@ static void internal_malloc_stats(mstate m) {
             C1->parent = R;\
           }\
           else\
-            CORRUPTION_ERROR_ACTION(M);\
+            CORRUPTION_ERROR_ACTION(M, C1);\
         }\
       }\
       else\
-        CORRUPTION_ERROR_ACTION(M);\
+        CORRUPTION_ERROR_ACTION(M, R);\
     }\
   }\
 }
@@ -3940,7 +3942,7 @@ static void* tmalloc_large(mstate m, size_t nb) {
         return chunk2mem(v);
       }
     }
-    CORRUPTION_ERROR_ACTION(m);
+    CORRUPTION_ERROR_ACTION(m, v);
   }
   return 0;
 }
@@ -3980,7 +3982,7 @@ static void* tmalloc_small(mstate m, size_t nb) {
     }
   }
 
-  CORRUPTION_ERROR_ACTION(m);
+  CORRUPTION_ERROR_ACTION(m, v);
   return 0;
 }