1*08b48e0bSAndroid Build Coastguard Worker /*
2*08b48e0bSAndroid Build Coastguard Worker
3*08b48e0bSAndroid Build Coastguard Worker american fuzzy lop++ - dislocator, an abusive allocator
4*08b48e0bSAndroid Build Coastguard Worker -----------------------------------------------------
5*08b48e0bSAndroid Build Coastguard Worker
6*08b48e0bSAndroid Build Coastguard Worker Originally written by Michal Zalewski
7*08b48e0bSAndroid Build Coastguard Worker
8*08b48e0bSAndroid Build Coastguard Worker Copyright 2016 Google Inc. All rights reserved.
9*08b48e0bSAndroid Build Coastguard Worker Copyright 2019-2024 AFLplusplus Project. All rights reserved.
10*08b48e0bSAndroid Build Coastguard Worker
11*08b48e0bSAndroid Build Coastguard Worker Licensed under the Apache License, Version 2.0 (the "License");
12*08b48e0bSAndroid Build Coastguard Worker you may not use this file except in compliance with the License.
13*08b48e0bSAndroid Build Coastguard Worker You may obtain a copy of the License at:
14*08b48e0bSAndroid Build Coastguard Worker
15*08b48e0bSAndroid Build Coastguard Worker http://www.apache.org/licenses/LICENSE-2.0
16*08b48e0bSAndroid Build Coastguard Worker
17*08b48e0bSAndroid Build Coastguard Worker This is a companion library that can be used as a drop-in replacement
18*08b48e0bSAndroid Build Coastguard Worker for the libc allocator in the fuzzed binaries. See README.dislocator.md for
19*08b48e0bSAndroid Build Coastguard Worker more info.
20*08b48e0bSAndroid Build Coastguard Worker
21*08b48e0bSAndroid Build Coastguard Worker */
22*08b48e0bSAndroid Build Coastguard Worker
23*08b48e0bSAndroid Build Coastguard Worker #define _GNU_SOURCE
24*08b48e0bSAndroid Build Coastguard Worker #include <stdio.h>
25*08b48e0bSAndroid Build Coastguard Worker #include <stdlib.h>
26*08b48e0bSAndroid Build Coastguard Worker #include <stddef.h>
27*08b48e0bSAndroid Build Coastguard Worker #include <string.h>
28*08b48e0bSAndroid Build Coastguard Worker #include <limits.h>
29*08b48e0bSAndroid Build Coastguard Worker #include <errno.h>
30*08b48e0bSAndroid Build Coastguard Worker #include <sys/mman.h>
31*08b48e0bSAndroid Build Coastguard Worker
32*08b48e0bSAndroid Build Coastguard Worker #ifdef __APPLE__
33*08b48e0bSAndroid Build Coastguard Worker #include <mach/vm_statistics.h>
34*08b48e0bSAndroid Build Coastguard Worker #endif
35*08b48e0bSAndroid Build Coastguard Worker
36*08b48e0bSAndroid Build Coastguard Worker #ifdef __FreeBSD__
37*08b48e0bSAndroid Build Coastguard Worker #include <sys/param.h>
38*08b48e0bSAndroid Build Coastguard Worker #endif
39*08b48e0bSAndroid Build Coastguard Worker
40*08b48e0bSAndroid Build Coastguard Worker #if (defined(__linux__) && !defined(__ANDROID__)) || defined(__HAIKU__)
41*08b48e0bSAndroid Build Coastguard Worker #include <unistd.h>
42*08b48e0bSAndroid Build Coastguard Worker #include <sys/prctl.h>
43*08b48e0bSAndroid Build Coastguard Worker #ifdef __linux__
44*08b48e0bSAndroid Build Coastguard Worker #include <sys/syscall.h>
45*08b48e0bSAndroid Build Coastguard Worker #include <malloc.h>
46*08b48e0bSAndroid Build Coastguard Worker #endif
47*08b48e0bSAndroid Build Coastguard Worker #ifdef __NR_getrandom
48*08b48e0bSAndroid Build Coastguard Worker #define arc4random_buf(p, l) \
49*08b48e0bSAndroid Build Coastguard Worker do { \
50*08b48e0bSAndroid Build Coastguard Worker \
51*08b48e0bSAndroid Build Coastguard Worker ssize_t rd = syscall(__NR_getrandom, p, l, 0); \
52*08b48e0bSAndroid Build Coastguard Worker if (rd != l) DEBUGF("getrandom failed"); \
53*08b48e0bSAndroid Build Coastguard Worker \
54*08b48e0bSAndroid Build Coastguard Worker } while (0)
55*08b48e0bSAndroid Build Coastguard Worker
56*08b48e0bSAndroid Build Coastguard Worker #else
57*08b48e0bSAndroid Build Coastguard Worker #include <time.h>
58*08b48e0bSAndroid Build Coastguard Worker #define arc4random_buf(p, l) \
59*08b48e0bSAndroid Build Coastguard Worker do { \
60*08b48e0bSAndroid Build Coastguard Worker \
61*08b48e0bSAndroid Build Coastguard Worker srand(time(NULL)); \
62*08b48e0bSAndroid Build Coastguard Worker u32 i; \
63*08b48e0bSAndroid Build Coastguard Worker u8 *ptr = (u8 *)p; \
64*08b48e0bSAndroid Build Coastguard Worker for (i = 0; i < l; i++) \
65*08b48e0bSAndroid Build Coastguard Worker ptr[i] = rand() % INT_MAX; \
66*08b48e0bSAndroid Build Coastguard Worker \
67*08b48e0bSAndroid Build Coastguard Worker } while (0)
68*08b48e0bSAndroid Build Coastguard Worker
69*08b48e0bSAndroid Build Coastguard Worker #endif
70*08b48e0bSAndroid Build Coastguard Worker #ifndef PR_SET_VMA
71*08b48e0bSAndroid Build Coastguard Worker #define PR_SET_VMA 0x53564d41
72*08b48e0bSAndroid Build Coastguard Worker #define PR_SET_VMA_ANON_NAME 0
73*08b48e0bSAndroid Build Coastguard Worker #endif
74*08b48e0bSAndroid Build Coastguard Worker #endif
75*08b48e0bSAndroid Build Coastguard Worker
76*08b48e0bSAndroid Build Coastguard Worker #include "config.h"
77*08b48e0bSAndroid Build Coastguard Worker #include "types.h"
78*08b48e0bSAndroid Build Coastguard Worker
79*08b48e0bSAndroid Build Coastguard Worker #if __STDC_VERSION__ < 201112L || \
80*08b48e0bSAndroid Build Coastguard Worker (defined(__FreeBSD__) && __FreeBSD_version < 1200000)
81*08b48e0bSAndroid Build Coastguard Worker // use this hack if not C11
82*08b48e0bSAndroid Build Coastguard Worker typedef struct {
83*08b48e0bSAndroid Build Coastguard Worker
84*08b48e0bSAndroid Build Coastguard Worker long long __ll;
85*08b48e0bSAndroid Build Coastguard Worker long double __ld;
86*08b48e0bSAndroid Build Coastguard Worker
87*08b48e0bSAndroid Build Coastguard Worker } max_align_t;
88*08b48e0bSAndroid Build Coastguard Worker
89*08b48e0bSAndroid Build Coastguard Worker #endif
90*08b48e0bSAndroid Build Coastguard Worker
91*08b48e0bSAndroid Build Coastguard Worker #define ALLOC_ALIGN_SIZE (_Alignof(max_align_t))
92*08b48e0bSAndroid Build Coastguard Worker
93*08b48e0bSAndroid Build Coastguard Worker #ifndef PAGE_SIZE
94*08b48e0bSAndroid Build Coastguard Worker #define PAGE_SIZE 4096
95*08b48e0bSAndroid Build Coastguard Worker #endif /* !PAGE_SIZE */
96*08b48e0bSAndroid Build Coastguard Worker
97*08b48e0bSAndroid Build Coastguard Worker #ifndef MAP_ANONYMOUS
98*08b48e0bSAndroid Build Coastguard Worker #define MAP_ANONYMOUS MAP_ANON
99*08b48e0bSAndroid Build Coastguard Worker #endif /* !MAP_ANONYMOUS */
100*08b48e0bSAndroid Build Coastguard Worker
101*08b48e0bSAndroid Build Coastguard Worker #define SUPER_PAGE_SIZE 1 << 21
102*08b48e0bSAndroid Build Coastguard Worker
103*08b48e0bSAndroid Build Coastguard Worker /* Error / message handling: */
104*08b48e0bSAndroid Build Coastguard Worker
105*08b48e0bSAndroid Build Coastguard Worker #define DEBUGF(_x...) \
106*08b48e0bSAndroid Build Coastguard Worker do { \
107*08b48e0bSAndroid Build Coastguard Worker \
108*08b48e0bSAndroid Build Coastguard Worker if (alloc_verbose) { \
109*08b48e0bSAndroid Build Coastguard Worker \
110*08b48e0bSAndroid Build Coastguard Worker if (++call_depth == 1) { \
111*08b48e0bSAndroid Build Coastguard Worker \
112*08b48e0bSAndroid Build Coastguard Worker fprintf(stderr, "[AFL] " _x); \
113*08b48e0bSAndroid Build Coastguard Worker fprintf(stderr, "\n"); \
114*08b48e0bSAndroid Build Coastguard Worker \
115*08b48e0bSAndroid Build Coastguard Worker } \
116*08b48e0bSAndroid Build Coastguard Worker call_depth--; \
117*08b48e0bSAndroid Build Coastguard Worker \
118*08b48e0bSAndroid Build Coastguard Worker } \
119*08b48e0bSAndroid Build Coastguard Worker \
120*08b48e0bSAndroid Build Coastguard Worker } while (0)
121*08b48e0bSAndroid Build Coastguard Worker
122*08b48e0bSAndroid Build Coastguard Worker #define FATAL(_x...) \
123*08b48e0bSAndroid Build Coastguard Worker do { \
124*08b48e0bSAndroid Build Coastguard Worker \
125*08b48e0bSAndroid Build Coastguard Worker if (++call_depth == 1) { \
126*08b48e0bSAndroid Build Coastguard Worker \
127*08b48e0bSAndroid Build Coastguard Worker fprintf(stderr, "*** [AFL] " _x); \
128*08b48e0bSAndroid Build Coastguard Worker fprintf(stderr, " ***\n"); \
129*08b48e0bSAndroid Build Coastguard Worker abort(); \
130*08b48e0bSAndroid Build Coastguard Worker \
131*08b48e0bSAndroid Build Coastguard Worker } \
132*08b48e0bSAndroid Build Coastguard Worker call_depth--; \
133*08b48e0bSAndroid Build Coastguard Worker \
134*08b48e0bSAndroid Build Coastguard Worker } while (0)
135*08b48e0bSAndroid Build Coastguard Worker
136*08b48e0bSAndroid Build Coastguard Worker /* Macro to count the number of pages needed to store a buffer: */
137*08b48e0bSAndroid Build Coastguard Worker
138*08b48e0bSAndroid Build Coastguard Worker #define PG_COUNT(_l) (((_l) + (PAGE_SIZE - 1)) / PAGE_SIZE)
139*08b48e0bSAndroid Build Coastguard Worker
140*08b48e0bSAndroid Build Coastguard Worker /* Canary & clobber bytes: */
141*08b48e0bSAndroid Build Coastguard Worker
142*08b48e0bSAndroid Build Coastguard Worker #define ALLOC_CANARY 0xAACCAACC
143*08b48e0bSAndroid Build Coastguard Worker #define ALLOC_CLOBBER 0xCC
144*08b48e0bSAndroid Build Coastguard Worker
145*08b48e0bSAndroid Build Coastguard Worker #define TAIL_ALLOC_CANARY 0xAC
146*08b48e0bSAndroid Build Coastguard Worker
147*08b48e0bSAndroid Build Coastguard Worker #define PTR_C(_p) (((u32 *)(_p))[-1])
148*08b48e0bSAndroid Build Coastguard Worker #define PTR_L(_p) (((u32 *)(_p))[-2])
149*08b48e0bSAndroid Build Coastguard Worker
150*08b48e0bSAndroid Build Coastguard Worker /* Configurable stuff (use AFL_LD_* to set): */
151*08b48e0bSAndroid Build Coastguard Worker
152*08b48e0bSAndroid Build Coastguard Worker static size_t max_mem = MAX_ALLOC; /* Max heap usage to permit */
153*08b48e0bSAndroid Build Coastguard Worker static u8 alloc_verbose, /* Additional debug messages */
154*08b48e0bSAndroid Build Coastguard Worker hard_fail, /* abort() when max_mem exceeded? */
155*08b48e0bSAndroid Build Coastguard Worker no_calloc_over, /* abort() on calloc() overflows? */
156*08b48e0bSAndroid Build Coastguard Worker align_allocations; /* Force alignment to sizeof(void*) */
157*08b48e0bSAndroid Build Coastguard Worker
158*08b48e0bSAndroid Build Coastguard Worker #if defined __OpenBSD__ || defined __APPLE__
159*08b48e0bSAndroid Build Coastguard Worker #define __thread
160*08b48e0bSAndroid Build Coastguard Worker #warning no thread support available
161*08b48e0bSAndroid Build Coastguard Worker #endif
162*08b48e0bSAndroid Build Coastguard Worker static _Atomic size_t total_mem; /* Currently allocated mem */
163*08b48e0bSAndroid Build Coastguard Worker
164*08b48e0bSAndroid Build Coastguard Worker static __thread u32 call_depth; /* To avoid recursion via fprintf() */
165*08b48e0bSAndroid Build Coastguard Worker static u32 alloc_canary;
166*08b48e0bSAndroid Build Coastguard Worker
167*08b48e0bSAndroid Build Coastguard Worker /* This is the main alloc function. It allocates one page more than necessary,
168*08b48e0bSAndroid Build Coastguard Worker sets that tailing page to PROT_NONE, and then increments the return address
169*08b48e0bSAndroid Build Coastguard Worker so that it is right-aligned to that boundary. Since it always uses mmap(),
170*08b48e0bSAndroid Build Coastguard Worker the returned memory will be zeroed. */
171*08b48e0bSAndroid Build Coastguard Worker
__dislocator_alloc(size_t len)172*08b48e0bSAndroid Build Coastguard Worker static void *__dislocator_alloc(size_t len) {
173*08b48e0bSAndroid Build Coastguard Worker
174*08b48e0bSAndroid Build Coastguard Worker u8 *ret, *base;
175*08b48e0bSAndroid Build Coastguard Worker size_t tlen;
176*08b48e0bSAndroid Build Coastguard Worker int flags, protflags, fd, sp;
177*08b48e0bSAndroid Build Coastguard Worker
178*08b48e0bSAndroid Build Coastguard Worker if (total_mem + len > max_mem || total_mem + len < total_mem) {
179*08b48e0bSAndroid Build Coastguard Worker
180*08b48e0bSAndroid Build Coastguard Worker if (hard_fail) FATAL("total allocs exceed %zu MB", max_mem / 1024 / 1024);
181*08b48e0bSAndroid Build Coastguard Worker
182*08b48e0bSAndroid Build Coastguard Worker DEBUGF("total allocs exceed %zu MB, returning NULL", max_mem / 1024 / 1024);
183*08b48e0bSAndroid Build Coastguard Worker
184*08b48e0bSAndroid Build Coastguard Worker return NULL;
185*08b48e0bSAndroid Build Coastguard Worker
186*08b48e0bSAndroid Build Coastguard Worker }
187*08b48e0bSAndroid Build Coastguard Worker
188*08b48e0bSAndroid Build Coastguard Worker size_t rlen;
189*08b48e0bSAndroid Build Coastguard Worker if (align_allocations && (len & (ALLOC_ALIGN_SIZE - 1)))
190*08b48e0bSAndroid Build Coastguard Worker rlen = (len & ~(ALLOC_ALIGN_SIZE - 1)) + ALLOC_ALIGN_SIZE;
191*08b48e0bSAndroid Build Coastguard Worker else
192*08b48e0bSAndroid Build Coastguard Worker rlen = len;
193*08b48e0bSAndroid Build Coastguard Worker
194*08b48e0bSAndroid Build Coastguard Worker /* We will also store buffer length and a canary below the actual buffer, so
195*08b48e0bSAndroid Build Coastguard Worker let's add 8 bytes for that. */
196*08b48e0bSAndroid Build Coastguard Worker
197*08b48e0bSAndroid Build Coastguard Worker base = NULL;
198*08b48e0bSAndroid Build Coastguard Worker tlen = (1 + PG_COUNT(rlen + 8)) * PAGE_SIZE;
199*08b48e0bSAndroid Build Coastguard Worker protflags = PROT_READ | PROT_WRITE;
200*08b48e0bSAndroid Build Coastguard Worker flags = MAP_PRIVATE | MAP_ANONYMOUS;
201*08b48e0bSAndroid Build Coastguard Worker fd = -1;
202*08b48e0bSAndroid Build Coastguard Worker #if defined(PROT_MAX)
203*08b48e0bSAndroid Build Coastguard Worker // apply when sysctl vm.imply_prot_max is set to 1
204*08b48e0bSAndroid Build Coastguard Worker // no-op otherwise
205*08b48e0bSAndroid Build Coastguard Worker protflags |= PROT_MAX(PROT_READ | PROT_WRITE);
206*08b48e0bSAndroid Build Coastguard Worker #endif
207*08b48e0bSAndroid Build Coastguard Worker #if defined(USEHUGEPAGE)
208*08b48e0bSAndroid Build Coastguard Worker sp = (rlen >= SUPER_PAGE_SIZE && !(rlen % SUPER_PAGE_SIZE));
209*08b48e0bSAndroid Build Coastguard Worker
210*08b48e0bSAndroid Build Coastguard Worker #if defined(__APPLE__)
211*08b48e0bSAndroid Build Coastguard Worker if (sp) fd = VM_FLAGS_SUPERPAGE_SIZE_2MB;
212*08b48e0bSAndroid Build Coastguard Worker #elif defined(__linux__)
213*08b48e0bSAndroid Build Coastguard Worker if (sp) flags |= MAP_HUGETLB;
214*08b48e0bSAndroid Build Coastguard Worker #elif defined(__FreeBSD__)
215*08b48e0bSAndroid Build Coastguard Worker if (sp) flags |= MAP_ALIGNED_SUPER;
216*08b48e0bSAndroid Build Coastguard Worker #elif defined(__sun)
217*08b48e0bSAndroid Build Coastguard Worker if (sp) {
218*08b48e0bSAndroid Build Coastguard Worker
219*08b48e0bSAndroid Build Coastguard Worker base = (void *)(caddr_t)(1 << 21);
220*08b48e0bSAndroid Build Coastguard Worker flags |= MAP_ALIGN;
221*08b48e0bSAndroid Build Coastguard Worker
222*08b48e0bSAndroid Build Coastguard Worker }
223*08b48e0bSAndroid Build Coastguard Worker
224*08b48e0bSAndroid Build Coastguard Worker #endif
225*08b48e0bSAndroid Build Coastguard Worker #else
226*08b48e0bSAndroid Build Coastguard Worker (void)sp;
227*08b48e0bSAndroid Build Coastguard Worker #endif
228*08b48e0bSAndroid Build Coastguard Worker
229*08b48e0bSAndroid Build Coastguard Worker ret = (u8 *)mmap(base, tlen, protflags, flags, fd, 0);
230*08b48e0bSAndroid Build Coastguard Worker #if defined(USEHUGEPAGE)
231*08b48e0bSAndroid Build Coastguard Worker /* We try one more time with regular call */
232*08b48e0bSAndroid Build Coastguard Worker if (ret == MAP_FAILED) {
233*08b48e0bSAndroid Build Coastguard Worker
234*08b48e0bSAndroid Build Coastguard Worker #if defined(__APPLE__)
235*08b48e0bSAndroid Build Coastguard Worker fd = -1;
236*08b48e0bSAndroid Build Coastguard Worker #elif defined(__linux__)
237*08b48e0bSAndroid Build Coastguard Worker flags &= -MAP_HUGETLB;
238*08b48e0bSAndroid Build Coastguard Worker #elif defined(__FreeBSD__)
239*08b48e0bSAndroid Build Coastguard Worker flags &= -MAP_ALIGNED_SUPER;
240*08b48e0bSAndroid Build Coastguard Worker #elif defined(__sun)
241*08b48e0bSAndroid Build Coastguard Worker flags &= -MAP_ALIGN;
242*08b48e0bSAndroid Build Coastguard Worker #endif
243*08b48e0bSAndroid Build Coastguard Worker ret = (u8 *)mmap(NULL, tlen, protflags, flags, fd, 0);
244*08b48e0bSAndroid Build Coastguard Worker
245*08b48e0bSAndroid Build Coastguard Worker }
246*08b48e0bSAndroid Build Coastguard Worker
247*08b48e0bSAndroid Build Coastguard Worker #endif
248*08b48e0bSAndroid Build Coastguard Worker
249*08b48e0bSAndroid Build Coastguard Worker if (ret == MAP_FAILED) {
250*08b48e0bSAndroid Build Coastguard Worker
251*08b48e0bSAndroid Build Coastguard Worker if (hard_fail) FATAL("mmap() failed on alloc (OOM?)");
252*08b48e0bSAndroid Build Coastguard Worker
253*08b48e0bSAndroid Build Coastguard Worker DEBUGF("mmap() failed on alloc (OOM?)");
254*08b48e0bSAndroid Build Coastguard Worker
255*08b48e0bSAndroid Build Coastguard Worker return NULL;
256*08b48e0bSAndroid Build Coastguard Worker
257*08b48e0bSAndroid Build Coastguard Worker }
258*08b48e0bSAndroid Build Coastguard Worker
259*08b48e0bSAndroid Build Coastguard Worker #if defined(USENAMEDPAGE)
260*08b48e0bSAndroid Build Coastguard Worker #if defined(__linux__)
261*08b48e0bSAndroid Build Coastguard Worker // in the /proc/<pid>/maps file, the anonymous page appears as
262*08b48e0bSAndroid Build Coastguard Worker // `<start>-<end> ---p 00000000 00:00 0 [anon:libdislocator]`
263*08b48e0bSAndroid Build Coastguard Worker if (prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, (unsigned long)ret, tlen,
264*08b48e0bSAndroid Build Coastguard Worker (unsigned long)"libdislocator") < 0) {
265*08b48e0bSAndroid Build Coastguard Worker
266*08b48e0bSAndroid Build Coastguard Worker DEBUGF("prctl() failed");
267*08b48e0bSAndroid Build Coastguard Worker
268*08b48e0bSAndroid Build Coastguard Worker }
269*08b48e0bSAndroid Build Coastguard Worker
270*08b48e0bSAndroid Build Coastguard Worker #endif
271*08b48e0bSAndroid Build Coastguard Worker #endif
272*08b48e0bSAndroid Build Coastguard Worker
273*08b48e0bSAndroid Build Coastguard Worker /* Set PROT_NONE on the last page. */
274*08b48e0bSAndroid Build Coastguard Worker
275*08b48e0bSAndroid Build Coastguard Worker if (mprotect(ret + PG_COUNT(rlen + 8) * PAGE_SIZE, PAGE_SIZE, PROT_NONE))
276*08b48e0bSAndroid Build Coastguard Worker FATAL("mprotect() failed when allocating memory");
277*08b48e0bSAndroid Build Coastguard Worker
278*08b48e0bSAndroid Build Coastguard Worker /* Offset the return pointer so that it's right-aligned to the page
279*08b48e0bSAndroid Build Coastguard Worker boundary. */
280*08b48e0bSAndroid Build Coastguard Worker
281*08b48e0bSAndroid Build Coastguard Worker ret += PAGE_SIZE * PG_COUNT(rlen + 8) - rlen - 8;
282*08b48e0bSAndroid Build Coastguard Worker
283*08b48e0bSAndroid Build Coastguard Worker /* Store allocation metadata. */
284*08b48e0bSAndroid Build Coastguard Worker
285*08b48e0bSAndroid Build Coastguard Worker ret += 8;
286*08b48e0bSAndroid Build Coastguard Worker
287*08b48e0bSAndroid Build Coastguard Worker PTR_L(ret) = len;
288*08b48e0bSAndroid Build Coastguard Worker PTR_C(ret) = alloc_canary;
289*08b48e0bSAndroid Build Coastguard Worker
290*08b48e0bSAndroid Build Coastguard Worker total_mem += len;
291*08b48e0bSAndroid Build Coastguard Worker
292*08b48e0bSAndroid Build Coastguard Worker if (rlen != len) {
293*08b48e0bSAndroid Build Coastguard Worker
294*08b48e0bSAndroid Build Coastguard Worker size_t i;
295*08b48e0bSAndroid Build Coastguard Worker for (i = len; i < rlen; ++i)
296*08b48e0bSAndroid Build Coastguard Worker ret[i] = TAIL_ALLOC_CANARY;
297*08b48e0bSAndroid Build Coastguard Worker
298*08b48e0bSAndroid Build Coastguard Worker }
299*08b48e0bSAndroid Build Coastguard Worker
300*08b48e0bSAndroid Build Coastguard Worker return ret;
301*08b48e0bSAndroid Build Coastguard Worker
302*08b48e0bSAndroid Build Coastguard Worker }
303*08b48e0bSAndroid Build Coastguard Worker
304*08b48e0bSAndroid Build Coastguard Worker /* The "user-facing" wrapper for calloc(). This just checks for overflows and
305*08b48e0bSAndroid Build Coastguard Worker displays debug messages if requested. */
306*08b48e0bSAndroid Build Coastguard Worker
calloc(size_t elem_len,size_t elem_cnt)307*08b48e0bSAndroid Build Coastguard Worker __attribute__((malloc)) __attribute__((alloc_size(1, 2))) void *calloc(
308*08b48e0bSAndroid Build Coastguard Worker size_t elem_len, size_t elem_cnt) {
309*08b48e0bSAndroid Build Coastguard Worker
310*08b48e0bSAndroid Build Coastguard Worker void *ret;
311*08b48e0bSAndroid Build Coastguard Worker
312*08b48e0bSAndroid Build Coastguard Worker size_t len = elem_len * elem_cnt;
313*08b48e0bSAndroid Build Coastguard Worker
314*08b48e0bSAndroid Build Coastguard Worker /* Perform some sanity checks to detect obvious issues... */
315*08b48e0bSAndroid Build Coastguard Worker
316*08b48e0bSAndroid Build Coastguard Worker if (elem_cnt && len / elem_cnt != elem_len) {
317*08b48e0bSAndroid Build Coastguard Worker
318*08b48e0bSAndroid Build Coastguard Worker if (no_calloc_over) {
319*08b48e0bSAndroid Build Coastguard Worker
320*08b48e0bSAndroid Build Coastguard Worker DEBUGF("calloc(%zu, %zu) would overflow, returning NULL", elem_len,
321*08b48e0bSAndroid Build Coastguard Worker elem_cnt);
322*08b48e0bSAndroid Build Coastguard Worker return NULL;
323*08b48e0bSAndroid Build Coastguard Worker
324*08b48e0bSAndroid Build Coastguard Worker }
325*08b48e0bSAndroid Build Coastguard Worker
326*08b48e0bSAndroid Build Coastguard Worker FATAL("calloc(%zu, %zu) would overflow", elem_len, elem_cnt);
327*08b48e0bSAndroid Build Coastguard Worker
328*08b48e0bSAndroid Build Coastguard Worker }
329*08b48e0bSAndroid Build Coastguard Worker
330*08b48e0bSAndroid Build Coastguard Worker ret = __dislocator_alloc(len);
331*08b48e0bSAndroid Build Coastguard Worker
332*08b48e0bSAndroid Build Coastguard Worker DEBUGF("calloc(%zu, %zu) = %p [%zu total]", elem_len, elem_cnt, ret,
333*08b48e0bSAndroid Build Coastguard Worker total_mem);
334*08b48e0bSAndroid Build Coastguard Worker
335*08b48e0bSAndroid Build Coastguard Worker return ret;
336*08b48e0bSAndroid Build Coastguard Worker
337*08b48e0bSAndroid Build Coastguard Worker }
338*08b48e0bSAndroid Build Coastguard Worker
339*08b48e0bSAndroid Build Coastguard Worker /* The wrapper for malloc(). Roughly the same, also clobbers the returned
340*08b48e0bSAndroid Build Coastguard Worker memory (unlike calloc(), malloc() is not guaranteed to return zeroed
341*08b48e0bSAndroid Build Coastguard Worker memory). */
342*08b48e0bSAndroid Build Coastguard Worker
malloc(size_t len)343*08b48e0bSAndroid Build Coastguard Worker __attribute__((malloc)) __attribute__((alloc_size(1))) void *malloc(
344*08b48e0bSAndroid Build Coastguard Worker size_t len) {
345*08b48e0bSAndroid Build Coastguard Worker
346*08b48e0bSAndroid Build Coastguard Worker void *ret;
347*08b48e0bSAndroid Build Coastguard Worker
348*08b48e0bSAndroid Build Coastguard Worker ret = __dislocator_alloc(len);
349*08b48e0bSAndroid Build Coastguard Worker
350*08b48e0bSAndroid Build Coastguard Worker DEBUGF("malloc(%zu) = %p [%zu total]", len, ret, total_mem);
351*08b48e0bSAndroid Build Coastguard Worker
352*08b48e0bSAndroid Build Coastguard Worker if (ret && len) memset(ret, ALLOC_CLOBBER, len);
353*08b48e0bSAndroid Build Coastguard Worker
354*08b48e0bSAndroid Build Coastguard Worker return ret;
355*08b48e0bSAndroid Build Coastguard Worker
356*08b48e0bSAndroid Build Coastguard Worker }
357*08b48e0bSAndroid Build Coastguard Worker
358*08b48e0bSAndroid Build Coastguard Worker /* The wrapper for free(). This simply marks the entire region as PROT_NONE.
359*08b48e0bSAndroid Build Coastguard Worker If the region is already freed, the code will segfault during the attempt to
360*08b48e0bSAndroid Build Coastguard Worker read the canary. Not very graceful, but works, right? */
361*08b48e0bSAndroid Build Coastguard Worker
free(void * ptr)362*08b48e0bSAndroid Build Coastguard Worker void free(void *ptr) {
363*08b48e0bSAndroid Build Coastguard Worker
364*08b48e0bSAndroid Build Coastguard Worker u32 len;
365*08b48e0bSAndroid Build Coastguard Worker
366*08b48e0bSAndroid Build Coastguard Worker DEBUGF("free(%p)", ptr);
367*08b48e0bSAndroid Build Coastguard Worker
368*08b48e0bSAndroid Build Coastguard Worker if (!ptr) return;
369*08b48e0bSAndroid Build Coastguard Worker
370*08b48e0bSAndroid Build Coastguard Worker if (PTR_C(ptr) != alloc_canary) FATAL("bad allocator canary on free()");
371*08b48e0bSAndroid Build Coastguard Worker
372*08b48e0bSAndroid Build Coastguard Worker len = PTR_L(ptr);
373*08b48e0bSAndroid Build Coastguard Worker
374*08b48e0bSAndroid Build Coastguard Worker total_mem -= len;
375*08b48e0bSAndroid Build Coastguard Worker u8 *ptr_ = ptr;
376*08b48e0bSAndroid Build Coastguard Worker
377*08b48e0bSAndroid Build Coastguard Worker if (align_allocations && (len & (ALLOC_ALIGN_SIZE - 1))) {
378*08b48e0bSAndroid Build Coastguard Worker
379*08b48e0bSAndroid Build Coastguard Worker size_t rlen = (len & ~(ALLOC_ALIGN_SIZE - 1)) + ALLOC_ALIGN_SIZE;
380*08b48e0bSAndroid Build Coastguard Worker for (; len < rlen; ++len)
381*08b48e0bSAndroid Build Coastguard Worker if (ptr_[len] != TAIL_ALLOC_CANARY)
382*08b48e0bSAndroid Build Coastguard Worker FATAL("bad tail allocator canary on free()");
383*08b48e0bSAndroid Build Coastguard Worker
384*08b48e0bSAndroid Build Coastguard Worker }
385*08b48e0bSAndroid Build Coastguard Worker
386*08b48e0bSAndroid Build Coastguard Worker /* Protect everything. Note that the extra page at the end is already
387*08b48e0bSAndroid Build Coastguard Worker set as PROT_NONE, so we don't need to touch that. */
388*08b48e0bSAndroid Build Coastguard Worker
389*08b48e0bSAndroid Build Coastguard Worker ptr_ -= PAGE_SIZE * PG_COUNT(len + 8) - len - 8;
390*08b48e0bSAndroid Build Coastguard Worker
391*08b48e0bSAndroid Build Coastguard Worker if (mprotect(ptr_ - 8, PG_COUNT(len + 8) * PAGE_SIZE, PROT_NONE))
392*08b48e0bSAndroid Build Coastguard Worker FATAL("mprotect() failed when freeing memory");
393*08b48e0bSAndroid Build Coastguard Worker
394*08b48e0bSAndroid Build Coastguard Worker ptr = ptr_;
395*08b48e0bSAndroid Build Coastguard Worker
396*08b48e0bSAndroid Build Coastguard Worker /* Keep the mapping; this is wasteful, but prevents ptr reuse. */
397*08b48e0bSAndroid Build Coastguard Worker
398*08b48e0bSAndroid Build Coastguard Worker }
399*08b48e0bSAndroid Build Coastguard Worker
400*08b48e0bSAndroid Build Coastguard Worker /* Realloc is pretty straightforward, too. We forcibly reallocate the buffer,
401*08b48e0bSAndroid Build Coastguard Worker move data, and then free (aka mprotect()) the original one. */
402*08b48e0bSAndroid Build Coastguard Worker
realloc(void * ptr,size_t len)403*08b48e0bSAndroid Build Coastguard Worker __attribute__((alloc_size(2))) void *realloc(void *ptr, size_t len) {
404*08b48e0bSAndroid Build Coastguard Worker
405*08b48e0bSAndroid Build Coastguard Worker void *ret;
406*08b48e0bSAndroid Build Coastguard Worker
407*08b48e0bSAndroid Build Coastguard Worker ret = malloc(len);
408*08b48e0bSAndroid Build Coastguard Worker
409*08b48e0bSAndroid Build Coastguard Worker if (ret && ptr) {
410*08b48e0bSAndroid Build Coastguard Worker
411*08b48e0bSAndroid Build Coastguard Worker if (PTR_C(ptr) != alloc_canary) FATAL("bad allocator canary on realloc()");
412*08b48e0bSAndroid Build Coastguard Worker // Here the tail canary check is delayed to free()
413*08b48e0bSAndroid Build Coastguard Worker
414*08b48e0bSAndroid Build Coastguard Worker memcpy(ret, ptr, MIN(len, PTR_L(ptr)));
415*08b48e0bSAndroid Build Coastguard Worker free(ptr);
416*08b48e0bSAndroid Build Coastguard Worker
417*08b48e0bSAndroid Build Coastguard Worker }
418*08b48e0bSAndroid Build Coastguard Worker
419*08b48e0bSAndroid Build Coastguard Worker DEBUGF("realloc(%p, %zu) = %p [%zu total]", ptr, len, ret, total_mem);
420*08b48e0bSAndroid Build Coastguard Worker
421*08b48e0bSAndroid Build Coastguard Worker return ret;
422*08b48e0bSAndroid Build Coastguard Worker
423*08b48e0bSAndroid Build Coastguard Worker }
424*08b48e0bSAndroid Build Coastguard Worker
425*08b48e0bSAndroid Build Coastguard Worker /* posix_memalign we mainly check the proper alignment argument
426*08b48e0bSAndroid Build Coastguard Worker if the requested size fits within the alignment we do
427*08b48e0bSAndroid Build Coastguard Worker a normal request */
428*08b48e0bSAndroid Build Coastguard Worker
posix_memalign(void ** ptr,size_t align,size_t len)429*08b48e0bSAndroid Build Coastguard Worker int posix_memalign(void **ptr, size_t align, size_t len) {
430*08b48e0bSAndroid Build Coastguard Worker
431*08b48e0bSAndroid Build Coastguard Worker // if (*ptr == NULL) return EINVAL; // (andrea) Why? I comment it out for now
432*08b48e0bSAndroid Build Coastguard Worker if ((align % 2) || (align % sizeof(void *))) return EINVAL;
433*08b48e0bSAndroid Build Coastguard Worker if (len == 0) {
434*08b48e0bSAndroid Build Coastguard Worker
435*08b48e0bSAndroid Build Coastguard Worker *ptr = NULL;
436*08b48e0bSAndroid Build Coastguard Worker return 0;
437*08b48e0bSAndroid Build Coastguard Worker
438*08b48e0bSAndroid Build Coastguard Worker }
439*08b48e0bSAndroid Build Coastguard Worker
440*08b48e0bSAndroid Build Coastguard Worker size_t rem = len % align;
441*08b48e0bSAndroid Build Coastguard Worker if (rem) len += align - rem;
442*08b48e0bSAndroid Build Coastguard Worker
443*08b48e0bSAndroid Build Coastguard Worker *ptr = __dislocator_alloc(len);
444*08b48e0bSAndroid Build Coastguard Worker
445*08b48e0bSAndroid Build Coastguard Worker if (*ptr && len) memset(*ptr, ALLOC_CLOBBER, len);
446*08b48e0bSAndroid Build Coastguard Worker
447*08b48e0bSAndroid Build Coastguard Worker DEBUGF("posix_memalign(%p %zu, %zu) [*ptr = %p]", ptr, align, len, *ptr);
448*08b48e0bSAndroid Build Coastguard Worker
449*08b48e0bSAndroid Build Coastguard Worker return 0;
450*08b48e0bSAndroid Build Coastguard Worker
451*08b48e0bSAndroid Build Coastguard Worker }
452*08b48e0bSAndroid Build Coastguard Worker
453*08b48e0bSAndroid Build Coastguard Worker /* just the non-posix fashion */
454*08b48e0bSAndroid Build Coastguard Worker
memalign(size_t align,size_t len)455*08b48e0bSAndroid Build Coastguard Worker __attribute__((malloc)) __attribute__((alloc_size(2))) void *memalign(
456*08b48e0bSAndroid Build Coastguard Worker size_t align, size_t len) {
457*08b48e0bSAndroid Build Coastguard Worker
458*08b48e0bSAndroid Build Coastguard Worker void *ret = NULL;
459*08b48e0bSAndroid Build Coastguard Worker
460*08b48e0bSAndroid Build Coastguard Worker if (posix_memalign(&ret, align, len)) {
461*08b48e0bSAndroid Build Coastguard Worker
462*08b48e0bSAndroid Build Coastguard Worker DEBUGF("memalign(%zu, %zu) failed", align, len);
463*08b48e0bSAndroid Build Coastguard Worker
464*08b48e0bSAndroid Build Coastguard Worker }
465*08b48e0bSAndroid Build Coastguard Worker
466*08b48e0bSAndroid Build Coastguard Worker return ret;
467*08b48e0bSAndroid Build Coastguard Worker
468*08b48e0bSAndroid Build Coastguard Worker }
469*08b48e0bSAndroid Build Coastguard Worker
470*08b48e0bSAndroid Build Coastguard Worker /* sort of C11 alias of memalign only more severe, alignment-wise */
471*08b48e0bSAndroid Build Coastguard Worker
aligned_alloc(size_t align,size_t len)472*08b48e0bSAndroid Build Coastguard Worker __attribute__((malloc)) __attribute__((alloc_size(2))) void *aligned_alloc(
473*08b48e0bSAndroid Build Coastguard Worker size_t align, size_t len) {
474*08b48e0bSAndroid Build Coastguard Worker
475*08b48e0bSAndroid Build Coastguard Worker void *ret = NULL;
476*08b48e0bSAndroid Build Coastguard Worker
477*08b48e0bSAndroid Build Coastguard Worker if ((len % align)) return NULL;
478*08b48e0bSAndroid Build Coastguard Worker
479*08b48e0bSAndroid Build Coastguard Worker if (posix_memalign(&ret, align, len)) {
480*08b48e0bSAndroid Build Coastguard Worker
481*08b48e0bSAndroid Build Coastguard Worker DEBUGF("aligned_alloc(%zu, %zu) failed", align, len);
482*08b48e0bSAndroid Build Coastguard Worker
483*08b48e0bSAndroid Build Coastguard Worker }
484*08b48e0bSAndroid Build Coastguard Worker
485*08b48e0bSAndroid Build Coastguard Worker return ret;
486*08b48e0bSAndroid Build Coastguard Worker
487*08b48e0bSAndroid Build Coastguard Worker }
488*08b48e0bSAndroid Build Coastguard Worker
489*08b48e0bSAndroid Build Coastguard Worker /* specific BSD api mainly checking possible overflow for the size */
490*08b48e0bSAndroid Build Coastguard Worker
reallocarray(void * ptr,size_t elem_len,size_t elem_cnt)491*08b48e0bSAndroid Build Coastguard Worker __attribute__((alloc_size(2, 3))) void *reallocarray(void *ptr, size_t elem_len,
492*08b48e0bSAndroid Build Coastguard Worker size_t elem_cnt) {
493*08b48e0bSAndroid Build Coastguard Worker
494*08b48e0bSAndroid Build Coastguard Worker const size_t elem_lim = 1UL << (sizeof(size_t) * 4);
495*08b48e0bSAndroid Build Coastguard Worker const size_t elem_tot = elem_len * elem_cnt;
496*08b48e0bSAndroid Build Coastguard Worker void *ret = NULL;
497*08b48e0bSAndroid Build Coastguard Worker
498*08b48e0bSAndroid Build Coastguard Worker if ((elem_len >= elem_lim || elem_cnt >= elem_lim) && elem_len > 0 &&
499*08b48e0bSAndroid Build Coastguard Worker elem_cnt > (SIZE_MAX / elem_len)) {
500*08b48e0bSAndroid Build Coastguard Worker
501*08b48e0bSAndroid Build Coastguard Worker DEBUGF("reallocarray size overflow (%zu)", elem_tot);
502*08b48e0bSAndroid Build Coastguard Worker
503*08b48e0bSAndroid Build Coastguard Worker } else {
504*08b48e0bSAndroid Build Coastguard Worker
505*08b48e0bSAndroid Build Coastguard Worker ret = realloc(ptr, elem_tot);
506*08b48e0bSAndroid Build Coastguard Worker
507*08b48e0bSAndroid Build Coastguard Worker }
508*08b48e0bSAndroid Build Coastguard Worker
509*08b48e0bSAndroid Build Coastguard Worker return ret;
510*08b48e0bSAndroid Build Coastguard Worker
511*08b48e0bSAndroid Build Coastguard Worker }
512*08b48e0bSAndroid Build Coastguard Worker
reallocarr(void * ptr,size_t elem_len,size_t elem_cnt)513*08b48e0bSAndroid Build Coastguard Worker int reallocarr(void *ptr, size_t elem_len, size_t elem_cnt) {
514*08b48e0bSAndroid Build Coastguard Worker
515*08b48e0bSAndroid Build Coastguard Worker void *ret = NULL;
516*08b48e0bSAndroid Build Coastguard Worker const size_t elem_tot = elem_len * elem_cnt;
517*08b48e0bSAndroid Build Coastguard Worker
518*08b48e0bSAndroid Build Coastguard Worker if (elem_tot == 0) {
519*08b48e0bSAndroid Build Coastguard Worker
520*08b48e0bSAndroid Build Coastguard Worker void **h = &ptr;
521*08b48e0bSAndroid Build Coastguard Worker *h = ret;
522*08b48e0bSAndroid Build Coastguard Worker return 0;
523*08b48e0bSAndroid Build Coastguard Worker
524*08b48e0bSAndroid Build Coastguard Worker }
525*08b48e0bSAndroid Build Coastguard Worker
526*08b48e0bSAndroid Build Coastguard Worker ret = reallocarray(ptr, elem_len, elem_cnt);
527*08b48e0bSAndroid Build Coastguard Worker return ret ? 0 : -1;
528*08b48e0bSAndroid Build Coastguard Worker
529*08b48e0bSAndroid Build Coastguard Worker }
530*08b48e0bSAndroid Build Coastguard Worker
531*08b48e0bSAndroid Build Coastguard Worker #if defined(__APPLE__)
malloc_size(const void * ptr)532*08b48e0bSAndroid Build Coastguard Worker size_t malloc_size(const void *ptr) {
533*08b48e0bSAndroid Build Coastguard Worker
534*08b48e0bSAndroid Build Coastguard Worker #elif !defined(__ANDROID__)
535*08b48e0bSAndroid Build Coastguard Worker size_t malloc_usable_size(void *ptr) {
536*08b48e0bSAndroid Build Coastguard Worker
537*08b48e0bSAndroid Build Coastguard Worker #else
538*08b48e0bSAndroid Build Coastguard Worker size_t malloc_usable_size(const void *ptr) {
539*08b48e0bSAndroid Build Coastguard Worker
540*08b48e0bSAndroid Build Coastguard Worker #endif
541*08b48e0bSAndroid Build Coastguard Worker
542*08b48e0bSAndroid Build Coastguard Worker return ptr ? PTR_L(ptr) : 0;
543*08b48e0bSAndroid Build Coastguard Worker
544*08b48e0bSAndroid Build Coastguard Worker }
545*08b48e0bSAndroid Build Coastguard Worker
546*08b48e0bSAndroid Build Coastguard Worker #if defined(__APPLE__)
547*08b48e0bSAndroid Build Coastguard Worker size_t malloc_good_size(size_t len) {
548*08b48e0bSAndroid Build Coastguard Worker
549*08b48e0bSAndroid Build Coastguard Worker return (len & ~(ALLOC_ALIGN_SIZE - 1)) + ALLOC_ALIGN_SIZE;
550*08b48e0bSAndroid Build Coastguard Worker
551*08b48e0bSAndroid Build Coastguard Worker }
552*08b48e0bSAndroid Build Coastguard Worker
553*08b48e0bSAndroid Build Coastguard Worker #endif
554*08b48e0bSAndroid Build Coastguard Worker
555*08b48e0bSAndroid Build Coastguard Worker __attribute__((constructor)) void __dislocator_init(void) {
556*08b48e0bSAndroid Build Coastguard Worker
557*08b48e0bSAndroid Build Coastguard Worker char *tmp = getenv("AFL_LD_LIMIT_MB");
558*08b48e0bSAndroid Build Coastguard Worker
559*08b48e0bSAndroid Build Coastguard Worker if (tmp) {
560*08b48e0bSAndroid Build Coastguard Worker
561*08b48e0bSAndroid Build Coastguard Worker char *tok;
562*08b48e0bSAndroid Build Coastguard Worker unsigned long long mmem = strtoull(tmp, &tok, 10);
563*08b48e0bSAndroid Build Coastguard Worker if (*tok != '\0' || errno == ERANGE || mmem > SIZE_MAX / 1024 / 1024)
564*08b48e0bSAndroid Build Coastguard Worker FATAL("Bad value for AFL_LD_LIMIT_MB");
565*08b48e0bSAndroid Build Coastguard Worker max_mem = mmem * 1024 * 1024;
566*08b48e0bSAndroid Build Coastguard Worker
567*08b48e0bSAndroid Build Coastguard Worker }
568*08b48e0bSAndroid Build Coastguard Worker
569*08b48e0bSAndroid Build Coastguard Worker alloc_canary = ALLOC_CANARY;
570*08b48e0bSAndroid Build Coastguard Worker tmp = getenv("AFL_RANDOM_ALLOC_CANARY");
571*08b48e0bSAndroid Build Coastguard Worker
572*08b48e0bSAndroid Build Coastguard Worker if (tmp) arc4random_buf(&alloc_canary, sizeof(alloc_canary));
573*08b48e0bSAndroid Build Coastguard Worker
574*08b48e0bSAndroid Build Coastguard Worker alloc_verbose = !!getenv("AFL_LD_VERBOSE");
575*08b48e0bSAndroid Build Coastguard Worker hard_fail = !!getenv("AFL_LD_HARD_FAIL");
576*08b48e0bSAndroid Build Coastguard Worker no_calloc_over = !!getenv("AFL_LD_NO_CALLOC_OVER");
577*08b48e0bSAndroid Build Coastguard Worker align_allocations = !!getenv("AFL_ALIGNED_ALLOC");
578*08b48e0bSAndroid Build Coastguard Worker
579*08b48e0bSAndroid Build Coastguard Worker }
580*08b48e0bSAndroid Build Coastguard Worker
581*08b48e0bSAndroid Build Coastguard Worker /* NetBSD fault handler specific api subset */
582*08b48e0bSAndroid Build Coastguard Worker
583*08b48e0bSAndroid Build Coastguard Worker void (*esetfunc(void (*fn)(int, const char *, ...)))(int, const char *, ...) {
584*08b48e0bSAndroid Build Coastguard Worker
585*08b48e0bSAndroid Build Coastguard Worker /* Might not be meaningful to implement; upper calls already report errors */
586*08b48e0bSAndroid Build Coastguard Worker return NULL;
587*08b48e0bSAndroid Build Coastguard Worker
588*08b48e0bSAndroid Build Coastguard Worker }
589*08b48e0bSAndroid Build Coastguard Worker
590*08b48e0bSAndroid Build Coastguard Worker void *emalloc(size_t len) {
591*08b48e0bSAndroid Build Coastguard Worker
592*08b48e0bSAndroid Build Coastguard Worker return malloc(len);
593*08b48e0bSAndroid Build Coastguard Worker
594*08b48e0bSAndroid Build Coastguard Worker }
595*08b48e0bSAndroid Build Coastguard Worker
596*08b48e0bSAndroid Build Coastguard Worker void *ecalloc(size_t elem_len, size_t elem_cnt) {
597*08b48e0bSAndroid Build Coastguard Worker
598*08b48e0bSAndroid Build Coastguard Worker return calloc(elem_len, elem_cnt);
599*08b48e0bSAndroid Build Coastguard Worker
600*08b48e0bSAndroid Build Coastguard Worker }
601*08b48e0bSAndroid Build Coastguard Worker
602*08b48e0bSAndroid Build Coastguard Worker void *erealloc(void *ptr, size_t len) {
603*08b48e0bSAndroid Build Coastguard Worker
604*08b48e0bSAndroid Build Coastguard Worker return realloc(ptr, len);
605*08b48e0bSAndroid Build Coastguard Worker
606*08b48e0bSAndroid Build Coastguard Worker }
607*08b48e0bSAndroid Build Coastguard Worker
608