You can ask
malloc to check the consistency of dynamic memory by
mcheck function. This function is a GNU extension,
declared in mcheck.h.
mallocto perform occasional consistency checks. These will catch things such as writing past the end of a block that was allocated with
The abortfn argument is the function to call when an inconsistency is found. If you supply a null pointer, then
mcheckuses a default function which prints a message and calls
abort(see Aborting a Program). The function you supply is called with one argument, which says what sort of inconsistency was detected; its type is described below.
It is too late to begin allocation checking once you have allocated anything with
mcheckdoes nothing in that case. The function returns
-1if you call it too late, and
0otherwise (when it is successful).
The easiest way to arrange to call
mcheckearly enough is to use the option ‘-lmcheck’ when you link your program; then you don't need to modify your program source at all. Alternatively you might use a debugger to insert a call to
mcheckwhenever the program is started, for example these gdb commands will automatically call
mcheckwhenever the program starts:(gdb) break main Breakpoint 1, main (argc=2, argv=0xbffff964) at whatever.c:10 (gdb) command 1 Type commands for when breakpoint 1 is hit, one per line. End with a line saying just "end". >call mcheck(0) >continue >end (gdb) ...
This will however only work if no initialization function of any object involved calls any of the
mcheckmust be called before the first such function.
mprobefunction lets you explicitly check for inconsistencies in a particular allocated block. You must have already called
mcheckat the beginning of the program, to do its occasional checks; calling
mproberequests an additional consistency check to be done at the time of the call.
The argument pointer must be a pointer returned by
mprobereturns a value that says what inconsistency, if any, was found. The values are described below.
This enumerated type describes what kind of inconsistency was detected in an allocated block, if any. Here are the possible values:
mcheckwas not called before the first allocation. No consistency checking can be done.
- No inconsistency detected.
- The data immediately before the block was modified. This commonly happens when an array index or pointer is decremented too far.
- The data immediately after the block was modified. This commonly happens when an array index or pointer is incremented too far.
- The block was already freed.
Another possibility to check for and guard against bugs in the use of
free is to set the environment
MALLOC_CHECK_ is set, a
special (less efficient) implementation is used which is designed to be
tolerant against simple errors, such as double calls of
the same argument, or overruns of a single byte (off-by-one bugs). Not
all such errors can be protected against, however, and memory leaks can
MALLOC_CHECK_ is set to
0, any detected heap
corruption is silently ignored; if set to
1, a diagnostic is
stderr; if set to
abort is called
immediately. This can be useful because otherwise a crash may happen
much later, and the true cause for the problem is then very hard to
There is one problem with
MALLOC_CHECK_: in SUID or SGID binaries
it could possibly be exploited since diverging from the normal programs
behavior it now writes something to the standard error descriptor.
Therefore the use of
MALLOC_CHECK_ is disabled by default for
SUID and SGID binaries. It can be enabled again by the system
administrator by adding a file /etc/suid-debug (the content is
not important it could be empty).
So, what's the difference between using
MALLOC_CHECK_ and linking
MALLOC_CHECK_ is orthogonal with respect to
‘-lmcheck’. ‘-lmcheck’ has been added for backward
MALLOC_CHECK_ and ‘-lmcheck’ should
uncover the same bugs - but using
MALLOC_CHECK_ you don't need to
recompile your application.