From e80e45ce6f92d6ea173d5e5042629a54d1d7d24c Mon Sep 17 00:00:00 2001
From: jorton <jorton@13f79535-47bb-0310-9956-ffa450edef68>
Date: Tue, 25 Oct 2005 13:14:14 +0000
Subject: * memory/unix/apr_pools.c (pool_clear_debug): Scribble over blocks
 with a poison byte before freeing them to help highlight use-after-free bugs.

git-svn-id: http://svn.apache.org/repos/asf/apr/apr/trunk@328355 13f79535-47bb-0310-9956-ffa450edef68
---
 memory/unix/apr_pools.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'memory/unix')

diff --git a/memory/unix/apr_pools.c b/memory/unix/apr_pools.c
index 13c60a870..4e6200ab9 100644
--- a/memory/unix/apr_pools.c
+++ b/memory/unix/apr_pools.c
@@ -1356,6 +1356,8 @@ APR_DECLARE(void *) apr_pcalloc_debug(apr_pool_t *pool, apr_size_t size,
  * Pool creation/destruction (debug)
  */
 
+#define POOL_POISON_BYTE 'A'
+
 static void pool_clear_debug(apr_pool_t *pool, const char *file_line)
 {
     debug_node_t *node;
@@ -1383,13 +1385,18 @@ static void pool_clear_debug(apr_pool_t *pool, const char *file_line)
     /* Clear the user data. */
     pool->user_data = NULL;
 
-    /* Free the blocks */
+    /* Free the blocks, scribbling over them first to help highlight
+     * use-after-free issues. */
     while ((node = pool->nodes) != NULL) {
         pool->nodes = node->next;
 
-        for (index = 0; index < node->index; index++)
+        for (index = 0; index < node->index; index++) {
+            memset(node->beginp[index], POOL_POISON_BYTE,
+                   node->endp[index] - node->beginp[index]);
             free(node->beginp[index]);
+        }
 
+        memset(node, POOL_POISON_BYTE, SIZEOF_DEBUG_NODE_T);
         free(node);
     }
 
-- 
cgit v1.2.1