https://www.undeadly.org/cgi?action=article;sid=20230417074903 Front page [ ] [Search site] OpenBSD Journal Home Archives About Submit Story Create Account Login malloc leak detection available in -current Contributed by Peter N. M. Hansteen on 2023-04-17 from the freeing the chunks dept. OpenBSD -current just grew a new tool for developers working on OpenBSD to detect unsafe behaviors in their code. OpenBSD lets you more easily track memory allocations and whether allocations are properly freed after use. In a message to tech@, Otto Moerbeek (otto@) announced the new functionality: Subject: malloc leak detection available in -current From: Otto Moerbeek Date: 2023-04-17 6:43:19 Hi, OpenBSD current now has built-in malloc leak detection. Make sure you run current and have debug symbols (OpenBSD base libraries have debug symbols, compile your own program with -g). To record the leak report: $ MALLOC_OPTIONS=D ktrace -tu a.out To view the leak report: $ kdump -u malloc Example output: ******** Start dump a.out ******* M=8 I=1 F=0 U=0 J=1 R=0 X=0 C=0 cache=64 G=0 Leak report: f sum # avg 0x0 1088864 9722 112 addr2line -e '?' 0x0 0xf4b73093c 31136 278 112 addr2line -e a.out 0x1093c ******** End dump a.out ******* $ addr2line -e a.out 0x1093c /home/otto/x.c:6 Some additional info: The null "f" values (call sites) are due to the sampling nature of small allocations. Recording all call sites of all potential leaks introduces too much overhead. Note that aggresssive optimizations might confuse the line numbers reported. For -static programs, compile with -nopie to make addr2line work. In some cases will want to use the packaged version of addr2line (gaddr2line, in the binutils package) as the base addr2line does not grok all debug info formats. -Otto This represents one important step in the ongoing work of making OpenBSD the better environment for developing secure, well behaved code. Reply --------------------------------------------------------------------- Comments 1. By John McCue (jmcunx) jmcq66@comcast.net on 2023-04-17 18:56 It is like the OpenBSD developers read my mind :) Thank you! Reply Latest Articles * Mon, Apr 17 + 07:49 malloc leak detection available in -current (1) * Mon, Apr 10 + 14:00 OpenBSD 7.3 released (2) * Sun, Apr 09 + 11:07 LibreSSL 3.7.2 Released (0) * Sat, Mar 25 + 16:34 Theo de Raadt at CanSecWest: Synthetic Memory Protections (0) * Thu, Mar 23 + 15:23 OpenBGPD 7.9 released (0) * Sun, Mar 19 + 23:05 (Even more) Aggressive randomisation of stack location (0) + 22:56 rpki-client 8.3 released (0) * Sat, Mar 18 + 11:26 -current has moved to 7.3, ports commits restricted pending release (0) + 09:13 OpenBGPD 7.8 released (0) Credits Copyright (c) 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]