Created
January 15, 2021 22:06
-
-
Save ZacAttack/8c67b998c90afdb19c715dfe327112d2 to your computer and use it in GitHub Desktop.
This program shows you how your process heap can become fragmented under some memory allocators!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <sys/types.h> | |
#include <unistd.h> | |
#include <stdlib.h> | |
// Define constants to make sure strings are not allocated at the top of the heap | |
#define HIT_ENTER "Press Enter to continue...\n" | |
#define ALLOCATED "500k 5KB chunks were just provisioned\n" | |
#define FREED "The first allocations were just free()'d.\n" | |
#define FREED_NEXT "The 2nd allocations were just free()'d.\n" | |
void press_enter_to_continue(void) { | |
printf(HIT_ENTER); | |
getchar(); | |
return; | |
} | |
int main() { | |
printf("Hello! This program will fragment its process heap. Run top -p %d to follow along!\n", getpid()); | |
press_enter_to_continue(); | |
int i; | |
// Arbitrary value | |
int ARRAY_SIZE = 5*1024*102; | |
// Because we're asking for a large size at the get-go, the backing memory for these arrays will be mmap'd. But the pointers stored here will be for | |
// small allocations that we expect to be brk()'d. We keep the mapping so we can free them later. | |
char *p1[ARRAY_SIZE]; | |
char *p2[ARRAY_SIZE]; | |
int mallocSize = 5 * 1024; | |
for(i=0; i < ARRAY_SIZE; i++){ | |
// malloc in small chunks such that we are always below the mmap threshold for these allocations. | |
p1[i] = malloc(mallocSize); | |
// Write something to make sure the page is backed by physical RAM | |
*p1[i] = 'a'; | |
} | |
printf(ALLOCATED); | |
press_enter_to_continue(); | |
for(i=0; i < ARRAY_SIZE; i++){ | |
// Again, malloc in small chunks such that we are always below the mmap threshold for these allocations | |
p2[i] = malloc(mallocSize); | |
*p2[i] = 'a'; | |
} | |
printf(ALLOCATED); | |
press_enter_to_continue(); | |
// Free the allocations | |
for(i=0; i < ARRAY_SIZE; i++){ | |
free(p1[i]); | |
} | |
printf(FREED); | |
press_enter_to_continue(); | |
// Free the allocations | |
for(i=0; i < ARRAY_SIZE; i++){ | |
free(p2[i]); | |
} | |
printf(FREED_NEXT); | |
press_enter_to_continue(); | |
return 0; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment