Search code examples
c++dynamic-memory-allocation

Replacing global operator new / delete and allocating memory within these, leading to heap corruption

#include <cstdlib>
#include <memory>
#include <unordered_map>

template <class T>
struct allocator {
  typedef size_t size_type;
  typedef ptrdiff_t difference_type;
  typedef T* pointer;
  typedef const T* const_pointer;
  typedef T& reference;
  typedef const T& const_reference;
  typedef T value_type;

  allocator() = default;

  template <class U>
  allocator(const allocator<U>&) {}

  T* allocate(std::size_t n) const { return (T*)malloc(n); } // debugger breaks here
  void deallocate(T* p, std::size_t) const { free(p); }
};

using allocations_map =
    std::unordered_map<void*, std::size_t, std::hash<void*>,
                       std::equal_to<void*>,
                       allocator<std::pair<void* const, std::size_t>>>;

allocations_map allocations; // heap corruption in the constructor

void* operator new(std::size_t n) {
  auto p = malloc(n);
  allocations.emplace(p, n);
  return p;
}

void operator delete(void* p) noexcept {
  allocations.erase(p);
  free(p);
}

int main() { std::vector<int> v(5); }

Why do i corrupt the heap in the constructor of allocations_map? The debugger detects the first heap corruption in a malloc call of the custom allocator, called inside the constructor.

Is there a more elegant solution then to write a non-logging custom allocator for allocations_map? The container shall obviously not log its own allocations.

I also tried two singleton approaches, as suggested in the comments, without success:

allocations_map& get_allocations_map()
{
    static allocations_map* allocations_ptr = nullptr;
    if (allocations_ptr == nullptr)
    {
        allocations_ptr = (allocations_map*) malloc(sizeof(allocations_map));
        allocations_ptr = new(allocations_ptr)allocations_map;
    }
    return *allocations_ptr;
}


allocations_map& get_allocations_map()
{
    static allocations_map allocations;
    return allocations;
}
Solution

  • From std::allocator::allocate allocator allocates n "things" not n bytes. You should change:

    T* allocate(std::size_t n) const { return (T*)malloc(n); }

    to:

    T* allocate(std::size_t n) const { return (T*)malloc(sizeof(T) * n); }

    Why do i corrupt the heap in the constructor of allocations_map?

    Because the constructor of elements stored in that map access allocated memory out-of-bounds.