在 Linux 中覆盖 malloc、free 和 calloc 导致递归

Question

我在Linux平台上重写了malloc、calloc和free函数如下：

#include <stdio.h>
#include <dlfcn.h>
#include <stdlib.h>
typedef void* (*MALLOCFN)(size_t);
typedef void* (*CALLOCFN)(size_t, size_t);
typedef void* (*CALLOCFN)(size_t, size_t);
typedef void (*FREEFN)(void *);
MALLOCFN real_malloc = (MALLOCFN) 0;
CALLOCFN real_calloc = (CALLOCFN) 0;
FREEFN real_free = (FREEFN) 0;
void *get_realfn(const char *fnm)
{
  void *pfunc = (void *) NULL;
  printf("searching for original %s\n", fnm);
  pfunc = dlsym(RTLD_NEXT, fnm);
  if (pfunc) printf("found original %s\n", fnm);
  else printf("not found original %s\n", fnm);
  return pfunc;
}
void *malloc(size_t s)
{
  printf("called malloc\n");
  if(real_malloc == NULL) real_malloc = (MALLOCFN) get_realfn("malloc");
  if (real_malloc) return real_malloc(s);
  else return NULL;
}
void *calloc(size_t s1, size_t s2)
{
  printf("called calloc\n");
  if(real_calloc == NULL) real_calloc = (CALLOCFN) get_realfn("calloc");
  if (real_calloc) return real_calloc(s1, s2);
  else return NULL;
}
void free (void * ptr)
{
  printf("called free\n");
  if(real_free == NULL) real_free = (FREEFN) get_realfn("free");
  if (real_free) real_free(ptr);
}
int main()
{
  char * c1 = (char *) malloc(400);
  char * c2 = (char *) malloc(400);
  free(c2); free(c1);
  return 0;
}

C程序（testalloc.c）是使用g++ 4.9.2版本编译器构建的：

g++ -g testalloc.c  -ldl -o testalloc;

前几行输出如下，进入无限递归崩溃：

called malloc
searching for original malloc
called free
searching for original free
called free
searching for original free
called free
searching for original free
called free
searching for original free
called free
. . . .

请建议如何避免递归。

Answer 1

printf 函数可以分配内存。因此，当您调用 printfbefore 时，未分配“真实”函数指针，它会进入您的插入函数，导致无限递归。所以不要在插入函数中使用printf 语句。

如果您确实需要打印某些内容，请使用 syscall(2)，它会绕过 stdio 库函数。

#include <sys/syscall.h>

...

syscall(SYS_write, STDOUT_FILENO, "searching for original\n",
                                  sizeof "searching for original\n" - 1);