From 2ce82eea5c7d5e05a3e3d220c19bbdac830e7dba Mon Sep 17 00:00:00 2001
From: Jonathan Bradley <jcb@pikum.xyz>
Date: Wed, 25 Jun 2025 17:49:56 -0400
Subject: pkmem: handle overflows & leaks in tests

---
 config.mk     |  2 ++
 pkfuncinstr.h |  7 ++++---
 pkmem.h       | 12 ++++++------
 test/pkev.cpp |  2 ++
 4 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/config.mk b/config.mk
index 4a7fa83..f9ee686 100644
--- a/config.mk
+++ b/config.mk
@@ -20,6 +20,8 @@ LIBS = -lm \
 
 # flags
 # -rdynamic is for pkfuncinstr
+# -fsanitize=address \ for testing
+
 SHARED_FLAGS = -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200809L \
  -DVERSION=\"$(VERSION)\" \
  -DPK_MEMORY_DEBUGGER \
diff --git a/pkfuncinstr.h b/pkfuncinstr.h
index 0f76eed..3a30bd3 100644
--- a/pkfuncinstr.h
+++ b/pkfuncinstr.h
@@ -90,11 +90,11 @@ void pk_funcinstr_init() {
 
 __attribute__((no_instrument_function))
 void pk_funcinstr_teardown() {
-	size_t i, k;
+	int64_t i, k;
 	mtx_lock(&thrd_mstr.mtx);
-	for (i = 0; i < thrd_mstr.n_buckets; ++i) {
+	for (i = ((int64_t)thrd_mstr.n_buckets)-1; i > -1; --i) {
 		struct pk_funcinstr_bkt *bkt = thrd_mstr.buckets[i];
-		for (k = 0; k < bkt->used_count; ++k) {
+		for (k = ((int64_t)bkt->used_count)-1; k > -1; --k) {
 			free(bkt->data[k].children);
 		}
 	}
@@ -140,6 +140,7 @@ void pk_funcinstr_detect_and_handle_reset() {
 		should_hard_reset = should_hard_reset || (thrd_mstr.reset_time.tv_sec == pk_funcinstr_thrd_bkt->reset_time.tv_sec && thrd_mstr.reset_time.tv_nsec > pk_funcinstr_thrd_bkt->reset_time.tv_nsec);
 	}
 	if (should_hard_reset) {
+		if (pk_funcinstr_thrd_bkt != NULL) free(pk_funcinstr_thrd_bkt);
 		pk_funcinstr_thrd_bkt = NULL;
 		pk_funcinstr_thrd_instr = NULL;
 		should_reset = true;
diff --git a/pkmem.h b/pkmem.h
index 2339d22..461fc64 100644
--- a/pkmem.h
+++ b/pkmem.h
@@ -507,10 +507,11 @@ pk_delete_bkt(const void* ptr, size_t sz, struct pk_membucket* bkt)
 {
 #ifdef PK_MEMORY_FORCE_MALLOC
 #if defined(__cplusplus)
-	return std::free(const_cast<void*>(ptr));
+	std::free(const_cast<void*>(ptr));
 #else
-	return free((void*)ptr);
+	free((void*)ptr);
 #endif
+	return;
 #endif
 	size_t i, k;
 	mtx_lock(&bkt->mtx);
@@ -567,17 +568,16 @@ pk_delete_bkt(const void* ptr, size_t sz, struct pk_membucket* bkt)
 	struct pk_memblock* beforeBlk = NULL;
 	struct pk_memblock* afterBlk = NULL;
 	for (i = bkt->block_head_r+1; i > 0 ; --i) {
-		k = pk_memblock_blocks_idx(bkt, i-2);
+		k = pk_memblock_blocks_idx(bkt, (i-1));
 		tmp_blk = &bkt->blocks[k];
 		if (tmp_blk->data + tmp_blk->size == ptr) {
 			beforeBlk = tmp_blk;
+			break;
 		}
-		tmp_blk -= 1;
 		if (i <= bkt->block_head_r+1 && tmp_blk->data == afterPtr) {
 			afterBlk = tmp_blk;
-			break;
+			continue;
 		}
-		tmp_blk += 1;
 		if (tmp_blk->data < (char*)ptr) {
 			break;
 		}
diff --git a/test/pkev.cpp b/test/pkev.cpp
index 30ccbb0..f8b370b 100644
--- a/test/pkev.cpp
+++ b/test/pkev.cpp
@@ -141,6 +141,7 @@ int main(int argc, char *argv[])
 			d->ev = evs;
 			d->i = i;
 			pk_ev_emit(evs[i].evmgr, evs[i].evid, d);
+			delete d;
 		}
 
 		bool any_false = false;
@@ -173,6 +174,7 @@ int main(int argc, char *argv[])
 			d->i = i;
 			d->ev = &evs[0];
 			pk_ev_emit(evs[i].evmgr, evs[i].evid, d);
+			delete d;
 		}
 
 		bool any_false = false;
-- 
cgit v1.2.3