From ba43ee40465c0f7a01f055c03339ee453d568263 Mon Sep 17 00:00:00 2001
From: Liav A <liavalb@gmail.com>
Date: Fri, 10 Mar 2023 10:49:09 +0200
Subject: [PATCH] CrashReporter: Warn about malloc and free patterns in fault
 address

Warn the user about seemingly known malloc() and free() patterns in the
fault address.
This brings back the functionality that was removed recently in the
5416a37fdea815b2fc18c35a60d173f8cfa67709 commit, but this time we detect
these patterns in userspace code and not in kernel code.
---
 Userland/Applications/CrashReporter/main.cpp | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/Userland/Applications/CrashReporter/main.cpp b/Userland/Applications/CrashReporter/main.cpp
index 978a060644..7a502e92d0 100644
--- a/Userland/Applications/CrashReporter/main.cpp
+++ b/Userland/Applications/CrashReporter/main.cpp
@@ -37,6 +37,7 @@
 #include <LibGUI/Window.h>
 #include <LibMain/Main.h>
 #include <LibThreading/BackgroundAction.h>
+#include <mallocdefs.h>
 #include <serenity.h>
 #include <spawn.h>
 #include <string.h>
@@ -81,7 +82,20 @@ static TitleAndText build_backtrace(Coredump::Reader const& coredump, ELF::Core:
     auto fault_type = metadata.get("fault_type");
     auto fault_access = metadata.get("fault_access");
     if (fault_address.has_value() && fault_type.has_value() && fault_access.has_value()) {
-        builder.appendff("{} fault on {} at address {}\n\n", fault_type.value(), fault_access.value(), fault_address.value());
+        builder.appendff("{} fault on {} at address {}", fault_type.value(), fault_access.value(), fault_address.value());
+        constexpr FlatPtr malloc_scrub_pattern = explode_byte(MALLOC_SCRUB_BYTE);
+        constexpr FlatPtr free_scrub_pattern = explode_byte(FREE_SCRUB_BYTE);
+        auto raw_fault_address = AK::StringUtils::convert_to_uint_from_hex(fault_address.value().substring_view(2));
+        if (raw_fault_address.has_value() && (raw_fault_address.value() & 0xffff0000) == (malloc_scrub_pattern & 0xffff0000)) {
+            builder.append(", looks like it may be uninitialized malloc() memory\n"sv);
+            dbgln("NOTE: Address {:p} looks like it may be uninitialized malloc() memory\n", raw_fault_address.value());
+        } else if (raw_fault_address.has_value() && (raw_fault_address.value() & 0xffff0000) == (free_scrub_pattern & 0xffff0000)) {
+            builder.append(", looks like it may be recently free()'d memory\n"sv);
+            dbgln("NOTE: Address {:p} looks like it may be recently free()'d memory\n", raw_fault_address.value());
+        } else {
+            builder.append("\n"sv);
+        }
+        builder.append("\n"sv);
     }
 
     auto first_entry = true;