From 4bd273f009ccdddd3985e20842c8469101726344 Mon Sep 17 00:00:00 2001
From: Benjamin Valentin <benjamin.valentin@ml-pa.com>
Date: Mon, 11 Nov 2024 14:43:29 +0100
Subject: [PATCH 1/2] sys/net/gnrc_pktbuf_static: add double free detection

---
 sys/net/gnrc/pktbuf_static/gnrc_pktbuf_static.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/sys/net/gnrc/pktbuf_static/gnrc_pktbuf_static.c b/sys/net/gnrc/pktbuf_static/gnrc_pktbuf_static.c
index 3c98e8a61d..9f84808ab1 100644
--- a/sys/net/gnrc/pktbuf_static/gnrc_pktbuf_static.c
+++ b/sys/net/gnrc/pktbuf_static/gnrc_pktbuf_static.c
@@ -438,6 +438,10 @@ static void *_pktbuf_alloc(size_t size)
 #endif
         assert(0);
     }
+    if (CONFIG_GNRC_PKTBUF_CHECK_USE_AFTER_FREE) {
+        /* clear out canary */
+        memset(ptr, ~CANARY, size);
+    }
 
     return (void *)ptr;
 }
@@ -469,6 +473,13 @@ void gnrc_pktbuf_free_internal(void *data, size_t size)
     }
 
     if (CONFIG_GNRC_PKTBUF_CHECK_USE_AFTER_FREE) {
+        /* check if the data has already been marked as free */
+        size_t chk_len = _align(size) - sizeof(*new);
+        if (chk_len && !memchk((uint8_t *)data + sizeof(*new), CANARY, chk_len)) {
+            printf("pktbuf: double free detected! (at %p, len=%u)\n",
+                   data, (unsigned)_align(size));
+            DEBUG_BREAKPOINT(2);
+        }
         memset(data, CANARY, _align(size));
     }
 

From 982af61c82bd7f2ec4e761bcc62252bf7eca442d Mon Sep 17 00:00:00 2001
From: Benjamin Valentin <benjamin.valentin@ml-pa.com>
Date: Mon, 11 Nov 2024 14:45:17 +0100
Subject: [PATCH 2/2] sys/net/gnrc_pktbuf_static: make hexdump optional

---
 sys/net/gnrc/pktbuf_static/gnrc_pktbuf_static.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/sys/net/gnrc/pktbuf_static/gnrc_pktbuf_static.c b/sys/net/gnrc/pktbuf_static/gnrc_pktbuf_static.c
index 9f84808ab1..0b52d198c4 100644
--- a/sys/net/gnrc/pktbuf_static/gnrc_pktbuf_static.c
+++ b/sys/net/gnrc/pktbuf_static/gnrc_pktbuf_static.c
@@ -240,12 +240,13 @@ gnrc_pktsnip_t *gnrc_pktbuf_start_write(gnrc_pktsnip_t *pkt)
 }
 
 #ifdef DEVELHELP
-#ifdef MODULE_OD
 static inline void _print_chunk(void *chunk, size_t size, int num)
 {
     printf("=========== chunk %3i (%-10p size: %4" PRIuSIZE ") ===========\n", num, chunk,
            size);
+#ifdef MODULE_OD
     od_hex_dump(chunk, size, OD_WIDTH_DEFAULT);
+#endif
 }
 
 static inline void _print_ptr(_unused_t *ptr)
@@ -266,11 +267,9 @@ static inline void _print_unused(_unused_t *ptr)
     _print_ptr(ptr->next);
     printf(", size: %4u) ~\n", ptr->size);
 }
-#endif
 
 void gnrc_pktbuf_stats(void)
 {
-#ifdef MODULE_OD
     _unused_t *ptr = _first_unused;
     uint8_t *chunk = &_static_buf[0];
     int count = 0;
@@ -306,9 +305,6 @@ void gnrc_pktbuf_stats(void)
     if (chunk <= &_static_buf[CONFIG_GNRC_PKTBUF_SIZE - 1]) {
         _print_chunk(chunk, &_static_buf[CONFIG_GNRC_PKTBUF_SIZE] - chunk, count);
     }
-#else
-    DEBUG("pktbuf: needs od module\n");
-#endif
 }
 #endif