为什么电围栏/Valgrind无法捕获此缓冲区溢出问题? [英] Why electric fence/Valgrind is unable to catch this buffer-overflow issue?

问题描述

我创建了一个越野车程序-buggy.c-这是缓冲区t的缓冲区溢出场景. 您可以看到我正在编写5个以上的索引.它工作正常.它永远不会给我带来错误.我在想，为什么会这样呢?我什至尝试过Valgrind，这也找不到此问题.你能告诉我这里是什么问题吗?

I have created a buggy program - buggy.c - this is a buffer-overflow scenario for buffer t. You can see that I am writing more than 5 indexes. It works fine. It never throws me an error. I was wondering, why is it like that? I tried even Valgrind, this also couldn't find this issue. Can you tell me please what is the issue here?

void buffer_overflow(void)
    {
      int t[5];
      int i = 0;

      for(i = 0; i<=7; i++)
      {
        t[i] = i;  

      }


      /** this will cause buffer overflow **/   
      printf("Memory_overflow_completed\r\n");

    }


    int main(int argc, char **argv)
    {

      buffer_overflow();

      return 0; 
    }

    $gcc -g buggy.c -o buggy.out -lefence

$./buggy.out

但是，我没有崩溃.这里没有电围栏的影响. 我想念什么? 我在这里看到了类似的问题，带有电子围栏库的gcc并没有生效，但似乎还没有答案. 我正在FC19上运行此示例.有人对此有答案吗?甚至valgrind也无法检测到该问题?还有其他工具可以检测到这些问题吗?

However, I don't get any crash. There is no effect of electric fence here. What am I missing? I saw the similar question posted here gcc with electric fence library does not take effect, but there seems to be no answer yet. I am running this example on FC19. Does anyone has an answer to it? Even valgrind fails to detect the issue? Is there any other tool to detect these issues?

基于进一步的评论，我修改了缓冲区溢出功能，以使其被Electric Fence检测到.但是，电子围栏无法检测到该问题.这是修改后的功能.

Based on the further comments, I revised the buffer-overflow function to get detected by Electric Fence. However,Electric Fence cannot detect the issue. Here is the modified function.

void buffer_overflow(void)
{

  #if 0
  int t[5];
  int i = 0;

  for(i = 0; i<=7; i++)
  {
    t[i] = i;  

  }
  #endif

  char *t = malloc(sizeof(char)*7);
  strcpy(t,"SHREYAS_JOSHI");


  /** this will cause buffer overflow **/   
  printf("Memory_overflow_completed\r\n");
  free(t);

}

[joshis1@localhost blogs-tune2wizard]$ gcc -g buggy.c  -o buggy.out -lefence

[joshis1@localhost blogs-tune2wizard]$ ./buggy.out 

  Electric Fence 2.2.2 Copyright (C) 1987-1999 Bruce Perens <bruce@perens.com>
Memory_overflow_completed

Electric Fence没有检测到任何错误，但Valgrind atleast显示了此错误.

There is no error detected by Electric Fence, but Valgrind atleast showed it.

推荐答案

Valgrind受到限制，因为只有二进制文件可用.如果您不介意(由编译器)在代码中插入某些工具，可以尝试地址清理器 .它会毒害分配区域(甚至是堆栈)周围的内存，然后检查每次读/写操作，因此它更有可能捕获这些问题.

Valgrind is limited by having only the binary available. If you don't mind some instrumentation being inserted in your code (by compiler), you can try address sanitizer. It poisons memory around allocated areas (even on stack) and then checks every read/write, so it has higher chance to catch these problems.

它已集成在当前的gcc(4.8+)和clang(3.2+)中 像这样编译您的代码:

It's integrated in current gcc (4.8+) and clang (3.2+) Just compile your code like:

gcc -g buggy.c  -o buggy.out -fsanitize=address

执行后，它会显示类似以下内容的

Upon execution, it prints something like:

==26247== ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff9fa0be54 at pc 0x4008df bp 0x7fff9fa0be00 sp 0x7fff9fa0bdf8
WRITE of size 4 at 0x7fff9fa0be54 thread T0

和堆栈跟踪.

钱德勒·卡鲁斯(Chandler Carruth)在在GN13上的本次演讲中进行了讨论

Chandler Carruth talked about it in this talk at GN13

注意:即使在clang 3.1中也受支持，但该开关称为-faddress-sanitizer而不是-fsanitize=address.

Note: It is supported even in clang 3.1, but the switch is called -faddress-sanitizer instead of -fsanitize=address.

这篇关于为什么电围栏/Valgrind无法捕获此缓冲区溢出问题?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！