“如何调试缓冲区溢出问题” [英] "How to debug Buffer Overrun Issues"
问题描述
我的程序因错误消息而崩溃:
< tbody>
TestLogger.exe中发生了缓冲区溢出,该程序已损坏程序的内部状态。按Break可调试程序或继续终止程序。
有关详细信息,请参阅帮助主题"如何调试缓冲区溢出问题"。
然而当我搜索"如何调试缓冲区溢出问题"时我找不到任何接近的东西。我得到的最接近的是来自"编写安全代码"的文章。关于防止缓冲区溢出,但我的程序已经防止缓冲区溢出,据我所知。我需要找到错误消息要查找的文章。
嗯,你一定有一个非常大的超支堆栈导致。很可能你有一个非空终止的字符串然后你用strlen来计算长度。
你在程序中使用过strncpy吗?如果你有,那么你必须记住,如果字符串的长度超过你传递给它的值,它就不会添加空字符。
我不能对其他人说太多,但这是我要做的一般事情,以找出缓冲区溢出的位置。
1)为每个包含字符串长度的字符串保留一个附加变量。
2)逐步执行包含字符串操作的每个函数,并检查每个字符串的大小并制作确保有足够的空间。
我做的其他事情可以帮助防止这样的事情发生。
1)永远不要在堆栈上分配字符串。我创建的所有字符串都在堆上。
2)所有字符串都以最大可能长度创建。如果输入了任何字符串,则将其截断为最大长度。
3)如果不需要,我不重用缓冲区。如果我想将一个字符串放入内存中,它或者是一个只读常量,或者我在复制字符串时分配缓冲区,先释放任何先前分配的内存。
4)我有一个自定义strlen函数,它将字符串的最大可能大小作为参数。这意味着,如果目标缓冲区是51个字符,那么我将50作为参数传递给strlen函数。如果它超过50个字符,那么它将返回50,否则它将返回字符串的长度。
5)我总是明确地为空字符保留一个字符。如果我为40个字符的字符串分配足够的空间,我将确保分配41个字符的内存。
6)在使用之前,我总是将整个缓冲区初始化为0。
My program crashed with the error message:
A buffer overrun has occurred in TestLogger.exe which has corrupted the program's internal state. Press Break to debug the program or Continue to terminate the program. For more details please see Help topic 'How to debug Buffer Overrun Issues'.
Yet when I search for "How to debug Buffer Overrun Issues" I don't find anything close to that. The closest I get is an article from "Writing Secure Code" about prevention of buffer overrun, but my program is already preventing buffer overrun as much as I know. I need to find the article that the error message says to find.
Hmm, you must have had a pretty big overrun on the stack to cause that. Most likely you have a string which wasn't null terminated and you then used strlen to count the length.
Have you used strncpy in your program? If you have then you have to remember that it doesn't add the null character if the length of the string is longer than the value you pass to it.
I can't say much for other people but this is the general things I do to find out where a buffer overrun is occuring.
1) Keep an additional variable for each string containing the length of the string.
2) Step through each function which contains string operations and check the sizes of each string and make sure there is enough room.
Other things which I do to help prevent things like this.
1) Never allocate a string on the stack. All strings I create are on the heap.
2) All strings are created with a maximum possible length. If there is any string inputted then it is truncated to the maximum length.
3) I don't reuse buffers if I don't need to. If I want to put a string into memory, it is either a readonly constant or I allocate the buffer just as I copy the string, freeing any previously allocated memory first.
4) I have a custom strlen function which takes the maximum possible size of the string as a parameter. This means, if the target buffer is 51 chars then I will pass 50 as a parameter to the strlen function. If it is more than 50 chars then it will return 50 otherwise it will return the length of the string.
5) I always explicitly have one character reserved for the null character. If I allocate enough room for a 40 character string, I will make sure that I allocate 41 characters worth of memory.
6) I always initialise the entire buffer to 0 before I use it.
这篇关于“如何调试缓冲区溢出问题”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
