addressSanitizer:地址上的堆缓冲区溢出 [英] addressSanitizer: heap-buffer-overflow on address

问题描述

我刚开始学习C.

我试图编写一个函数来打开文件，读取BUFFER_SIZE，将内容存储在数组中，然后跟踪字符'\n'(因为我想获取输入的每一行).

当我将BUFFER_SIZE设置得很大时，我可以得到第一行.当我将BUFFER_SIZE设置为相当小(例如42)时(它还不是第一行的末尾)，它会在末尾打印出一些奇怪的符号，但我想这是我自己的代码中的错误.

但是，当我将BUFFER_SIZE设置得非常小时，例如= 10，并且我使用-fsanitizer=address检查内存泄漏.它会抛出错误的怪物:

==90673==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000000fb at pc 0x000108868a95 bp 0x7fff573979a0 sp 0x7fff57397998
READ of size 1 at 0x6020000000fb thread T0

如果有人可以从一般意义上解释我:

• fsanitizer =地址标记是什么?

• 什么是堆缓冲区溢出?

• 什么是地址和线程?在屏幕上以彩色显示线程的标志是什么?

• 以及为什么说在地址读取大小为1."?

我真的很感谢< 3

解决方案

什么是fsanitizer =地址标记?

通常，C编译器不会为内存访问添加边界检查. 有时由于代码错误，缓冲区外部有读取或写入操作，因此通常很难检测到此错误.使用此标志，编译器将添加一些边界检查，以确保您不会使用缓冲区来超出其分配范围.

什么是堆缓冲区溢出?

使用数组在分配后到达

char* x = malloc(10);
char n=x[11]; //heap-buffer-overflow

(下溢要在分配之前达到)

char* x = malloc(10);
char n=x[-11]; //heap-buffer-underflow

什么是地址和线程?

地址是内存中的位置，线程是进程运行代码的一部分.

以及为什么说在地址读取大小为1."?

这意味着您从给定地址读取单个字节.

---

我认为您的问题是您为缓冲区分配了BUFFER_SIZE并将相同的BUFFER_SIZE读入其中.正确的方法是始终声明至少比读取的字节多一个字节. 像这样:

char* buff = malloc(BUFFER_SIZE+1);//notice to +1
fread(buff,1,BUFFER_SIZE,fp);

I am at the very beginning of learning C.

I am trying to write a function to open a file, read a BUFFER_SIZE, store the content in an array, then track the character '\n' (because I want to get each line of the input).

when I set the BUFFER_SIZE very large, I can get the first line. when I set the BUFFER_SIZE reasonably small (say, 42) which is not yet the end of the first line , it prints out some weird symbol at the end, but I guess it is some bug in my own code.

however, when I set the BUFFER_SIZE very small, say = 10, and i use the -fsanitizer=address to check for memory leak. it throws a monster of error:

==90673==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000000fb at pc 0x000108868a95 bp 0x7fff573979a0 sp 0x7fff57397998
READ of size 1 at 0x6020000000fb thread T0

If anyone can explain me in a general sense:

• what is fsanitizer=address flag?

• what is heap-buffer-overflow?

• what is address and thread? what is the flag to see the thread in colors on screen?

• and why it says 'read of size 1 at address.." ?

i would really appreciate <3

解决方案

what is fsanitizer=address flag?

Usually C compiler doesn't add boundaries check for memory access. Sometimes due to code error, there is read or write from outside the buffer, such an error is usually hard to detect. Using this flag the compiler add some boundaries check, to ensure you won't use a buffer to reach outside of its allocation.

what is heap-buffer-overflow?

use an array to reach after its allocation,

char* x = malloc(10);
char n=x[11]; //heap-buffer-overflow

(underflow is to reach before its allocation)

char* x = malloc(10);
char n=x[-11]; //heap-buffer-underflow

what is address and thread?

Address is position in memory, thread is part of process running sequence of code.

and why it says 'read of size 1 at address.." ?

It means you read single byte form the given address.

---

I think your problem is that you allocate the BUFFER_SIZE for the buffer and read the same BUFFER_SIZE into it. The correct approach is to always declare at least one more byte than you read. like this:

char* buff = malloc(BUFFER_SIZE+1);//notice to +1
fread(buff,1,BUFFER_SIZE,fp);

这篇关于addressSanitizer:地址上的堆缓冲区溢出的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！