应该如何读取堆缓冲区溢出错误消息? [英] How should the heap-buffer-overflow error message be read?
问题描述
我想知道应该如何阅读以下错误消息。特别是:
I wanted to know how the following error message should be read. In particular:
(1)诸如fa(左堆红色区域)和fd(释放堆区域)之类的东西是什么意思?
(1) what do things such as fa (heap left redzone) and fd (freed heap region) mean?
(2)00和05的含义是什么。
(2) What is the significance of the 00s and 05s.
(3)指向(0x0c067fff8010)的存储块的意义是什么?
(3) What is the significance of the memory block being pointed to (0x0c067fff8010)?
(4)什么是野指针?
(5)为什么fa与
编译命令
clang++ test.cpp -fsanitize=address -D_LIBCPP_DEBUG=1
错误消息
Address 0x6030000000f0 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/tzadiko/randomStuff/a.out+0x4fa83d) in main
Shadow bytes around the buggy address:
0x0c067fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c067fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c067fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c067fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c067fff8000: fa fa fd fd fd fd fa fa 00 00 00 07 fa fa 00 00
=>0x0c067fff8010: 05 fa fa fa 00 00 04 fa fa fa fa fa fa fa[fa]fa
0x0c067fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
推荐答案
Yo您忽略了输出的关键部分。以下是图例(摘录自文档):
You left out a crucial bit of the output. Here is the legend (taken from the documentation):
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap righ redzone: fb
Freed Heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
阅读此描述,我认为您问题的地址是转:
After reading this description, I think the address to your questions is, in turn:
-
红色区域是在分配的左侧和右侧都无法访问的数据区域。 ASan保留整个内存的位掩码,并为每个8字节区域确定wat的内存类型。
The redzone is a region of unaccessible data both to the left and to the right of an allocation. ASan keeps a bitmask of the entire memory and determines for each 8-byte region wat kind of memory it is.
如图例所示,00是完全可寻址的内存中,01至07表示部分可寻址。带有 05
的值大概意味着可以寻址该8字节块的前5个字节。
As the legend shows, 00 is fully addressable memory, 01 through 07 means "partially addressable". A value with 05
in it presumably means the first 5 bytes of that 8-byte block may be addressed.
0x0c067fff801e
是位图的索引。括号中的部分指示要使用的影子字节。将其乘以8,您将得到 0x6033fffc00f0
,可能必须对其进行一些修改才能返回到有问题的内存区域。
0x0c067fff801e
is the index into the bitmap. The part in brackets indicates which shadow byte is intended. Multiply it by 8 and you get 0x6033fffc00f0
, which must presumably be still modified a bit to get back at the offending memory region.
通配指针是指向未分配(或最近释放的)内存的指针。
A wild pointer is one that points into unallocated (or recently freed) memory.
请参阅3。
这篇关于应该如何读取堆缓冲区溢出错误消息?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!