sprintf缓冲区全局数据溢出 - 如何检测它,Windows [英] sprintf buffer global data overflow - how to detect it, Windows
问题描述
我想知道是否可以在Windows中检测到这种缓冲区溢出。缓冲区是全局的(不是堆栈)所以/ Visual Studio 2008中的RTC,VS2012没有检查它。 MinGW gcc也失败了。
I am wondering if it's possible to detect this kind of buffer overflow somehow in Windows. Buffer is global ( not on stack ) so /RTC in Visual Studio 2008, VS2012 is not checking it. MinGW gcc also failed.
#include <stdio.h>
char buffer[2];
void main()
{
sprintf(buffer,"12345");
}
我的第一个想法是静态分析。
My first thought was static analysis.
- VS2012代码分析:没有
- CppCheck:没有
- PCLint Online:没有( http://www.gimpel-online.com/OnlineTesting.html )
- PVS-Studio:nothing
- VS2012 Code Analysis : nothing
- CppCheck: nothing
- PCLint Online: nothing ( http://www.gimpel-online.com/OnlineTesting.html )
- PVS-Studio: nothing
另一个解决方案是使用_s版本。
another solution is to use _s version.
#include <stdio.h>
char buffer[2];
void main()
{
sprintf_s(buffer, sizeof(buffer), "12345");
}
但代码看起来像这样
#include <stdio.h>
char buffer[2];
void main()
{
sprintf_s(buffer, 20, "12345");
}
仍然存在未检测到缓冲区溢出的相同问题。
there is still same problem of not detected buffer overrun.
可以使用内存保护,全球数据上的金丝雀(如堆叠),还是使用更好的静态,动态分析来解决这个问题?
Is is possible to use memory guard, canaries on global data ( like on stack ) as well or resolve this problem using better Static,Dynamic Analysis?
推荐答案
我是Cppcheck开发人员。 Cppcheck应该很容易检测到。你使用什么Cppcheck版本?最新的Cppcheck版本是1.64。
I am a Cppcheck developer. Cppcheck should easily detect that. What Cppcheck version did you use? Latest Cppcheck version is 1.64.
以下是使用cppcheck-1.64时的预期输出:
Here is the expected output when cppcheck-1.64 is used:
danielm@HP-Z220-2CMT:~/cppcheck$ ./cppcheck a.c
Checking a.c...
[a.c:5]: (error) Buffer is accessed out of bounds.
这篇关于sprintf缓冲区全局数据溢出 - 如何检测它,Windows的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
