Identify segmentation fault with valgrind

huangapple go评论64阅读模式
英文:

Identify segmentation fault with valgrind

问题

I have this C++ program:

我有这个C++程序:

I have an array of size 2 which I initialize to 0.
Afterwards I am accessing an element out of bounds of the array. However, I am getting any error with valgrind.

我有一个大小为2的数组,我将其初始化为0。之后,我访问了数组越界的元素。然而,我在valgrind中没有得到任何错误。

I am compiling the code as:

我将代码编译为:

g++ -g test.cpp -o test

And running valgrind with:

然后使用valgrind运行:

valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes --log-file="log.txt" ./test

int main()
{
int foo[2] = {0};
std::cout << foo[0] << std::endl;
foo[5] = 12; // out of bounds

return 0;

}

The log is:

日志如下:

==3560== Command: ./test
==3560== Parent PID: 3474
==3560==
==3560==
==3560== HEAP SUMMARY:
==3560== in use at exit: 0 bytes in 0 blocks
==3560== total heap usage: 2 allocs, 2 frees, 73,728 bytes allocated
==3560==
==3560== All heap blocks were freed -- no leaks are possible
==3560==
==3560== For lists of detected and suppressed errors, rerun with: -s
==3560== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

Should I be getting a segmentation fault error?
Why am I not catching it with valgrind?

我应该得到一个分段错误吗?为什么valgrind没有捕获到它?

英文:

I have this C++ program:

I have an array of size 2 which I initialize to 0.
Afterwards I am accessing an element out of bounds of the array. However, I am getting any error with valgrind.

I am compiling the code as:

g++ -g test.cpp -o test

And running valgrind with:

valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes --log-file=&quot;log.txt&quot; ./test


int main() 
{
    int foo[2] = {0};
    std::cout &lt;&lt; foo[0] &lt;&lt; std::endl;
    foo[5] = 12; // out of bounds

    return 0;
}

The log is:

==3560== Command: ./test
==3560== Parent PID: 3474
==3560== 
==3560== 
==3560== HEAP SUMMARY:
==3560==     in use at exit: 0 bytes in 0 blocks
==3560==   total heap usage: 2 allocs, 2 frees, 73,728 bytes allocated
==3560== 
==3560== All heap blocks were freed -- no leaks are possible
==3560== 
==3560== For lists of detected and suppressed errors, rerun with: -s
==3560== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

Should I be getting a segmentation fault error?
Why am I not catching it with valgrind?

Kind regards

答案1

得分: 3

Here are the translated portions:

  1. "Should I be getting a segmentation fault error?"

    • "我是否应该得到分段错误?"
  2. "Why am I not catching it with valgrind?"

    • "为什么Valgrind没有捕获它?"
  3. "what is a good tool for this?"

    • "什么是用于此目的的好工具?"
  4. The code portion is not translated, as per your request.

英文:

> Should I be getting a segmentation fault error?

Irrelevant on if you should, you should not expect to be getting a segmentation fault in case your code is not valid.

Because foo is on stack, it is likely foo + 5 is still inside stack memory region and not inside a protected memory region.

> Why am I not catching it with valgrind?

Valgrind is like a dynamic library that hooks C library calls, mostly for checking malloc dynamic allocation. It has no way of detecting out-of-bounds of arrays on stack.

> what is good tool for this?

Static analysis and code instrumentation. With gcc we have -fanalyzer and -fsanitize=address. There are also clang-check cppcheck etc.

+ g++ -fanalyzer -fsanitize=undefined 1.cpp
1.cpp: In function ‘int main()’:
1.cpp:6:12: warning: stack-based buffer overflow [CWE-121] [-Wanalyzer-out-of-bounds]
    6 |     foo[5] = 12; // out of bounds
      |     ~~~~~~~^~~~
  ‘int main()’: events 1-2
    |
    |    4 |     int foo[2] = {0};
    |      |         ^~~
    |      |         |
    |      |         (1) capacity: 8 bytes
    |    5 |     std::cout &lt;&lt; foo[0] &lt;&lt; std::endl;
    |    6 |     foo[5] = 12; // out of bounds
    |      |     ~~~~~~~~~~~
    |      |            |
    |      |            (2) out-of-bounds write from byte 20 till byte 23 but ‘foo’ ends at byte 8
    |
1.cpp:6:12: note: write of 4 bytes to beyond the end of ‘foo’
    6 |     foo[5] = 12; // out of bounds
      |     ~~~~~~~^~~~
1.cpp:6:12: note: valid subscripts for ‘foo’ are ‘[0]’ to ‘[1]’
+ ./a.out
0
1.cpp:6:10: runtime error: index 5 out of bounds for type &#39;int [2]&#39;
1.cpp:6:12: runtime error: store to address 0x7ffd904e0d64 with insufficient space for an object of type &#39;int&#39;
0x7ffd904e0d64: note: pointer points here
  00 20 01 00 00 00 00 00  88 0e 4e 90 fd 7f 00 00  01 00 00 00 00 00 00 00  50 98 23 42 16 7f 00 00
              ^ 

huangapple
  • 本文由 发表于 2023年5月6日 17:53:23
  • 转载请务必保留本文链接:https://go.coder-hub.com/76188238.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定