英文:
Identify segmentation fault with valgrind
问题
I have this C++ program:
我有这个C++程序:
I have an array of size 2 which I initialize to 0.
Afterwards I am accessing an element out of bounds of the array. However, I am getting any error with valgrind.
我有一个大小为2的数组,我将其初始化为0。之后,我访问了数组越界的元素。然而,我在valgrind中没有得到任何错误。
I am compiling the code as:
我将代码编译为:
g++ -g test.cpp -o test
And running valgrind with:
然后使用valgrind运行:
valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes --log-file="log.txt" ./test
int main()
{
int foo[2] = {0};
std::cout << foo[0] << std::endl;
foo[5] = 12; // out of bounds
return 0;
}
The log is:
日志如下:
==3560== Command: ./test
==3560== Parent PID: 3474
==3560==
==3560==
==3560== HEAP SUMMARY:
==3560== in use at exit: 0 bytes in 0 blocks
==3560== total heap usage: 2 allocs, 2 frees, 73,728 bytes allocated
==3560==
==3560== All heap blocks were freed -- no leaks are possible
==3560==
==3560== For lists of detected and suppressed errors, rerun with: -s
==3560== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Should I be getting a segmentation fault error?
Why am I not catching it with valgrind?
我应该得到一个分段错误吗?为什么valgrind没有捕获到它?
英文:
I have this C++ program:
I have an array of size 2 which I initialize to 0.
Afterwards I am accessing an element out of bounds of the array. However, I am getting any error with valgrind.
I am compiling the code as:
g++ -g test.cpp -o test
And running valgrind with:
valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes --log-file="log.txt" ./test
int main()
{
int foo[2] = {0};
std::cout << foo[0] << std::endl;
foo[5] = 12; // out of bounds
return 0;
}
The log is:
==3560== Command: ./test
==3560== Parent PID: 3474
==3560==
==3560==
==3560== HEAP SUMMARY:
==3560== in use at exit: 0 bytes in 0 blocks
==3560== total heap usage: 2 allocs, 2 frees, 73,728 bytes allocated
==3560==
==3560== All heap blocks were freed -- no leaks are possible
==3560==
==3560== For lists of detected and suppressed errors, rerun with: -s
==3560== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Should I be getting a segmentation fault error?
Why am I not catching it with valgrind?
Kind regards
答案1
得分: 3
Here are the translated portions:
-
"Should I be getting a segmentation fault error?"
- "我是否应该得到分段错误?"
-
"Why am I not catching it with valgrind?"
- "为什么Valgrind没有捕获它?"
-
"what is a good tool for this?"
- "什么是用于此目的的好工具?"
-
The code portion is not translated, as per your request.
英文:
> Should I be getting a segmentation fault error?
Irrelevant on if you should, you should not expect to be getting a segmentation fault in case your code is not valid.
Because foo
is on stack, it is likely foo + 5
is still inside stack memory region and not inside a protected memory region.
> Why am I not catching it with valgrind?
Valgrind is like a dynamic library that hooks C library calls, mostly for checking malloc
dynamic allocation. It has no way of detecting out-of-bounds of arrays on stack.
> what is good tool for this?
Static analysis and code instrumentation. With gcc we have -fanalyzer
and -fsanitize=address
. There are also clang-check
cppcheck
etc.
+ g++ -fanalyzer -fsanitize=undefined 1.cpp
1.cpp: In function ‘int main()’:
1.cpp:6:12: warning: stack-based buffer overflow [CWE-121] [-Wanalyzer-out-of-bounds]
6 | foo[5] = 12; // out of bounds
| ~~~~~~~^~~~
‘int main()’: events 1-2
|
| 4 | int foo[2] = {0};
| | ^~~
| | |
| | (1) capacity: 8 bytes
| 5 | std::cout << foo[0] << std::endl;
| 6 | foo[5] = 12; // out of bounds
| | ~~~~~~~~~~~
| | |
| | (2) out-of-bounds write from byte 20 till byte 23 but ‘foo’ ends at byte 8
|
1.cpp:6:12: note: write of 4 bytes to beyond the end of ‘foo’
6 | foo[5] = 12; // out of bounds
| ~~~~~~~^~~~
1.cpp:6:12: note: valid subscripts for ‘foo’ are ‘[0]’ to ‘[1]’
+ ./a.out
0
1.cpp:6:10: runtime error: index 5 out of bounds for type 'int [2]'
1.cpp:6:12: runtime error: store to address 0x7ffd904e0d64 with insufficient space for an object of type 'int'
0x7ffd904e0d64: note: pointer points here
00 20 01 00 00 00 00 00 88 0e 4e 90 fd 7f 00 00 01 00 00 00 00 00 00 00 50 98 23 42 16 7f 00 00
^
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论