All geek questions in one place

Need help with buffer overflow

I have a buffer overflow that I absolutely can't see to understand (in C). First of all, this happens only in 10% of cases. The data that he pulls out of the database every time does not seem completely different, between executions ... at least, it is not quite enough to find any distinguishable template as to when this will happen. Exact message from Visual Studio:

A buffer overflow occurred in hub.exe, which ruined the internal state of the program. Press Break to debug the program or continue to end the program.

For more information, see the Help topic "How to Debug Buffer Overflow Problems".

If I am debugging, I find that it is broken into __report_gsfailure() , which I am sure is the / GS flag on the compiler, and also means that this is an overflow on the stack, not a bunch. I can also see the function that she attacked when she left, but I donโ€™t see anything there that could cause this behavior, the function also existed for a long time (more than 10 years, although with some minor changes) and, as far as I know, this has never happened.

I would post the function code, but it is decently long and refers to many native functions / variables, etc.

Basically, Iโ€™m looking for either some idea of โ€‹โ€‹what I should look for, which I donโ€™t have, or some tools that can help. Unfortunately, almost every tool I found helps only when debugging overloads on the heap, and if I'm not mistaken, this is on the stack. Thanks in advance.

+4
source share
5 answers

You can try to put some local variables at either end of the buffer or even in time zones in a (slightly widened) buffer and call a breakpoint if these values โ€‹โ€‹are not what you think. Obviously using a template that is unlikely in the data would be a good idea.

+3
source

Although this does not help you on Windows, Valgrind is by far the best tool for detecting poor memory performance.

If you are debugging the stack, you need to switch to low-level tools - put the canary on the stack stack (possibly a buffer filled with something like 0xA5) around any potential suspects. Run the program in the debugger and see which canaries no longer have the correct size and contain the correct contents. You gobble up a large piece of the stack by doing this, but it can help you pinpoint what is going on.

+3
source

One thing I did in the past to narrow down a riddle like this was to create a global visibility variable called checkpoint . Inside the culprit function, I set checkpoint = 0; like the very first line. Then I added ++checkpoint; operators ++checkpoint; before and after calls to functions or memory operations that I even remotely suspected might possibly call a link to external memory (plus apply the rest of the code so that I have a breakpoint at least every 10 lines or so). When your program crashes, a checkpoint value will reduce the range that you need to focus on a few lines of code. This might be a little redundant, I do things on embedded systems (where tools like valgrind cannot be used), but it will still be useful.

+1
source

Wrap it in an exception handler and upload useful information when this happens.

0
source

Is this program running at all? If so, I check there to make sure you don't have an infinite recursion error. If you donโ€™t see it manually, sometimes you can catch it in the debugger, often stopping and watching the stack.

0
source

Source: https://habr.com/ru/post/1308493/

More articles:


All Articles