All geek questions in one place

String Overflow Detection in C

We use Devchecker boundchecker to detect memory leak problems. This is a wonderful job, although it does not find line overflows as shown below.

char szTest [1] = "";

for (i = 0; i < 100; i ++) {

    strcat (szTest, "hi");
}

Question-1: This is their way, can I get BoundsChecker to detect this?

Question-2: Do they have any other tool that can detect such problems?

+3
source share
8 answers

I tried this in my devpartner (msvc6.6) (devpartner 7.2.0.372)

I confirm your observed behavior. I get an access violation after 63 loop passes.

What does compuware say about this problem?

CppCheck .

+2

- , . , :

#define strcpy  strcpy_is_banned_use_strlcpy
#define strcat  strcat_is_banned_use_strlcat
#define strncpy strncpy_is_banned_use_strlcpy
#define strncat strncat_is_banned_use_strlcat
#define sprintf sprintf_is_banned_use_snprintf

, "banned" , , . MSVC - , _CRT_SECURE_NO_DEPRECATE.

, , , , . , , .

+2

valgrind , , , . strcat, strcpy .., , .

: valgrind, :

, Memcheck . , , , Memcheck. .

Ptrcheck . Valgrind --tool=exp-ptrcheck, , , , Memcheck.

Ptrcheck.

+2

, . , Visual Studio 2008 - C/++ - . " ".

, . , . , - , -, , V++.

+1

, ++, char?

std::stringstream test;
std::fill_n(std::ostream_iterator<std::string>(test), 100, "hi");
+1

/ RTCs, . strcat .

, ( , , ), . , .

+1

: Memory Safety Checker. , .

0

, API , , , .

BoundsChecker, 10.5 . , BoundsChecker . , , , , , .

Results: 100 messages about write overflow to the local variable and 99 messages that the destination line was not terminated by zero. Technically, this second message is incorrect, but BoundsChecker only looks for null termination within the destination line itself, and after the first call to strcat it no longer contains null bytes within its bounds.

Disclaimer: I work at MicroFocus as a developer working on BoundsChecker.

0
source

Source: https://habr.com/ru/post/1734176/

More articles:


All Articles