Linux memory out of bounds detection method--valgrind__linux



Linux memory out of bounds detection method--valgrind

A Valgrind

1. Download and install

Download Address: http://valgrind.org/downloads/current.html#current

#configure

#make

#make Install

2. Use

2.1 Inner Bounds

Write a section of code with memory access out of bounds, as follows:

#include <stdio.h>

#include <stdlib.h>

#include <errno.h>

int main ()

{

char *p = NULL;

char *temp = NULL;

p = (char*) malloc (sizeof (char));

if (NULL = p)

{

Perror ("Cannot allocate memory.");

return-1;

}

Temp[0] = p[6];

Free (p);

p = NULL;

return 0;

}

Save File TEST.c

In the code above, we assign p a byte of space, then we have to access p[6] to see what happens.

2.1.1 with debug compilation

#gcc t-g test.c-o Test

2.1.2 Operation Analysis

First run directly

#./test

Segment error (Core dumped)

Exit the error directly.

Use Valgrind to load run test

#valgrind--tool=memcheck--leak-check=full/test.

==17686== Memcheck, a memory error detector

==17686== Copyright (C) 2002-2013, and GNU GPL ' d, by Julian Seward et al.

==17686== Using Valgrind-3.10.1 and Libvex; Rerun with-h for copyright info

==17686== Command:./test

==17686==

==17686== Invalid Read of size 1

==17686== at 0x40059a:main (test.c:19)

==17686== address 0x4c22046 's 5 bytes after a block of size 1 Alloc ' d

==17686== at 0x4a0720a:malloc (vg_replace_malloc.c:296)

==17686== by 0x400575:main (test.c:10)

==17686==

==17686== Invalid Write of size 1

==17686== at 0x4005a1:main (test.c:19)

==17686== address 0x0 isn't stack ' d, malloc ' d or (recently) free ' d

==17686==

==17686==

==17686== Process terminating with default action of signal (SIGSEGV)

==17686== Access not within mapped region in address 0x0

==17686== at 0x4005a1:main (test.c:19)

==17686== If You believe this happened as a result of a stack

==17686== overflow in your program ' s main thread (unlikely but

==17686== possible), you can try to increase the size of the

==17686== main thread stack using the--main-stacksize= flag.

==17686== the main thread stack size used in this run is 10485760.

==17686==

==17686== HEAP SUMMARY:

==17686== in the exit:1 bytes in 1 blocks

==17686== Total heap Usage:1 allocs, 0 frees, 1 bytes allocated

==17686==

==17686== leak SUMMARY:

==17686== definitely lost:0 bytes in 0 blocks

==17686== indirectly lost:0 bytes in 0 blocks

==17686== possibly lost:0 bytes in 0 blocks

==17686== still reachable:1 bytes in 1 blocks

==17686== suppressed:0 bytes in 0 blocks

==17686== reachable blocks (those to which a pointer is found) are not shown.

==17686== to-them, rerun with:--leak-check=full--show-leak-kinds=all

==17686==

==17686== for counts of detected and suppressed errors, rerun with:-V

==17686== ERROR Summary:2 errors from 2 contexts (Suppressed:4 from 4)

Segment error (Core dumped)

We see that Valgrind has reported two errors, see the red section above, we analyze each:

==17686== Invalid Read of size 1

==17686== at 0x40059a:main (test.c:19)

==17686== address 0x4c22046 's 5 bytes after a block of size 1 Alloc ' d

==17686== at 0x4a0720a:malloc (vg_replace_malloc.c:296)

==17686== by 0x400575:main (test.c:10)

This is a read error, indicating that line 19th in test.c, in line 10th (p = (char*) malloc (sizeof (char)), is normally allocated to address (0X4A0720A) 1 bytes, The read address (0x4c22046) is the next 5 bytes (the p[6 we visited).

Then analyze the second error:

==17686== Invalid Write of size 1

==17686== at 0x4005a1:main (test.c:19)

==17686== address 0x0 isn't stack ' d, malloc ' d or (recently) free ' d

Valgrind complained that we started using it without a distribution and said it was temp.

2.2 Memory leaks

2.2.1 Code Modification

For memory leaks, Valgrind can also be well checked out, and in the example above, make the following modifications:

#include <stdio.h>

#include <stdlib.h>

#include <errno.h>

int main ()

{

char *p = NULL;

char *temp = NULL;

p = (char*) malloc (sizeof (char));

if (NULL = p)

{

Perror ("Cannot allocate memory.");

return-1;

}

Temp[0] = p[6];

Free (p);

p = NULL;

return 0;

}

Note code that memory accesses the bounds and frees memory.

2.2.2 Compile and run