1. 安装内存地址溢出检测库
yum install libasan Installed: libasan.x86_64 0:4.8.5-36.el7_6.2
2. 错误例子代码:
#include <stdio.h> #define kBufSize 10 char gArr[kBufSize]; int main(int argc, char **argv) { char localArr[kBufSize]; localArr[12] = 0x31; gArr[11] = 0x32; return gArr[11]; }
3. 编译代码(增加内存溢出检测)
gcc -o a1 addresss.c -fsanitize=address -g
4. 执行代码(检测内存溢出)
[root@VM_93_229_centos test]# ./a1 ================================================================= ==6766== ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc4c525bac at pc 0x4006c6 bp 0x7ffc4c525b60 sp 0x7ffc4c525b50 WRITE of size 1 at 0x7ffc4c525bac thread T0 #0 0x4006c5 (/home/dev/test/a1+0x4006c5) #1 0x7f5167e1c444 (/usr/lib64/libc-2.17.so+0x22444) #2 0x400588 (/home/dev/test/a1+0x400588) Address 0x7ffc4c525bac is located at offset 44 in frame <main> of T0's stack: This frame has 1 object(s): [32, 42) 'localArr' HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) Shadow bytes around the buggy address: 0x10000989cb20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000989cb30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000989cb40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000989cb50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000989cb60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x10000989cb70: f1 f1 f1 f1 00[02]f4 f4 f3 f3 f3 f3 00 00 00 00 0x10000989cb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000989cb90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000989cba0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000989cbb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000989cbc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap righ redzone: fb Freed Heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==6766== ABORTING
5. 分析内存溢出信息
错误信息显示变量 localArr 在内存指针 0x4006c6 处发生内存溢出错误。
通过内存地址找到源码错误行。
[root@VM_93_229_centos test]# addr2line -e ./a1 0x4006c6 /home/dev/test/addresss.c:9 [root@VM_93_229_centos test]# cat -n addresss.c 1 #include <stdio.h> 2 3 #define kBufSize 10 4 5 char gArr[kBufSize]; 6 7 int main(int argc, char **argv) { 8 char localArr[kBufSize]; 9 localArr[12] = 0x31; 10 gArr[11] = 0x32; 11 return gArr[11]; 12 }
总结:修改localArr的内存溢出错误后,使用同样的方法监测gArr的内存溢出错误并修改。
1. 安装内存泄露检测库
2. 错误例子代码
#include <stdio.h> int main(){ int *ptr= new int(10); return 0; }
3. 编译代码(增加内存泄露检测器)
gcc leak.c -fsanitize=leak
4. 执行代码(检测内存泄露)
5. 分析
1. 安装线程安全检测库
yum install libtsan Package libtsan-4.8.5-36.el7_6.2.x86_64 already installed and latest version
2. 错误例子代码
#include <pthread.h> #include <stdio.h> int global; void *Thread1(void *x) { global++; return NULL; } void *Thread2(void *x) { global--; return NULL; } int main() { pthread_t t[2]; pthread_create(&t[0], NULL, Thread1, NULL); pthread_create(&t[1], NULL, Thread2, NULL); pthread_join(t[0], NULL); pthread_join(t[1], NULL); }
3. 编译代码(增加线程安全检测器)
gcc -o t tt.c -fsanitize=thread -fPIE -pie -g
4. 执行代码(检测内存泄露)
[root@centos test]# ./t ================== WARNING: ThreadSanitizer: data race (pid=9271) Read of size 4 at 0x7fc3c0c85068 by thread T1: #0 Thread1 /home/dev/test/tt.c:7 (exe+0x0000000009ed) #1 __tsan_write_range ??:0 (libtsan.so.0+0x00000001b1d9) Previous write of size 4 at 0x7fc3c0c85068 by thread T2: #0 Thread2 /home/dev/test/tt.c:12 (exe+0x000000000a68) #1 __tsan_write_range ??:0 (libtsan.so.0+0x00000001b1d9) Thread T1 (tid=9272, running) created by main thread at: #0 pthread_create ??:0 (libtsan.so.0+0x00000001f42b) #1 main /home/dev/test/tt.c:18 (exe+0x000000000ab5) Thread T2 (tid=9273, running) created by main thread at: #0 pthread_create ??:0 (libtsan.so.0+0x00000001f42b) #1 main /home/dev/test/tt.c:19 (exe+0x000000000ad6) SUMMARY: ThreadSanitizer: data race /home/dev/test/tt.c:7 Thread1 ================== ThreadSanitizer: reported 1 warnings
5. 错误分析
错误显示文件tt.c的第7行和第12行有线程对data race操作(即:线程不安全操作)。
#0 Thread1 /home/dev/test/tt.c:7 (exe+0x0000000009ed) #0 Thread2 /home/dev/test/tt.c:12 (exe+0x000000000a68)
1. 安装检测库
2. 错误例子代码
#include <iostream> int main(int argc, char** argv) { int* a = new int[10]; a[5] = 0; if (a[argc]) std::cout << a[3]; return 0; }
3. 编译代码(增加内存泄露检测器)
gcc mm.c -fsanitize=memory -fPIE -pie -fno-omit-frame-pointer -g
4. 执行代码(检测内存泄露)
5. 分析
----
未完待续