下面的 C 程序分配了1024字节的内存,然后从分配的内存以外的区域读取数据,在分配内存尾部之后写数据,最后将该内存区域变得不可访问。
#include <stdio.h>
#include <stdlib.h>
int main()
{
char *ptr = (char *)malloc( 1024 );
char ch;
//Uninitialized read
ch = ptr[1024];
//Write beyond the block
ptr[1024] = 0;
//Orphan the block
ptr = 0;
return 0;
}
下面是运行valgrind工具检测的结果:3处内存管理方面的错误全部查出。
[[email protected] document]$ valgrind --leak-check=yes -v ./checker ==19044== Memcheck, a memory error detector ==19044== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==19044== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info ==19044== Command: ./checker ==19044== --19044-- Valgrind options: --19044-- --leak-check=yes --19044-- -v --19044-- Contents of /proc/version: --19044-- Linux version 2.6.32-504.3.3.el6.x86_64 ([email protected]) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-11) (GCC) ) #1 SMP Wed Dec 17 01:55:02 UTC 2014 --19044-- Arch and hwcaps: AMD64, LittleEndian, amd64-cx16-rdtscp-sse3-avx --19044-- Page sizes: currently 4096, max supported 4096 --19044-- Valgrind library directory: /usr/local/lib/valgrind --19044-- Reading syms from /home/zhang/document/checker --19044-- Reading syms from /usr/local/lib/valgrind/memcheck-amd64-linux --19044-- object doesn't have a dynamic symbol table --19044-- Reading syms from /lib64/ld-2.12.so --19044-- Scheduler: using generic scheduler lock implementation. --19044-- Reading suppressions file: /usr/local/lib/valgrind/default.supp ==19044== embedded gdbserver: reading from /tmp/vgdb-pipe-from-vgdb-to-19044-by-zhang-on-localhost.localdomain ==19044== embedded gdbserver: writing to /tmp/vgdb-pipe-to-vgdb-from-19044-by-zhang-on-localhost.localdomain ==19044== embedded gdbserver: shared mem /tmp/vgdb-pipe-shared-mem-vgdb-19044-by-zhang-on-localhost.localdomain ==19044== ==19044== TO CONTROL THIS PROCESS USING vgdb (which you probably ==19044== don't want to do, unless you know exactly what you're doing, ==19044== or are doing some strange experiment): ==19044== /usr/local/lib/valgrind/../../bin/vgdb --pid=19044 ...command... ==19044== ==19044== TO DEBUG THIS PROCESS USING GDB: start GDB like this ==19044== /path/to/gdb ./checker ==19044== and then give GDB the following command ==19044== target remote | /usr/local/lib/valgrind/../../bin/vgdb --pid=19044 ==19044== --pid is optional if only one valgrind process is running ==19044== --19044-- REDIR: 0x3283e17610 (ld-linux-x86-64.so.2:strlen) redirected to 0x38051201 (vgPlain_amd64_linux_REDIR_FOR_strlen) --19044-- Reading syms from /usr/local/lib/valgrind/vgpreload_core-amd64-linux.so --19044-- Reading syms from /usr/local/lib/valgrind/vgpreload_memcheck-amd64-linux.so ==19044== WARNING: new redirection conflicts with existing -- ignoring it --19044-- old: 0x3283e17610 (strlen ) R-> (0000.0) 0x38051201 vgPlain_amd64_linux_REDIR_FOR_strlen --19044-- new: 0x3283e17610 (strlen ) R-> (2007.0) 0x04a08960 strlen --19044-- REDIR: 0x3283e17480 (ld-linux-x86-64.so.2:index) redirected to 0x4a08540 (index) --19044-- REDIR: 0x3283e17500 (ld-linux-x86-64.so.2:strcmp) redirected to 0x4a09320 (strcmp) --19044-- REDIR: 0x3283e183f0 (ld-linux-x86-64.so.2:mempcpy) redirected to 0x4a0bd80 (mempcpy) --19044-- Reading syms from /lib64/libc-2.12.so --19044-- REDIR: 0x3284284cd0 (libc.so.6:strcasecmp) redirected to 0x480155c (_vgnU_ifunc_wrapper) --19044-- REDIR: 0x3284286f90 (libc.so.6:strncasecmp) redirected to 0x480155c (_vgnU_ifunc_wrapper) --19044-- REDIR: 0x3284282c40 (libc.so.6:__GI_strrchr) redirected to 0x4a082d0 (__GI_strrchr) --19044-- REDIR: 0x328427a640 (libc.so.6:malloc) redirected to 0x4a07183 (malloc) ==19044== Invalid read of size 1 ==19044== at 0x4004E4: main (in /home/zhang/document/checker) ==19044== Address 0x4c2b440 is 0 bytes after a block of size 1,024 alloc'd ==19044== at 0x4A0720A: malloc (vg_replace_malloc.c:296) ==19044== by 0x4004D5: main (in /home/zhang/document/checker) ==19044== ==19044== Invalid write of size 1 ==19044== at 0x4004F4: main (in /home/zhang/document/checker) ==19044== Address 0x4c2b440 is 0 bytes after a block of size 1,024 alloc'd ==19044== at 0x4A0720A: malloc (vg_replace_malloc.c:296) ==19044== by 0x4004D5: main (in /home/zhang/document/checker) ==19044== --19044-- REDIR: 0x328427b520 (libc.so.6:free) redirected to 0x4a06b5d (free) ==19044== ==19044== HEAP SUMMARY: ==19044== in use at exit: 1,024 bytes in 1 blocks ==19044== total heap usage: 1 allocs, 0 frees, 1,024 bytes allocated ==19044== ==19044== Searching for pointers to 1 not-freed blocks ==19044== Checked 64,184 bytes ==19044== ==19044== 1,024 bytes in 1 blocks are definitely lost in loss record 1 of 1 ==19044== at 0x4A0720A: malloc (vg_replace_malloc.c:296) ==19044== by 0x4004D5: main (in /home/zhang/document/checker) ==19044== ==19044== LEAK SUMMARY: ==19044== definitely lost: 1,024 bytes in 1 blocks ==19044== indirectly lost: 0 bytes in 0 blocks ==19044== possibly lost: 0 bytes in 0 blocks ==19044== still reachable: 0 bytes in 0 blocks ==19044== suppressed: 0 bytes in 0 blocks ==19044== ==19044== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 4 from 4) ==19044== ==19044== 1 errors in context 1 of 3: ==19044== Invalid write of size 1 ==19044== at 0x4004F4: main (in /home/zhang/document/checker) ==19044== Address 0x4c2b440 is 0 bytes after a block of size 1,024 alloc'd ==19044== at 0x4A0720A: malloc (vg_replace_malloc.c:296) ==19044== by 0x4004D5: main (in /home/zhang/document/checker) ==19044== ==19044== ==19044== 1 errors in context 2 of 3: ==19044== Invalid read of size 1 ==19044== at 0x4004E4: main (in /home/zhang/document/checker) ==19044== Address 0x4c2b440 is 0 bytes after a block of size 1,024 alloc'd ==19044== at 0x4A0720A: malloc (vg_replace_malloc.c:296) ==19044== by 0x4004D5: main (in /home/zhang/document/checker) ==19044== --19044-- --19044-- used_suppression: 4 U1004-ARM-_dl_relocate_object /usr/local/lib/valgrind/default.supp:1401 ==19044== ==19044== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 4 from 4)
其中,valgrind工具可以在http://valgrind.org上找到它。
时间: 2024-11-03 05:32:22