|
From: Bram M. (Syzop) <sy...@vu...> - 2005-07-26 00:35:44
|
Hi,
Does valgrind also check the stack for buffer overflows and such issues,
or only the heap?
I tried the following program (well, typing from the top of my head):
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
int main(int argc, char *argv[])
{
char alpha[8], beta[512];
beta[0] = 'a';
printf("abc\n");
strcpy(alpha, "this is just a test");
printf("def\n");
exit(EXIT_SUCCESS);
}
And valgrind does not detect any problems. Tried both valgrind 2.4.0
(also with --single-step=yes) and latest 3.* from SVN (from 1 hour ago).
If valgrind cannot do this, does anyone have any hints about what would
be capable of this? Would be nice to have that + valgrind.
IIRC there were some gcc patches, but AFAICT they only check for
overwriting of the return address and/or for any pointers (put a canary
between the buffers and the pointers/smallobjects on the stack), and
they do not check for one buffer overflowing into another buffer (which
can be nearly as dangerous, if you ask me).
Any help is appreciated.
Thanks,
Bram.
--
Bram Matthys
Software developer/IT consultant sy...@vu...
PGP key: www.vulnscan.org/pubkey.asc
PGP fp: 8DD4 437E 9BA8 09AA 0A8D 1811 E1C3 D65F E6ED 2AA2
|