|
From: Dennis L. <pla...@in...> - 2005-07-26 00:59:34
|
At 02:35 26.07.2005, Bram Matthys (Syzop) wrote:
>Hi,
>
>Does valgrind also check the stack for buffer overflows and such issues,
>or only the heap?
>
>I tried the following program (well, typing from the top of my head):
>#include <stdio.h>
>#include <stdlib.h>
>#include <unistd.h>
>#include <string.h>
>
>int main(int argc, char *argv[])
>{
>char alpha[8], beta[512];
>
> beta[0] = 'a';
> printf("abc\n");
> strcpy(alpha, "this is just a test");
> printf("def\n");
> exit(EXIT_SUCCESS);
>}
>
>And valgrind does not detect any problems. Tried both valgrind 2.4.0
>(also with --single-step=yes) and latest 3.* from SVN (from 1 hour ago).
>
>If valgrind cannot do this, does anyone have any hints about what would
>be capable of this? Would be nice to have that + valgrind.
Valgrind cannot find such errors, since it is "limited" to checking for
valid memory access, and all the stack is accesible. It cannot know if the
pointer was intented for this part of memory. (You may run into a similar
false negative when a wild going pointer accidently falls into some other
heap block). There was once an idea of a pointer-misuse tool for valgrind,
but I dont know what its status is/was.
Recent gcc (4.0.x) has the mudflap library integrated, which does some
stack instrumentation and various other checks. The drawback of this is of
course you can only run code (resp. check it) with it that was compiled
with this.
greets
Dennis
Carpe quod tibi datum est
|