Menu
▾
▴
Re: [Valgrind-users] How to write a tool to check unsafe strcpy-alike functions in another way
|
From: Philippe W. <phi...@sk...> - 2013-10-31 16:25:09
|
On Thu, 2013-10-31 at 15:26 +0330, hamid alaei wrote: > Hi everyone, > Assume there is a C code that do this: > > > char buff1[20]; > char buff2[30]="some small string"; > ... > > strcpy(buff1, buff2); > > > > This code is can be regarded unsafe not only because it use strcpy(), > which doesn't accept a size argument for the maximum capacity of > buff1, but also because the maximum capacity if the target string > buff1 is less than the maximum capacity of the src string buff2. > > I know that if strcpy() tries to write outside buff1, then memcheck or > sgcheck can detect that, depending on whether these strings are in > stack/global memory or in the heap. But I want a warning while calling > strcpy() in this manner as well, regardless of whether overflow > happens or not. > > > I am wondering if there is such a tool to do so. I guess it should > replace strcpy() and similar functions with a wrapper. Does anybody > know suck a tool/extension or how to write such a wrapper that can > have access to the max-size of buff1 and buff2? This might be an interesting addition to e.g. memcheck (or other tools that are replacing str* and others functions). I think this will be relatively easy to do for "simple cases" of stack and global arrays, and maybe arrays in a stack/global struct : using --read-var-info=yes, valgrind provides access to (some) information about theses, (and from a small experiment, it looks like it knows the size of these). However, for more complex cases (e.g. arrays in a dynamically allocated struct), this will be more complex: how to guess (or keep track) that a pointer inside a block is a pointer to an array smaller than the malloc-ed block is unclear to me. Philippe |
