Menu
▾
▴
Re: [Valgrind-users] How to write a tool to check unsafe strcpy-alike functions in another way
|
From: Дмитрий Д. <di...@gm...> - 2013-10-31 19:04:29
|
Hi! exp-sgcheck can't help? Dmitry 2013/10/31 Philippe Waroquiers <phi...@sk...>: > On Thu, 2013-10-31 at 15:26 +0330, hamid alaei wrote: >> Hi everyone, >> Assume there is a C code that do this: >> >> >> char buff1[20]; >> char buff2[30]="some small string"; >> ... >> >> strcpy(buff1, buff2); >> >> >> >> This code is can be regarded unsafe not only because it use strcpy(), >> which doesn't accept a size argument for the maximum capacity of >> buff1, but also because the maximum capacity if the target string >> buff1 is less than the maximum capacity of the src string buff2. >> >> I know that if strcpy() tries to write outside buff1, then memcheck or >> sgcheck can detect that, depending on whether these strings are in >> stack/global memory or in the heap. But I want a warning while calling >> strcpy() in this manner as well, regardless of whether overflow >> happens or not. >> >> >> I am wondering if there is such a tool to do so. I guess it should >> replace strcpy() and similar functions with a wrapper. Does anybody >> know suck a tool/extension or how to write such a wrapper that can >> have access to the max-size of buff1 and buff2? > > This might be an interesting addition to e.g. memcheck > (or other tools that are replacing str* and others functions). > > I think this will be relatively easy to do for "simple cases" > of stack and global arrays, and maybe arrays in a stack/global struct : > using --read-var-info=yes, valgrind provides access to (some) > information about theses, (and from a small experiment, it looks > like it knows the size of these). > > However, for more complex cases (e.g. arrays in a dynamically allocated > struct), this will be more complex: how to guess (or keep track) that a > pointer inside a block is a pointer to an array smaller than > the malloc-ed block is unclear to me. > > Philippe > > > > > ------------------------------------------------------------------------------ > Android is increasing in popularity, but the open development platform that > developers love is also attractive to malware creators. Download this white > paper to learn more about secure code signing practices that can help keep > Android apps secure. > http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk > _______________________________________________ > Valgrind-users mailing list > Val...@li... > https://lists.sourceforge.net/lists/listinfo/valgrind-users |
