|
From: R O <mu...@ya...> - 2004-12-23 08:54:54
|
Hello,
I am trying to find a subtle bug that overwrites memory but which is
not detectable with valgrind. I am using ROOT based code
(http/root.cern.ch/) and when I ran under valgrind with
--tool=mememcheck, valgrind can not detect the error that causes memory
corruption. Part of the problem could be that root has its own
interpreter.
My question is:
is it possible to detect with valgrind memory overwrites where a
program writes to a memory space pass allocated space of a particular
array but while still writing to the memory that was allocated
somewhere else in the program?
For example, valgrind can not detect the memory overwrite in the
example below, which is likely to be what is happening in my case.
Thank you very much,
Rust
//------- overflow.cc -----------------------------------
// g++ -o overflow overflow.cc
//
#include <iostream>
using namespace std;
int main (int argc, char *argv[])
{
int array1[10] = {0}; // initialize to 0
int array2[10] = {0}; // initialize to 0
int array3[10] = {0}; // initialize to 0
// Bad!: Fill the 10 element array with 20 elements
for (int ind=0; ind<20; ++ind) {
array2[ind] = ind;
}
// Print out the arrays
for (int ind=0; ind<10; ++ind) {
cout << "array1["<<ind<<"] = " << array1[ind] << endl;
}
for (int ind=0; ind<10; ++ind) {
cout << "array2["<<ind<<"] = " << array2[ind] << endl;
}
for (int ind=0; ind<10; ++ind) {
cout << "array3["<<ind<<"] = " << array3[ind] << endl;
}
return 0;
} // end of main()
//-------------------------------------------------------
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
|
|
From: Tom H. <th...@cy...> - 2004-12-23 09:10:07
|
In message <200...@we...>
R. O. <mu...@ya...> wrote:
> is it possible to detect with valgrind memory overwrites where a
> program writes to a memory space pass allocated space of a particular
> array but while still writing to the memory that was allocated
> somewhere else in the program?
I'm not entirely sure I understand what you're saying...
I think you're asking whether valgrind can detect an overrun when
there is another valid object adjacent to the one which is overrun?
If so then the answer is no. Of course it never happens for heap
allocations because there is heap management overhead plus valgrind
will add redzones around the blocks.
> //------- overflow.cc -----------------------------------
> // g++ -o overflow overflow.cc
> //
> #include <iostream>
> using namespace std;
> int main (int argc, char *argv[])
> {
> int array1[10] = {0}; // initialize to 0
> int array2[10] = {0}; // initialize to 0
> int array3[10] = {0}; // initialize to 0
>
> // Bad!: Fill the 10 element array with 20 elements
> for (int ind=0; ind<20; ++ind) {
> array2[ind] = ind;
> }
In general valgrind can't detect problems with objects that are
on the stack because it runs entirely on compiled programs and
inserting padding between objects on the stack at run time would
be very hard indeed.
Tom
--
Tom Hughes (th...@cy...)
Software Engineer, Cyberscience Corporation
http://www.cyberscience.com/
|
|
From: Nicholas N. <nj...@ca...> - 2004-12-23 11:55:57
|
On Thu, 23 Dec 2004, Tom Hughes wrote: > In general valgrind can't detect problems with objects that are > on the stack because it runs entirely on compiled programs and > inserting padding between objects on the stack at run time would > be very hard indeed. Yep, and it's the same for static arrays. See FAQ 5.2. N |
|
From: R O <mu...@ya...> - 2004-12-23 21:01:35
|
> I think you're asking whether valgrind can detect an overrun when > there is another valid object adjacent to the one which is overrun? > > If so then the answer is no. Of course it never happens for heap > allocations because there is heap management overhead plus valgrind > will add redzones around the blocks. Yep, this was my question. I only have been using C++ for just over a year so I am not terribly good at it. Thanks for gcc patch and Insure++ advice - I will investigate these further but it seems that Insure++ is a commercial product and might cost more than we are willing to spend. Thanks a lot everybody, Rust __________________________________ Do you Yahoo!? Send a seasonal email greeting and help others. Do good. http://celebrity.mail.yahoo.com |
|
From: Igmar P. <mai...@jd...> - 2004-12-23 15:53:54
|
> //------- overflow.cc -----------------------------------
> // g++ -o overflow overflow.cc
> //
> #include <iostream>
> using namespace std;
> int main (int argc, char *argv[])
> {
> int array1[10] = {0}; // initialize to 0
> int array2[10] = {0}; // initialize to 0
> int array3[10] = {0}; // initialize to 0
>
> // Bad!: Fill the 10 element array with 20 elements
> for (int ind=0; ind<20; ++ind) {
> array2[ind] = ind;
> }
As already said : Valgrind can't detect these. There is a GCC patch
(boundchecking) that adds redzones to stack allocated variables so that it
will detect overflows. It's unlikely that valgrind will support this some
day due to the way stack allocations works. More details are in the FAQ.
Igmar
|