Open
Description
- Valgrind can detect the UAR memory error.
// g++ -g mem_UAR.cc
#include<iostream>
#include<new>
int *ptr;
__attribute__((noinline))
void FunctionThatEscapesLocalObject() {
int local[100];
ptr = &local[0];
}
int main(int argc, char **argv) {
FunctionThatEscapesLocalObject();
printf("argc = %d\n", argc);
return ptr[argc];
}valgrind --tool=memcheck --leak-check=full --show-leak-kinds=all --gen-suppressions=all --time-stamp=yes --error-markers=VALGRINDERROR-BEGIN,VALGRINDERROR-END --log-file=$HOME/pg-valgrind/log/%p.log --trace-children=yes ~/test/a.out 2>&1 | tee $HOME/pg-valgrind/postmaster.logThe log is as follows:
==00:00:00:01.098 1491957== VALGRINDERROR-BEGIN
==00:00:00:01.098 1491957== Invalid read of size 4
==00:00:00:01.098 1491957== at 0x1091F7: main (mem_UAR.cc:13)
==00:00:00:01.098 1491957== Address 0x1ffeffff34 is on thread 1's stack
==00:00:00:01.098 1491957== 428 bytes below stack pointer
==00:00:00:01.098 1491957==
==00:00:00:01.098 1491957== VALGRINDERROR-END
So, the Valgrind can detect the UAF error.
- Valgrind can detect the StackOOB memory error.
int main(int argc, char **argv) {
int stack_array[100] = {0};
return stack_array[argc + 100]; // BOOM
}Output file:
==00:00:00:01.257 1519192== VALGRINDERROR-BEGIN
==00:00:00:01.257 1519192== Syscall param exit_group(status) contains uninitialised byte(s)
==00:00:00:01.257 1519192== at 0x4B81C31: _Exit (_exit.c:30)
==00:00:00:01.257 1519192== by 0x4ADC551: __run_exit_handlers (exit.c:136)
==00:00:00:01.257 1519192== by 0x4ADC60F: exit (exit.c:143)
==00:00:00:01.257 1519192== by 0x4AC0D96: (below main) (libc_start_call_main.h:74)
==00:00:00:01.257 1519192== Uninitialised value was created by a stack allocation
==00:00:00:01.257 1519192== at 0x109189: main (mem_StackOOB.cc:4)
==00:00:00:01.257 1519192==
==00:00:00:01.257 1519192== VALGRINDERROR-END
Please fix it in the summary table.
zhangm365.