什么 C/C++ 工具可以检查缓冲区溢出吗?

发布于 2024-07-06 19:42:32 字数 136 浏览 13 评论 0原文

我被要求维护一个充满内存泄漏的大型 C++ 代码库。 在四处探索时,我发现我们有很多缓冲区溢出导致泄漏(我不想知道它是如何变得如此糟糕的)。

我决定首先消除缓冲区溢出。 为了使查找错误变得更容易,可以使用哪些工具来检查缓冲区溢出?

I've been asked to maintain a large C++ codebase full of memory leaks. While poking around, I found out that we have a lot of buffer overflows that lead to the leaks (how it got this bad, I don't ever want to know).

I've decided to removing the buffer overflows first. To make my bug-hunting easier, what tools can be used to check for buffer overruns?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(14

瀟灑尐姊 2024-07-13 19:42:32

在 Linux 上我会使用 Valgrind。

On Linux I'd use Valgrind.

轻许诺言 2024-07-13 19:42:32

考虑使用更现代的数据结构来避免缓冲区溢出。 读入 std::string 不会溢出,并且 std::vector 比数组安全得多。 我不知道您的应用程序是什么,并且可能使用原始缓冲区是因为您需要速度,但使用它们更常见,因为这是原始程序员所熟悉的。

使用上述工具搜索内存泄漏是一个好主意,但它们可能无法找到所有潜在的泄漏,而使用标准字符串和容器类可以消除您没有意识到的问题。

Consider using more modern data structures as a way of avoiding buffer overflows. Reading into a std::string won't overflow, and std::vectors are much safer than arrays. I don't know what your application is, and it's possible that raw buffers are used because you need the speed, but it's more common that they are used because that's what the original programmers were comfortable with.

Searching for memory leaks with the tools mentioned is a good idea, but they may not find all potential leaks, while using standard strings and container classes can eliminate problems you didn't realize you had.

峩卟喜欢 2024-07-13 19:42:32

IBM 的 Purify 可以做到这一点,您在它下运行您的应用程序,它会给您一份所有错误(包括其他错误)的报告。

要消除内存泄漏,请使用 UMDH - 运行您的应用程序,拍摄内存快照,再次运行它,拍摄快照,然后使用 diff 工具查看自第一次运行以来所做的分配(请注意,您必须运行您的应用程序一次,并且尽可能拍摄快照)。

IBM's Purify will do this, you run your app under it and it will give you a report of all errors (including other ones).

To kill memory leaks, use UMDH - run your app, take a snapshot of the memory, run it again, snapshot and then use a diff tool to see the allocations made since the first run through (note you must run your app once, and take snapshots as best you can).

御弟哥哥 2024-07-13 19:42:32

检查一下电子围栏,它是专为缓冲区溢出而设计的! 它不会减慢代码本身的速度(但会减慢分配/释放的速度)。 它可以在linux和windows上运行。

它的工作原理是在每个分配的空间之前和之后添加一个没有读或写访问权限的段。 尝试访问此内存最终会导致 UNIX 上的分段错误和 Windows 上的内存违规(或类似情况)。

Check on electric-fence, it is design just for buffer overflow ! It does not slow down the code itself (but slow down allocation/deallocation). It works and linux and windows.

It works by adding a segment with no read or write access before and after each allocated space. Trying to access this memory end up as a segmentation fault on UNIX and a memory violation (or something similar) on Windows.

风柔一江水 2024-07-13 19:42:32

MS:

MS:

时常饿 2024-07-13 19:42:32

/GS 的问题是它实际上不会扫描错误。 它只会在事后提醒您。 您似乎正在寻找一种工具来扫描现有代码以查找潜在的缓冲区溢出/不足运行。

Microsoft PreFAST 工具是针对此问题和其他缺陷的一个好工具。

此处的信息

The problem with /GS is it won't actually scan for bugs. It will just alert you after the fact. It seems like you are looking for a tool which will scan your existing code for potential buffer over/under runs.

A good tool for this, and other defects, is the Microsoft PreFAST tool.

Information here

咽泪装欢 2024-07-13 19:42:32

我很惊讶没有人提到应用程序验证器(免费!)视窗。 Visual Leak Detector(在另一个答案中提到)对于跟踪许多类型的内存泄漏来说绝对是令人惊奇的,但是 Application Verifier 是跟踪内存错误的最佳工具,例如缓冲区溢出、双重释放和释放后的缓冲区使用(还有很多很多)。

编辑:而且它非常非常容易使用。

I'm surprised no one's mentioned Application Verifier (free!) on Windows. Visual Leak Detector (mentioned in another answer) is absolutely amazing for tracking many types of memory leak, but Application Verifier is top dog for tracking memory errors like buffer overruns, double frees, and buffer use after free (plus many, many more).

Edit: And it's very, very easy to use.

独孤求败 2024-07-13 19:42:32

我投票给 Rational Purify。 功能极其强大且价格相匹配。 可以在短时间内解决很多问题,并且真正能收回成本。 此外,在大多数 *nix 上都可用。 不过,不确定 Windows 是否如此。

My vote goes to Rational Purify. Extremely powerful with a price to match. Makes short work of lots of problems and can really pay for itself. Also, is available on most *nix. Not sure about Windows, though.

妳是的陽光 2024-07-13 19:42:32

Compuware 的 Devpartner 的 BoundsChecker 组件在动态执行方面做得非常好。 对于静态测试,我建议 pc-lint 和 flex-lint 耦合到 Riverblade 的视觉 lint 用于可用性和报告。 如果您获得了新的代码库,我建议您从具有相当宽松规则的静态分析开始,这样您就可以捕获令人讨厌的东西。 随着代码库的改进,您可以收紧规则集。

如果您需要在 Windows Mobile / Windows CE 上执行此操作,请查看 Entrek 的代码告密者

另一种可以考虑的工具进入该字段的代码是 AQtrace,它基本上分析用户的崩溃机器并向您发送详细信息。 (以防万一所有边界检查、净化、linting、valgrinding 等......遗漏了一些东西)

The BoundsChecker component of Compuware's Devpartner does this very well in terms of dynamic execution. For static testing, I'd recommend pc-lint and flex-lint coupled up to Riverblade's visual lint for usability and reporting. If you have been handed a new code base, I'd recommend starting out with static analysis with reasonably loose rules so you catch just the nasty stuff. As the codebase improves you can tightent the rule set.

If you need to do this on Windows Mobile / Windows CE, check out Entrek's code snitch

Another tool to consider if the code makes it into the field is AQtrace, which basically analyses crashes on user machines and sends you the details. (Just in case all that boundchecking, purifcation, linting, valgrinding etc.. misses something)

咽泪装欢 2024-07-13 19:42:32

我的公司 Semantic Designs 正在寻找运行时的 Beta 测试人员 内存安全检查器(包括缓冲区溢出),可检测所有类型的内存访问违规,甚至是 valgrind 和 Purify 无法检测到的内存访问违规。 目前这仅适用于 Windows C 程序,不适用于 C++ 或其他操作系统。

编辑 2011 年 6 月 1 日:CheckPointer 工具已投入生产。 仍然仅限 C/Windows。
处理多种 C 语言:MS Visual C、GCC 3/4。

2012 年 5 月 5 日编辑:CheckPointer 现在可以处理 C99,包括检查标准 C 和 C99 库上的调用。

My company, Semantic Designs is looking for beta testers for a runtime memory safety checker (including buffer overruns) that detects all types of memory access violations, even those that valgrind and Purify cannot. This is presently for Windows C programs only, not C++ or other OSes.

EDIT June 1, 2011: The CheckPointer tool has gone production. Still C/Windows only.
Handle multiple C dialects: MS Visual C, GCC 3/4.

EDIT May 5, 2012: CheckPointer now handles C99, including checking calls on the standard C and C99 libraries.

垂暮老矣 2024-07-13 19:42:32

Visual Studio 有一个 /GS 编译器标志,可以添加缓冲区溢出保护。 还有其他人吗?

Visual Studio has a /GS compiler flag that adds buffer overflow protection. Are there any others?

迷迭香的记忆 2024-07-13 19:42:32

您可以尝试视觉检漏仪 - 我自己用过它,这是我首先推荐的用于内存泄漏检测。

You can try Visual Leak Detector - I used it myself, and it is the first thing I'd recommend for mem-leak detection.

世俗缘 2024-07-13 19:42:32

我推荐 CodeProject 上由 Jochen Kalmbach 提供的免费“leakfinder”工具。 有关此主题(以及其他答案)的更多详细信息,请参阅我的帖子 内存泄漏问题

I'd recommend the free "leakfinder" tool on the CodeProject by Jochen Kalmbach. See my post for more details on this thread (and the other answers) on this memory leak question

我也只是我 2024-07-13 19:42:32

在 Windows 上进行内存泄漏/缓冲区溢出和其他运行时错误检测,您可以使用:

如果您有需要清理的大型项目,我认为它们物有所值。

On Windows for memory leaks/buffer overruns and other runtime error detection you can use:

I think they worth their price if you have large projects that need cleanup.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文