防止 C/C++ 中的缓冲区溢出
很多时候我都会遇到缓冲区溢出的问题。
int y[10][10][10];
...
y[0][15][3] = 8;
我怎样才能防止这个问题? 有什么好的工具可以帮助我吗?
Many times I have problems with Buffer Overflow.
int y[10][10][10];
...
y[0][15][3] = 8;
How can I prevent this problem?
Is there any good tool that can help me?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
不要使用原始 C 样式数组。 相反,请使用 C++ 容器类,例如 std::vector,它能够检查无效访问并在发生异常时引发异常。
另外,您所描述的并不是真正的缓冲区溢出。
Don't use raw C-style arrays. Instead, use C++ container classes such as std::vector, which have the ability to check for invalid accesses and raise exceptions when they occur.
Also, what you are describing is not really a buffer overflow.
尼尔的答案在一般情况下更好,但如果您有理由使用普通的旧数组,您可以使用函数来获取和设置值,并检查您是否在数组范围内:
...全部包含在理想情况下是一个班级。
Neil's answer is better in the general case, but if you have a reason for using plain old arrays, you can use functions to get and set the values and also check that you're within the array bounds:
...all wrapped up in a class, ideally.
代码级别的解决方案
在 C++ 中,一种解决方案是永远不要使用数组,而是使用 C++ 容器。 例如,如果您使用 at 代替 [] 进行索引,向量就会进行越界检测。
在 C 语言中,您应该始终设计函数,例如给出数组的指针和维度,没有其他办法它。
工具级别的解决方案
valgrind 是检查越界访问的一个很好的工具。 它通过运行不改变的二进制文件来工作,并且如果使用调试信息进行编译,可以给出发生错误的精确行。 Valgrind 可在许多 UNIX 上工作,包括 mac os x。
请注意,valgrind 不能总是检测到那些错误的访问(在您的示例中,假设它是真正的越界访问,valgrind 不会注意到它,因为变量位于堆栈上,而不是堆上)。
Solution at the code level
In C++, one solution is to never use arrays, but C++ containers instead. Vectors, for example, have out of bounds detection if you use at intead of [] for indexing
In C, you should always design your functions such as you give the pointers and the dimension(s) of your arrays, there is no way around it.
Solution at the tool level
A great tool for checking out of bounds access is valgrind. It works by running your binary unaltered, and can give the precise line where errors occurs if you compile with debug information. Valgrind work on many unix, including mac os x.
Note that valgrind cannot always detect those bad accesses (in your example, assuming it was a real out of bounds access, it would have gonve unnoticed by valgrind because the variable is on the stack, not on the heap).
除了其他评论之外,您还可以查看此线程中的建议,其中涉及静态代码分析工具:
C/C++ Lint 的免费替代品?
In addition to the other comments, you might also have a look at the suggestions in this thread, which deals with static code analysis tools:
C/C++ Free alternative to Lint?
您可以从堆动态分配数据成员,而不是通过静态分配的数组。 前一种方法与后一种方法 fgets() 各有利弊。 虽然前者可以避免缓冲区溢出,但它很难编程,并且需要严格的精度才能避免内存泄漏。
You can dynamically allocate data members from the heap rather than through statically allocated arrays. The former approach has pros and cons with fgets(), the latter approach. While former avoids buffer overflow, it is difficult to program and requires an exacting amount of precision to avoid memory leaks.