可变长度数组 (VLA) 的边界检查?

发布于 2024-11-01 21:24:38 字数 196 浏览 5 评论 0原文

有没有办法检查 VLA 中的缓冲区溢出?我使用了 -fstack-protector-all -Wstack-protector ,但收到以下警告:

警告:不保护局部变量:可变长度缓冲区

是否有库可以实现此目的? (-lefence 用于堆内存)

我目前正在使用 Valgrind 和 gdb。

Is there a way to check for buffer overflows in VLA's ? I used -fstack-protector-all -Wstack-protector but get these warnings:

warning: not protecting local variables: variable length buffer

Is there a library for achieving this ? (-lefence is for heap memory)

I'm currently using Valgrind and gdb.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

铁轨上的流浪者 2024-11-08 21:24:39

您可以使用 -fmudflap 代替 -fstack-protector-all

更新:这里有一些文档和选项 http://gcc.gnu.org/wiki/Mudflap_Pointer_Debugging

You can use -fmudflap instead of -fstack-protector-all

Update: Some documentation and options are here http://gcc.gnu.org/wiki/Mudflap_Pointer_Debugging

冬天旳寂寞 2024-11-08 21:24:39

也许使用 alloca() 会有所帮助。这很烦人,因为c99应该让你不必使用它,但GCC手册页似乎说如果你使用alloca(),堆栈保护代码将被打开。

当然,真正的解决方案是编写完美、无错误的代码,并且永远不会尝试破坏堆栈。

Perhaps using alloca() will help. That's annoying, because c99 should save you from having to use it, but the GCC man page seems to say that the stack protection code will be turned on if you use alloca().

Of course the real solution is to write perfect, bug free code that never tries to corrupt the stack.

听你说爱我 2024-11-08 21:24:39

我不明白图书馆如何为你做这件事;使用可变长度数组,您不会调用任何函数来进行索引,因此没有地方“挂钩”库。使用malloc(),分配在函数中是显式的,您可以跟踪它。

当然,您可以浏览代码并使用预处理器技巧向每个索引点添加一些宏,并将宏扩展为检查边界的代码。但这是非常侵入性的。

我正在考虑将: 更改

void work(int n)
{
  int data[n];   /* Our variable-length array. */

  data[0] = 0;
}

为:

#include "vla-tracking.h"

void work(int n)
{
  VLA_NEW(int, data, n);  /* Our variable-length array. */

  VLA_SET(data, 0, 0);
}

然后提出合适的宏定义(和辅助代码)来跟踪访问。正如我所说,它不会很漂亮。当然,这个想法是宏能够“编译”为简单的定义,由某些构建时设置(调试/发布模式或其他)控制。

I don't see how a library could do this for you; with a variable-length array, you're not calling any functions to do the indexing, so there's no place to "hook in" a library. With malloc(), the allocation is explicit in a function and you can track it.

Of course, you could go through the code and use preprocessor trickery to add some macro to each indexing point, and have the macro expand to code that checks the boundaries. But that is very intrusive.

I'm thinking something like changing:

void work(int n)
{
  int data[n];   /* Our variable-length array. */

  data[0] = 0;
}

into something like:

#include "vla-tracking.h"

void work(int n)
{
  VLA_NEW(int, data, n);  /* Our variable-length array. */

  VLA_SET(data, 0, 0);
}

Then come up with suitable macro definitions (and auxiliary code) to track the accesses. As I said, it won't be pretty. Of course, the idea is that the macros would be able to "compile out" to just the plain definitions, controlled by some build-time setting (debug/release mode, or whatever).

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文