Gilad Ben-Yossef wrote:
guy keren wrote:
when you can use valgrind - most other things are pretty useless.
did you encounter a memory-handling bug that valgrind failed to catch,
while another tool (such as libsafe) did catch?
note: i never used libsafe, so i might be missing something - i simply
compared valgrind to many other available tools in the past, and
nothing (except for commercial software such as purify) came close.
AFAIK Valgrind does not detect neither stack nor static buffer overflows
at all.
Gilad
[EMAIL PROTECTED]:~$ cat c2.c
#include <stdio.h>
void f(char* p_i )
{
char i[1024];
f(i);
}
int main()
{
f((char*)NULL);
return 0;
}
[EMAIL PROTECTED]:~$ gcc -Wall c2.c
[EMAIL PROTECTED]:~$ ./a.out
Segmentation fault (core dumped)
[EMAIL PROTECTED]:~$ valgrind
valgrind valgrind.bin valgrind-listener
[EMAIL PROTECTED]:~$ valgrind ./a.out
==5741== Memcheck, a memory error detector.
==5741== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et al.
==5741== Using LibVEX rev 1658, a library for dynamic binary translation.
==5741== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP.
==5741== Using valgrind-3.2.1-Debian, a dynamic binary instrumentation
framework.
==5741== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al.
==5741== For more details, rerun with: -v
==5741==
==5741== Stack overflow in thread 1: can't grow stack to 0xBE68BF44
==5741==
==5741== Process terminating with default action of signal 11 (SIGSEGV)
==5741== Access not within mapped region at address 0xBE68BF44
==5741== at 0x80483B0: f (in /home/choo/a.out)
==5741== Stack overflow in thread 1: can't grow stack to 0xBE68BF3C
==5741==
==5741== Process terminating with default action of signal 11 (SIGSEGV)
==5741== Access not within mapped region at address 0xBE68BF3C
==5741== at 0x401C200: _vgnU_freeres (vg_preloaded.c:56)
==5741==
==5741== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 11 from 1)
==5741== malloc/free: in use at exit: 0 bytes in 0 blocks.
==5741== malloc/free: 0 allocs, 0 frees, 0 bytes allocated.
==5741== For counts of detected errors, rerun with: -v
==5741== All heap blocks were freed -- no leaks are possible.
Segmentation fault (core dumped)
how do you interpret these 'Stack overflow in thread 1: can't grow stack
to 0xBE68BF44' messages?
regarding static buffers - a test program shows that indeed valgrind
does not report such overflows. even worse - it seems to hide errors of
writing into read-only global variables (apparently it allocates global
const buffers in read/write memory, while when loading the program
without valgrind, ld.so (or whoever) loads them into read-only memory,
and writes into them causes a crash.
--guy.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
