| Author |
free software which can detect array out of bounds in linux
|
|
| bpartha@gmail.com 2007-02-23, 1:22 am |
| Hi !!
Can someone suggest a free software which can detect array out of
bounds in C programs in linux ( Like purify does ).
I have used E.fence and valgrind, but they are not successful with
arrays.
Regards
Partha
| |
| Aaron Isotton 2007-02-23, 1:18 pm |
| bpartha@gmail.com wrote:
> Hi !!
>
> Can someone suggest a free software which can detect array out of
> bounds in C programs in linux ( Like purify does ).
>
> I have used E.fence and valgrind, but they are not successful with
> arrays.
You could try dmalloc or maybe even gdb.
Greetings,
Aaron
| |
| Måns Rullgård 2007-02-23, 7:17 pm |
| Aaron Isotton <aaron@isotton.com> writes:
> bpartha@gmail.com wrote:
>
> You could try dmalloc
If valgrind can't spot the error, neither will dmalloc. Both tools
are malloc debuggers, and will not catch buffer overflows on the
stack.
> or maybe even gdb.
I don't think so.
--
Måns Rullgård
mans@mansr.com
| |
| Paul Pluzhnikov 2007-02-23, 7:17 pm |
| Måns Rullgård <mans@mansr.com> writes:
> Aaron Isotton <aaron@isotton.com> writes:
>
Purify does *not* catch most "array out of bounds" errors either.
Recent releases do catch small overflows of global arrays, but
stack arrays are left unchecked (AFAICT).
[vbcol=seagreen]
>
> If valgrind can't spot the error, neither will dmalloc. Both tools
> are malloc debuggers, and will not catch buffer overflows on the
> stack.
Correct. VG is pretty much equivalent to Purify for all errors
(except overflows of global arrays noted above), and is more capable
then any other "malloc replacement" solution.
OP could try 'gcc4 -fmudflap', though I haven't had any luck with
it on C++ sources.
Cheers,
--
In order to understand recursion you must first understand recursion.
Remove /-nsp/ for email.
| |
| William Ahern 2007-02-23, 7:17 pm |
| On Thu, 22 Feb 2007 22:56:30 -0800, bpartha@gmail.com wrote:
> Hi !!
>
> Can someone suggest a free software which can detect array out of
> bounds in C programs in linux ( Like purify does ).
>
> I have used E.fence and valgrind, but they are not successful with
> arrays.
>
Valgrind is about as good as you'll get unless you have the option of
recompiling the code so instrumentation can be added.
Recompiling w/ TCC in bounds checking mode will catch many such
errors, though.
http://fabrice.bellard.free.fr/tcc/
There are GCC patches floating around which add similar capabilities,
but I've never seen one which applies to any recent version of GCC.
The TenDRA Project--another compiler suite--may have the capability
of adding instrumentation, too.
LLVM-GCC may also do this already, but I'm not very familiar with that
project.
| |
| Ivan Novick 2007-02-24, 1:23 am |
| On Feb 23, 2:25 pm, M=E5ns Rullg=E5rd <m...@mansr.com> wrote:
>
> If valgrind can't spot the error, neither will dmalloc. Both tools
> are malloc debuggers, and will not catch buffer overflows on the
> stack.
>
>From Valgrind site: "Unfortunately, Memcheck doesn't do bounds
checking on static or stack arrays. We'd like to, but it's just not
possible to do in a reasonable way that fits with how Memcheck works.
Sorry."
http://valgrind.org/docs/manual/faq.html#faq.overruns
Thats a pretty big whole for Valgrind which otherwise IMHO is a great
product.
Ivan Novick
http://www.0x4849.net
| |
| Ian Collins 2007-02-24, 1:23 am |
| bpartha@gmail.com wrote:
> Hi !!
>
> Can someone suggest a free software which can detect array out of
> bounds in C programs in linux ( Like purify does ).
>
You can't detect array out of bounds unless you instrument the code as
others have suggested.
--
Ian Collins.
| |
| Aaron Isotton 2007-02-24, 7:21 am |
| Måns Rullgård wrote:
> Aaron Isotton <aaron@isotton.com> writes:
[...]
[...][vbcol=seagreen]
>
> I don't think so.
Why not? If the OP knows which index/pointer is going to overflow he can
use watchpoints or conditions.
Greetings,
Aaron
| |
| Måns Rullgård 2007-02-24, 7:21 am |
| Aaron Isotton <aaron@isotton.com> writes:
> Måns Rullgård wrote:
> [...]
> [...]
>
> Why not? If the OP knows which index/pointer is going to overflow he can
> use watchpoints or conditions.
If you know which array is going to overflow fixing the bug is rarely
very difficult. It's finding out what is overflowing that is the hard
part.
--
Måns Rullgård
mans@mansr.com
| |
| raxitsheth2000@yahoo.co.in 2007-02-27, 7:21 am |
| On Feb 23, 11:56 am, "bpar...@gmail.com" <bpar...@gmail.com> wrote:
> Hi !!
>
> Can someone suggest a free software which can detect array out of
> bounds in C programs in linux ( Like purify does ).
you may want to refer this link,
http://www.freebsd.org/doc/en_US.IS...e-bufferov.html
googling *stackguard* may help
>
> I have used E.fence and valgrind, but they are not successful with
> arrays.
>
> Regards
> Partha
--Raxit
|
|
|
|