使用msvc2019的AddressSanitizer
这是至今为止我使用过的几乎最强内存检测工具,能力大大强于application verifier, MSVC CRT, 速度远远快于boundschecker
原创论文 https://static.googleusercontent.com/media/research.google.com/zh-CN//pubs/archive/37752.pdf
msvc工具介绍 https://devblogs.microsoft.com/cppblog/asan-for-windows-x64-and-debug-build-support/ https://devblogs.microsoft.com/cppblog/addresssanitizer-asan-for-windows-with-msvc/
打开检测,注意打开它和Edit and continue功能冲突,需要关闭后者
测试代码
void ff(double (*t[])(int)) {
int x;
char a[2];
a[2] = 1;
}
运行报如下错
nums contains 4 elements.
=================================================================
==14376==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x00b4566ffcf2 at pc 0x7ff7a01238a5 bp 0x00b4566ffcb0 sp 0x00b4566ffcb8
WRITE of size 1 at 0x00b4566ffcf2 thread T0
==14376==WARNING: Failed to use and restart external symbolizer!
#0 0x7ff7a01238a4 in ff G:\temp\ConsoleApplication1\ConsoleApplication1\ConsoleApplication1.cpp:12
#1 0x7ff7a0123a86 in main G:\temp\ConsoleApplication1\ConsoleApplication1\ConsoleApplication1.cpp:25
#2 0x7ff7a01270c8 in invoke_main D:\agent\_work\9\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:78
#3 0x7ff7a0126fad in __scrt_common_main_seh D:\agent\_work\9\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
#4 0x7ff7a0126e6d in __scrt_common_main D:\agent\_work\9\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:330
#5 0x7ff7a0127158 in mainCRTStartup D:\agent\_work\9\s\src\vctools\crt\vcstartup\src\startup\exe_main.cpp:16
#6 0x7fff50ca2773 in BaseThreadInitThunk+0x13 (C:\WINDOWS\System32\KERNEL32.DLL+0x180012773)
#7 0x7fff52d60d50 in RtlUserThreadStart+0x20 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x180070d50)
Address 0x00b4566ffcf2 is located in stack of thread T0 at offset 34 in frame
#0 0x7ff7a01212c6 in ILT+705(_get_startup_file_mode)+0x0 (G:\temp\ConsoleApplication1\x64\Debug\ConsoleApplication1.exe+0x1400012c6)
This frame has 1 object(s):
[32, 34) ‘a‘ <== Memory access at offset 34 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp, SEH and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow G:\temp\ConsoleApplication1\ConsoleApplication1\ConsoleApplication1.cpp:12 in ff
Shadow bytes around the buggy address:
0x0245b3bdff40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0245b3bdff50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0245b3bdff60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0245b3bdff70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0245b3bdff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0245b3bdff90: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1[02]f3
0x0245b3bdffa0: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0245b3bdffb0: f1 f1 f1 f1 00 00 f2 f2 f2 f2 00 00 f3 f3 f3 f3
0x0245b3bdffc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0245b3bdffd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0245b3bdffe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==14376==ABORTING
G:\temp\ConsoleApplication1\x64\Debug\ConsoleApplication1.exe (process 14376) exited with code 1.
Press any key to close this window . . .
使用发现这个功能在64bit的时候软件退出的时候总会误报错误,32bit没有问题
原文:https://www.cnblogs.com/cutepig/p/13509112.html