AddressSanitizer的官网网址:
https://github.com/google/sanitizers/wiki
https://github.com/google/sanitizers/wiki/SanitizerCommonFlags
参考wiki上的方法,在raspberrypi上测试几个常见的内存问题
通过下面的方法编译这几个测试程序:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
//double_free #include <stdio.h> #include <stdlib.h> int main() { printf("double_free\n"); char *p1; p1=malloc(1024); free(p1); free(p1); return 0; } //heap_buffer_overflow #include <stdio.h> #include <stdlib.h> int main() { printf("heap-buffer-overflow\n"); char *p1; p1 = (char*) malloc(10); int v=(int)p1[10+1]; return 0; } //stack_buffer_overflow #include <stdio.h> #include <stdlib.h> int main() { printf("stack-buffer-overflow\n"); int array[10]={0}; int v; v=array[10]; return 0; } //heap_use_after_free #include <stdio.h> #include <stdlib.h> int main() { printf("heap_use_after_free\n"); char *p1; p1=malloc(1024); free(p1); printf("%c\n",p1[0]); return 0; } //global_buffer_overflow #include <stdio.h> #include <stdlib.h> int global_array[100] = {-1}; int main() { printf("global_buffer_overflow\n"); int v = global_array[100+2]; printf("%d\n",v); return 0; } |
1 2 3 4 5 6 7 |
gcc -fsanitize=address -ggdb -o global_buffer_over global_buffer_over.c gcc -fsanitize=address -ggdb -o heap_use_after_free heap_use_after_free.c gcc -fsanitize=address -ggdb -o stack_buffer_overflow stack_buffer_overflow.c gcc -fsanitize=address -ggdb -o heap_buffer_overflow heap_buffer_overflow.c gcc -fsanitize=address -ggdb -o double_free double_free.c |
为了不影响环境,新建一个用户然后在.bashrc中添加LD_PRELOAD,指向libasan库文件,便可以运行上述程序,观察asan检测的结果,(更新了ASAN_OPTIONS的配置方式,通过include的方法,可以在配置文件中单行添加,更加方便)
1 2 3 4 5 6 7 8 9 10 11 |
export LD_PRELOAD=/usr/lib/arm-linux-gnueabihf/libasan.so.3 export ASAN_OPTIONS=include_if_exists=/home/asan/asan_options >cat asan_options log_path=/home/asan/asan_log/asan halt_on_error=0 detect_stack_use_after_return=1 log_exe_name=true debug=true |