|
发表于 2022-7-12 19:29:13
|
显示全部楼层
本帖最后由 人造人 于 2022-7-12 19:31 编辑
另外,只有这一个问题吗?
- $ cat main.c
- #include <stdio.h>
- #include <string.h>
- int main() {
- char str[10];
- strncat(str, "I love FishC.com!", sizeof(str));
- return 0;
- }
- $ gcc-debug -o main main.c
- main.c: In function ‘main’:
- main.c:6:5: warning: ‘strncat’ specified bound 10 equals destination size [-Wstringop-overflow=]
- 6 | strncat(str, "I love FishC.com!", sizeof(str));
- | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- $ ./main
- =================================================================
- ==2153892==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe4639e55a at pc 0x7f56ae060665 bp 0x7ffe4639e520 sp 0x7ffe4639dcc8
- WRITE of size 11 at 0x7ffe4639e55a thread T0
- #0 0x7f56ae060664 in __interceptor_strncat /usr/src/debug/gcc/libsanitizer/asan/asan_interceptors.cpp:399
- #1 0x55f82a517234 in main /tmp/main.c:6
- #2 0x7f56ad42928f (/usr/lib/libc.so.6+0x2928f)
- #3 0x7f56ad429349 in __libc_start_main (/usr/lib/libc.so.6+0x29349)
- #4 0x55f82a5170c4 in _start (/tmp/main+0x10c4)
- Address 0x7ffe4639e55a is located in stack of thread T0 at offset 42 in frame
- #0 0x55f82a5171a8 in main /tmp/main.c:4
- This frame has 1 object(s):
- [32, 42) 'str' (line 5) <== Memory access at offset 42 overflows this variable
- HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
- (longjmp and C++ exceptions *are* supported)
- SUMMARY: AddressSanitizer: stack-buffer-overflow /usr/src/debug/gcc/libsanitizer/asan/asan_interceptors.cpp:399 in __interceptor_strncat
- Shadow bytes around the buggy address:
- 0x100048c6bc50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x100048c6bc60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x100048c6bc70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x100048c6bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x100048c6bc90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- =>0x100048c6bca0: 00 00 00 00 00 00 f1 f1 f1 f1 00[02]f3 f3 00 00
- 0x100048c6bcb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x100048c6bcc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x100048c6bcd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x100048c6bce0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x100048c6bcf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- Shadow byte legend (one shadow byte represents 8 application bytes):
- Addressable: 00
- Partially addressable: 01 02 03 04 05 06 07
- Heap left redzone: fa
- Freed heap region: fd
- Stack left redzone: f1
- Stack mid redzone: f2
- Stack right redzone: f3
- Stack after return: f5
- Stack use after scope: f8
- Global redzone: f9
- Global init order: f6
- Poisoned by user: f7
- Container overflow: fc
- Array cookie: ac
- Intra object redzone: bb
- ASan internal: fe
- Left alloca redzone: ca
- Right alloca redzone: cb
- ==2153892==ABORTING
- $
- $
- $
- $ vim main.c
- $ cat main.c
- #include <stdio.h>
- #include <string.h>
- int main() {
- char str[10];
- strncat(str, "I love FishC.com!", sizeof(str) - 1);
- return 0;
- }
- $ gcc-debug -o main main.c
- $ ./main
- =================================================================
- ==2154032==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc00d62f7a at pc 0x7f0c1cc60665 bp 0x7ffc00d62f40 sp 0x7ffc00d626e8
- WRITE of size 10 at 0x7ffc00d62f7a thread T0
- #0 0x7f0c1cc60664 in __interceptor_strncat /usr/src/debug/gcc/libsanitizer/asan/asan_interceptors.cpp:399
- #1 0x55758509b234 in main /tmp/main.c:6
- #2 0x7f0c1c02928f (/usr/lib/libc.so.6+0x2928f)
- #3 0x7f0c1c029349 in __libc_start_main (/usr/lib/libc.so.6+0x29349)
- #4 0x55758509b0c4 in _start (/tmp/main+0x10c4)
- Address 0x7ffc00d62f7a is located in stack of thread T0 at offset 42 in frame
- #0 0x55758509b1a8 in main /tmp/main.c:4
- This frame has 1 object(s):
- [32, 42) 'str' (line 5) <== Memory access at offset 42 overflows this variable
- HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
- (longjmp and C++ exceptions *are* supported)
- SUMMARY: AddressSanitizer: stack-buffer-overflow /usr/src/debug/gcc/libsanitizer/asan/asan_interceptors.cpp:399 in __interceptor_strncat
- Shadow bytes around the buggy address:
- 0x1000001a4590: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x1000001a45a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x1000001a45b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x1000001a45c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x1000001a45d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- =>0x1000001a45e0: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00[02]
- 0x1000001a45f0: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x1000001a4600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x1000001a4610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x1000001a4620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x1000001a4630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- Shadow byte legend (one shadow byte represents 8 application bytes):
- Addressable: 00
- Partially addressable: 01 02 03 04 05 06 07
- Heap left redzone: fa
- Freed heap region: fd
- Stack left redzone: f1
- Stack mid redzone: f2
- Stack right redzone: f3
- Stack after return: f5
- Stack use after scope: f8
- Global redzone: f9
- Global init order: f6
- Poisoned by user: f7
- Container overflow: fc
- Array cookie: ac
- Intra object redzone: bb
- ASan internal: fe
- Left alloca redzone: ca
- Right alloca redzone: cb
- ==2154032==ABORTING
- $
- $
- $
- $ vim main.c
- $ cat main.c
- #include <stdio.h>
- #include <string.h>
- int main() {
- char str[10];
- str[0] = '\0'; // ****************************
- strncat(str, "I love FishC.com!", sizeof(str) - 1);
- return 0;
- }
- $ gcc-debug -o main main.c
- $ ./main
- $
复制代码 |
|