堆栈内存溢出
  简体   繁体   English

Address Sanitizer with Visual C++:忽略读取缓冲区溢出,同时仍捕获写入缓冲区溢出

[英]Address Sanitizer with Visual C++: ignore read buffer overflows while still catching write buffer overflows

 原文  2021-10-26 07:45:44       c++/ visual-c++/ buffer-overflow/ address-sanitizer

问题描述

Consider the following example:考虑以下示例:

int main()
{
    char* p = new char[10];
    
    srand(p[11]); // heap buffer overflow - read

    p[11] = rand(); // heap buffer overflow - write
}

I want ASan not to flag heap buffer overflow - read for now, while still flagging heap buffer overflow - write .我希望 ASan 不标记heap buffer overflow - read现在heap buffer overflow - read ,同时仍然标记heap buffer overflow - write

The reason I want this is to concentrate on more dangerous errors for now.我想要这样做的原因是现在专注于更危险的错误。 Read overflow either crash immediately or don't have consequences, whereas write overflow may cause corruption that would trigger elsewhere later.读取溢出要么立即崩溃,要么不会产生任何后果,而写入溢出可能会导致稍后在其他地方触发的损坏。 For some small overflows, even immediate crash is excluded.对于一些小的溢出,甚至不包括立即崩溃。 So sure I'd look into read overflows too, but later.所以我肯定也会研究读取溢出,但稍后。

Is there a way to accomplish this?有没有办法做到这一点?

2 个解决方案

解决方案1
 1  2021-10-27 19:39:33

理论上,向 CL 包装器提供-mllvm -asan-instrument-reads=false应该禁用读取检测。

解决方案2
 0  2021-10-26 10:36:18

Apparently this is impossible with MSVC currently.显然,目前这对 MSVC 来说是不可能的。

To continue after an error, -fsanitize-recover=address option should be used.要在错误后继续,应使用-fsanitize-recover=address选项。 From FAQ :常见问题

Q: Can AddressSanitizer continue running after reporting first error?问:AddressSanitizer 报第一个错误后还能继续运行吗?

A: Yes it can, AddressSanitizer has recently got continue-after-error mode.答:可以,AddressSanitizer 最近获得了错误后继续模式。 This is somewhat experimental so may not yet be as reliable as default setting (and not as timely supported).这在某种程度上是实验性的,因此可能不如默认设置那么可靠(并且没有及时支持)。 Also keep in mind that errors after the first one may actually be spurious.还要记住,第一个之后的错误实际上可能是虚假的。 To enable continue-after-error, compile with -fsanitize-recover=address and then run your code with ASAN_OPTIONS=halt_on_error=0 .要启用错误后继续,请使用-fsanitize-recover=address编译,然后使用ASAN_OPTIONS=halt_on_error=0运行您的代码。

This option is not yet suppored by MSVC. MSVC 尚不支持此选项。 There's an issue to add it.问题要添加。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 C ++ memset / memcpy / strcpy实现-检查缓冲区溢出 - C++ memset / memcpy / strcpy implementation - check for buffer overflows C ++安全框架,用于缓冲区溢出,格式字符串错误和整数溢出 - C++ Security Framework for Buffer Overflows, Format String Bugs and Integer Overflows 什么C / C ++函数最常使用不正确,可能导致缓冲区溢出? - What C/C++ functions are most often used incorrectly and can lead to buffer overflows? C ++在我的计算机上工作正常但在leetcode上获取地址清理程序堆缓冲区溢出错误 - C++ works fine at my computer but gets address sanitizer heap-buffer-overflow errors on leetcode 地址清理程序堆缓冲区溢出 - Address Sanitizer Heap buffer Overflow C ++忽略并清除缓冲区 - C++ ignore and clear buffer C++如何定义操作符[]来写入和读取循环缓冲区的一项 - C++ how to define the operator [] to write and read an item of the circular buffer 如何在C ++(dll)中将图像传输到缓冲区,然后在C#中读取/写入缓冲区? - How transferring an image to buffer in c++(dll) and then read/write in buffer in C#? 在C / C ++中允许有符号整数溢出 - Allowing signed integer overflows in C/C++ C + +为​​什么还剩下输入缓冲区? - c++ why is there still input buffer left?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM