Re: free software which can detect array out of bounds in linux



On Feb 23, 2:25 pm, Måns Rullgård <m...@xxxxxxxxx> wrote:

If valgrind can't spot the error, neither will dmalloc. Both tools
are malloc debuggers, and will not catch buffer overflows on the
stack.


From Valgrind site: "Unfortunately, Memcheck doesn't do bounds
checking on static or stack arrays. We'd like to, but it's just not
possible to do in a reasonable way that fits with how Memcheck works.
Sorry."

http://valgrind.org/docs/manual/faq.html#faq.overruns

Thats a pretty big whole for Valgrind which otherwise IMHO is a great
product.

Ivan Novick
http://www.0x4849.net

.