Re: free software which can detect array out of bounds in linux



On Feb 23, 2:25 pm, Måns Rullgård <m...@xxxxxxxxx> wrote:

If valgrind can't spot the error, neither will dmalloc. Both tools
are malloc debuggers, and will not catch buffer overflows on the
stack.


From Valgrind site: "Unfortunately, Memcheck doesn't do bounds
checking on static or stack arrays. We'd like to, but it's just not
possible to do in a reasonable way that fits with how Memcheck works.
Sorry."

http://valgrind.org/docs/manual/faq.html#faq.overruns

Thats a pretty big whole for Valgrind which otherwise IMHO is a great
product.

Ivan Novick
http://www.0x4849.net

.



Relevant Pages

  • Re: Detecting stack corruption
    ... > While being a very useful tool, valgrind will not detect stack ... Oops, yes, stack corruption is due to writing stack when ...
    (comp.os.linux.development.apps)
  • Re: Stack corruption problem.
    ... Valgrind doesn't handle stack issues very well. ... any automatic arrays or other stack manipulation magic. ... That will catch all manner of stack overflows that Valgrind misses. ...
    (comp.os.linux.development.apps)
  • Re: [ANNOUNCE] kmemcheck v7
    ... Yeah, as soon as the stack pointer changes, everything below it is invalidated. ... The big thing Valgrind hasn't traditionally helped with is overruns of on-stack arrays. ... void f1 ...
    (Linux-Kernel)
  • Re: Valgrinding the kernel?
    ... The original problem was that Valgrind didn't deal with clone and didn't have accurate signal support. ... Then the problem was dealing with the densely packed small kernel stacks. ... Valgrind now has a way of registering stack regions, so that it can distinguish between a stack switch and a normal function call. ...
    (Linux-Kernel)
  • Re: [OT] Re: Overflows in HMAC from LibTomCrypt
    ... It was a quick hack to work with the existing ... > hashes I had. ... >> If Kylix has dynamic arrays, then it won't have buffer overflows, ... Valgrind, valgrind, valgrind! ...
    (sci.crypt)