C++笔记-Asan(address-sanitize)的使用
作者:互联网
目录
参考资料
https://github.com/google/sanitizers/wiki/AddressSanitizer
ASAN使用
检查越界
测试代码
test_asan.cpp
#include <iostream>
int main() {
int *arr = new int[10];
int res = arr[10]; // index out of bounds
std::cout << res << std::endl;
delete[] arr;
return 0;
}
编译
g++ -fsanitize=address test_string_split.cpp -g -o test
报错
/usr/bin/ld: cannot find /usr/lib64/libasan.so.4.0.0
collect2: error: ld returned 1 exit status
解决
sudo yum install /usr/lib64/libasan.so.4.0.0
执行test
./test
报错
7246ASan runtime does not come first in initial library list; you should either link runtime to your application or manually preload it with LD_PRELOAD.
需要将动态库加到LD_PRELOAD 一并执行test
LD_PRELOAD=/usr/lib64/libasan.so.4 ./test
结果
=================================================================
==12145==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x604000000038 at pc 0x000000400ba8 bp 0x7ffc1899b500 sp 0x7ffc1899b4f0
READ of size 4 at 0x604000000038 thread T0
#0 0x400ba7 in main /data/xxx/test_cpp/test_asan.cpp:4
#1 0x7fa6c5d09554 in __libc_start_main (/lib64/libc.so.6+0x22554)
#2 0x400aa8 (/data/xxx/test_cpp/test+0x400aa8)
0x604000000038 is located 0 bytes to the right of 40-byte region [0x604000000010,0x604000000038)
allocated by thread T0 here:
#0 0x7fa6c6a39968 in operator new[](unsigned long) (/usr/lib64/libasan.so.4+0xe0968)
#1 0x400b68 in main /data/xxx/test_cpp/test_asan.cpp:3
#2 0x7fa6c5d09554 in __libc_start_main (/lib64/libc.so.6+0x22554)
SUMMARY: AddressSanitizer: heap-buffer-overflow /datax/xxt/test_cpp/test_asan.cpp:4 in main
Shadow bytes around the buggy address:
0x0c087fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c087fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c087fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c087fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c087fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c087fff8000: fa fa 00 00 00 00 00[fa]fa fa fa fa fa fa fa fa
0x0c087fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==12145==ABORTING
可见 heap-buffer-overflow 堆缓冲区溢出, 在main函数的第四行
检查内存泄露
test_asan2.cpp
#include <iostream>
int main() {
int *ptr = new int(-1);
std::cout << *ptr << std::endl;
// delete ptr;
return 0;
}
g++ -fsanitize=address test_asan2.cpp -g -o test
LD_PRELOAD=/usr/lib64/libasan.so.4 ./test
结果
=================================================================
==14998==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x7f00df6ee7a8 in operator new(unsigned long) (/usr/lib64/libasan.so.4+0xe07a8)
#1 0x400b78 in main /xxx/test_cpp/test_asan2.cpp:3
#2 0x7f00de9be554 in __libc_start_main (/lib64/libc.so.6+0x22554)
SUMMARY: AddressSanitizer: 4 byte(s) leaked in 1 allocation(s).
可见第三行new了一个int指针,并未释放
标签:00,cpp,C++,fa,sanitize,address,test,lib64,main 来源: https://www.cnblogs.com/gnivor/p/16364729.html