Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

addressSanitizer: heap-buffer-overflow on address

Tags:

c

heap-memory

memory-leaks

buffer-overflow

I am at the very beginning of learning C.

I am trying to write a function to open a file, read a BUFFER_SIZE, store the content in an array, then track the character '\n' (because I want to get each line of the input).

when I set the BUFFER_SIZE very large, I can get the first line. when I set the BUFFER_SIZE reasonably small (say, 42) which is not yet the end of the first line , it prints out some weird symbol at the end, but I guess it is some bug in my own code.

however, when I set the BUFFER_SIZE very small, say = 10, and i use the -fsanitizer=address to check for memory leak. it throws a monster of error:

==90673==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000000fb at pc 0x000108868a95 bp 0x7fff573979a0 sp 0x7fff57397998 READ of size 1 at 0x6020000000fb thread T0

If anyone can explain me in a general sense:

  • what is fsanitizer=address flag?

  • what is heap-buffer-overflow?

  • what is address and thread? what is the flag to see the thread in colors on screen?

  • and why it says 'read of size 1 at address.." ?

i would really appreciate <3

like image 966
Linh Chi Nguyen Avatar asked Jul 29 '18 10:07

Linh Chi Nguyen

1 Answers

what is fsanitizer=address flag?

Usually C compiler doesn't add boundaries check for memory access. Sometimes due to code error, there is read or write from outside the buffer, such an error is usually hard to detect. Using this flag the compiler add some boundaries check, to ensure you won't use a buffer to reach outside of its allocation.

what is heap-buffer-overflow?

use an array to reach after its allocation, 

char* x = malloc(10); char n=x[11]; //heap-buffer-overflow

(underflow is to reach before its allocation) 

char* x = malloc(10); char n=x[-11]; //heap-buffer-underflow

what is address and thread?

Address is position in memory, thread is part of process running sequence of code.

and why it says 'read of size 1 at address.." ?

It means you read single byte form the given address.

I think your problem is that you allocate the BUFFER_SIZE for the buffer and read the same BUFFER_SIZE into it. The correct approach is to always declare at least one more byte than you read. like this:

char* buff = malloc(BUFFER_SIZE+1);//notice to +1 fread(buff,1,BUFFER_SIZE,fp);
like image 85
SHR Avatar answered Sep 26 '22 00:09

SHR
Sign in to Comment

Related questions

What is SOL_SOCKET used for?
How do I understand complicated function declarations?
Why are global variables bad, in a single threaded, non-os, embedded application
What is faster (x < 0) or (x == -1)?
How to find the element of an array that is repeated at least N/2 times?
Is there a shorter way to write compound 'if' conditions? [duplicate]
GCC Aliasing Checks w/Restrict pointers
Is argv[n] writable?
Visualising 4D objects in OpenGL [closed]
Latest changes in C11
Can clang-format align variable or macro assignments in columns?
light-weight C++ image library [closed]
Does printf("%x",1) invoke undefined behavior?
CMake on Windows
What size should I allow for strerror_r?
What does WEXITSTATUS(status) return?
How to embed Node.js interpreter into C/C++?
How do I get the file HANDLE from the fopen FILE structure?
Does CMAKE_BUILD_TYPE=Release imply -DNDEBUG?
Is there any difference between structure and union if we have only one member?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!