Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to debug 'Stack smashing detected'? [closed]

Tags:

I have a complex c++ code. It's a FastCGI program, using the FastCGI C++ Class library.

When I ask it for a very looooong url, I get:

*** stack smashing detected ***: ./tileserve terminated Erreur de segmentation

For real life applications, it's not an issue since I never use so long URLs, but this means that anyone could terminate my server... I don't like that.

Is there a tool to find out where this problem appears? How do I use it?

EDIT: SOLVED

I was doing this:

int len; char uri[200];  len = strlen(request.params[std::string("REQUEST_URI")].c_str()); printf("%d\n", len);  if (len > 200) return 1;  strcpy(uri, request.params[std::string("REQUEST_URI")].c_str());

Looks like 200 was too high for the len test. It actually fails at 194.

So instead I did this:

if (len > 190) return 1;

Now, it's fine.

like image 309
user1219721 Avatar asked Apr 10 '12 11:04

user1219721

People also ask

How do you check stack smashing?

Emit extra code to check for buffer overflows, such as stack smashing attacks. This is done by adding a guard variable to functions with vulnerable objects. This includes functions that call alloca, and functions with buffers larger than 8 bytes.

What does stack smashing detected mean?

Stack smashing is a form of vulnerability where the stack of a computer application or OS is forced to overflow. This may lead to subverting the program/system and crashing it.

2 Answers

If you read the website you will realize that this is a simple C++ wrapper over a C library.

A typical issue with C library are buffer overruns:

#include <cstring> #include <cstdio>  int main(int argc, char* argv[]) {   char buffer[16]; // ought to be sufficient    strcpy(buffer, argv[1]);   printf("%s", buffer); }

Try this program:

> ./test "a" a > ./test "abcdefghijklmnoprqstuvwxyz" ???

Because the buffer can only contain 16 characters, the remaining characters will be written past its end. This is stack smashing, and undefined behavior.

A number of implementations of either the runtime library or your OS may detect this situation in some conditions and terminate the program.

Either you are doing something wrong or the library is.

To locate the issue, you could use Valgrind or run your program in a debugger. Alternatively, if your system allows it, you might have a memory dump at the moment the program was killed. You can also view this memory dump in a debugger.

like image 181
Matthieu M. Avatar answered Sep 17 '22 07:09

Matthieu M.

You can use something like valgrind, or your compiler may have static analysis that can find places you might be overrunning buffers.

Also you can just audit your code for uses of error prone functions like strcpy and replace them with safe functions like strncpy, or better yet just use objects that manage their own memory like std::string.

like image 35
bames53 Avatar answered Sep 18 '22 07:09

bames53
Sign in to Comment

Related questions

Reading a non UTF-8 text file in Go
How to retrieve both TCP and UDP ports with Nmap? [closed]
Same class name in different C++ files
NHibernate: Error dehydrating property - What the heck is this?
A JTA EntityManager cannot use getTransaction()
What is a good native image size to use for a full width (100% of browser) slider?
Any cross browser issues with document.documentElement
Area of Intersection of Two Rotated Rectangles
Visual Studio Long wait before Starting to build
iOS6 - How to Clear Cache of Homescreen/Standalone Web App?
Getting a list of all unversioned files in a Git-controlled folder
Documenting equations with deqn and roxygen

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!