Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What C/C++ tools can check for buffer overflows? [closed]

Tags:

I've been asked to maintain a large C++ codebase full of memory leaks. While poking around, I found out that we have a lot of buffer overflows that lead to the leaks (how it got this bad, I don't ever want to know).

I've decided to removing the buffer overflows first. To make my bug-hunting easier, what tools can be used to check for buffer overruns?

like image 885
MrValdez Avatar asked Oct 03 '08 14:10

MrValdez

People also ask

Which tools can be used to detect buffer overflow attacks?

The best way to detect this type of vulnerability is to use a static code analyzer, such as Klocwork. Klocwork has an extensive set of software security checkers to help ensure that security vulnerabilities cannot be exploited.

Which C function can cause buffer overflow?

That is why the safest basic method in C is to avoid the following five unsafe functions that can lead to a buffer overflow vulnerability: printf , sprintf , strcat , strcpy , and gets .

How are buffer overflows found?

Most buffer overflows are caused by the combination of manipulating memory and mistaken assumptions around the composition or size of data. A buffer overflow vulnerability will typically occur when code: Is reliant on external data to control its behavior.

What is buffer overflow problem Discuss 3 tools used to overcome this problem?

A buffer overflow, or buffer overrun, occurs when more data is put into a fixed-length buffer than the buffer can handle. The extra information, which has to go somewhere, can overflow into adjacent memory space, corrupting or overwriting the data held in that space.

2 Answers

On Linux I'd use Valgrind.

like image 146
diciu Avatar answered Jan 03 '23 10:01

diciu

Consider using more modern data structures as a way of avoiding buffer overflows. Reading into a std::string won't overflow, and std::vectors are much safer than arrays. I don't know what your application is, and it's possible that raw buffers are used because you need the speed, but it's more common that they are used because that's what the original programmers were comfortable with.

Searching for memory leaks with the tools mentioned is a good idea, but they may not find all potential leaks, while using standard strings and container classes can eliminate problems you didn't realize you had.

like image 31
David Thornley Avatar answered Jan 03 '23 11:01

David Thornley
Sign in to Comment

Related questions

How can I, in python, iterate over multiple 2d lists at once, cleanly?
What's the simplest way to access mssql with python or ironpython?
What are the differences between PHP and Java?
How to determine whether a language is LL(1) LR(0) SLR(1)
Why and how would you use Exceptions in this sample PHP code?
How can I convert to a specific type in a generic version of TryParse()?
Resize for in-call status bar?
.htaccess for cakephp
How to bind String to variable in Guice?
Learning Haskell: How to remove an item from a List in Haskell
MOV src, dest (or) MOV dest, src?
Python analog of PHP's natsort function (sort a list using a "natural order" algorithm) [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!