Can any C debugger catch this error?

[virtual]

Here is the contents of "blah.c":

#include <string.h>

int main(void)
{
char buf1[5];
char buf2[5];

strcpy(buf2, "12345678");

return 0;
}

I've tried using Valgrind as follows:

virchanza ~ $ gcc -g -o blah blah.c
virchanza ~ $ valgrind ./blah
==6502== Memcheck, a memory error detector.
==6502== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et
al.
==6502== Using LibVEX rev 1854, a library for dynamic binary
translation.
==6502== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==6502== Using valgrind-3.3.1-Debian, a dynamic binary instrumentation
framework.
==6502== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et
al.
==6502== For more details, rerun with: -v
==6502==
==6502==
==6502== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 11 from
1)
==6502== malloc/free: in use at exit: 0 bytes in 0 blocks.
==6502== malloc/free: 0 allocs, 0 frees, 0 bytes allocated.
==6502== For counts of detected errors, rerun with: -v
==6502== All heap blocks were freed -- no leaks are possible.

As you can see, Valgrind doesn't mention the error. Does anyone know
of any debugging tool on any platform that can catch this error?

My platform is Linux on x86.

 

[Nate Eldredge]

#include <string.h>

int main(void)
{
char buf1[5];
char buf2[5];

strcpy(buf2, "12345678");

return 0;
}

I've tried using Valgrind as follows:

[...]

It appears valgrind doesn't detect this sort of error. Sorry for
misleading you.

Mudflap, however, does.

nate@archdiocese:/tmp$ gcc-4.3 -fmudflap -o blah blah.c -lmudflap
nate@archdiocese:/tmp$ ./blah
*******
mudflap violation 1 (check/write): time=1229075915.384719 ptr=0xbfbc6826 size=9
pc=0xb7e5f2bd location=`(strcpy dest)'
/usr/lib/libmudflap.so.0(__mf_check+0x3d) [0xb7e5f2bd]
/usr/lib/libmudflap.so.0(__mfwrap_strcpy+0xc3) [0xb7e6cad3]
./blah(main+0x48) [0x80486ec]
Nearby object 1: checked region begins 0B into and ends 4B after
mudflap object 0x804ad68: name=`blah.c:6:10 (main) buf2'
bounds=[0xbfbc6826,0xbfbc682a] size=5 area=stack check=0r/3w liveness=3
alloc time=1229075915.384667 pc=0xb7e5ea5d
number of nearby objects: 1

 

[Richard Tobin]

char buf2[5];

strcpy(buf2, "12345678");

As you can see, Valgrind doesn't mention the error.

No, it basically only detects errors with malloc()ed memory.

Does anyone know
of any debugging tool on any platform that can catch this error?

I believe that when I used dbx on Solaris years ago it could do this,
but I might be wrong.

-- Richard

 

[virtual]

Mudflap, however, does.

Fantastic, thanks! :-D

For anyone in my position, here's how to get mudflap working on
Ubuntu:
apt-get install libmudflap0
apt-get install libmudflap0-4.3-dev

Is there any other debugging tools I should know about? Currently I'm
using gdb and mudflap :-D

 

[maverik]

As you can see, Valgrind doesn't mention the error. Does anyone know
of any debugging tool on any platform that can catch this error?

AFAIK, a Lint/Splint also can detect this error. It's not a debugging
tool, but the tool for statically checking C programs for security
vulnerabilities and coding mistakes.

 

[Ben Bacarisse]

Fantastic, thanks! :-D

Is there any other debugging tools I should know about? Currently I'm
using gdb and mudflap :-D

Don't dump valgrind's memcheck tool. Not only does it check allocated
memory, it also checks for uses of indeterminate values.

 

[user923005]

Here is the contents of "blah.c":

#include <string.h>

int main(void)
{
    char buf1[5];
    char buf2[5];

    strcpy(buf2, "12345678");

    return 0;

}

I've tried using Valgrind as follows:

virchanza ~ $ gcc -g -o blah blah.c
virchanza ~ $ valgrind ./blah
==6502== Memcheck, a memory error detector.
==6502== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et
al.
==6502== Using LibVEX rev 1854, a library for dynamic binary
translation.
==6502== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP..
==6502== Using valgrind-3.3.1-Debian, a dynamic binary instrumentation
framework.
==6502== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et
al.
==6502== For more details, rerun with: -v
==6502==
==6502==
==6502== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 11 from
1)
==6502== malloc/free: in use at exit: 0 bytes in 0 blocks.
==6502== malloc/free: 0 allocs, 0 frees, 0 bytes allocated.
==6502== For counts of detected errors, rerun with: -v
==6502== All heap blocks were freed -- no leaks are possible.

As you can see, Valgrind doesn't mention the error. Does anyone know
of any debugging tool on any platform that can catch this error?

My platform is Linux on x86.

No need for a debugger.
C:\tmp>type bug.c
#include <string.h>
int main(void)
{
char buf1[5];
char buf2[5];
strcpy(buf2, "12345678");
return 0;
}

C:\tmp>type _LINT.TMP

--- Module: bug.c (C)
_
strcpy(buf2, "12345678");
bug.c(6) : Warning 419: Apparent data overrun for function 'strcpy
(char *,
const char *)', argument 2 (size=9) exceeds argument 1 (size=5)
[Reference:
file bug.c: line 6]
bug.c(6) : Info 831: Reference cited in prior message
_
}
bug.c(8) : Warning 529: Symbol 'buf1' (line 4) not subsequently
referenced
bug.c(4) : Info 830: Location cited in prior message
_
}
bug.c(8) : Note 953: Variable 'buf1' (line 4) could be declared as
const ---
Eff. C++ 3rd Ed. item 3
bug.c(4) : Info 830: Location cited in prior message

I used PC-Lint, but Gimpel makes a Linux version too.