Tool for detecting Array overflow

[vashwath]

Hi all,
Is there any free tool available for detecting array overflow? I found
one which detects overflow of dynamic arrays. But I need a tool(or a
special compiler) which detects static array overflows too.

Thanks

 

[Chris McDonald]

Hi all,
Is there any free tool available for detecting array overflow? I found
one which detects overflow of dynamic arrays. But I need a tool(or a
special compiler) which detects static array overflows too.

<OT>
Any helpful answer you receive will probably be very compiler-specific.
If using gcc, your instance of it may support the -fbounds-check
command line option.
</OT>

 

[slebetman]

Hi all,
Is there any free tool available for detecting array overflow? I found
one which detects overflow of dynamic arrays. But I need a tool(or a
special compiler) which detects static array overflows too.

Just do what your teachers always tell you to do. Check your bounds
before using the array.

 

[=?ISO-8859-1?Q?Bj=F8rn_Augestad?=]

Hi all,
Is there any free tool available for detecting array overflow? I found
one which detects overflow of dynamic arrays. But I need a tool(or a
special compiler) which detects static array overflows too.

Thanks

On linux you can use valgrind, http://valgrind.kde.org.
Bjørn

 

[vashwath]

Any helpful answer you receive will probably be very compiler-specific.
If using gcc, your instance of it may support the -fbounds-check
command line option.
</OT>

Thanks for replying Chris.

Yes, I am using gcc for compilation.
I used the options you suggested for the following program

#include <stdio.h>

int main()
{
int a[10];

int i;

for(i=0;i<10;i++)
a = i;


for(i=0;i<10;i++)
printf("a[%d]= %d ",i,a);

printf("\n");
printf("i=%d\n",i);

a = 10;/*Array overflow???*/

}

I gave the following command
gcc -w -Wall -fbounds-check arrBound.c

But it did not detect the overflow.
Am i using the options correctly.

 

[=?ISO-8859-1?Q?Bj=F8rn_Augestad?=]

<OT>
Any helpful answer you receive will probably be very compiler-specific.
If using gcc, your instance of it may support the -fbounds-check
command line option.
</OT>

Thanks for replying Chris.

Yes, I am using gcc for compilation.
I used the options you suggested for the following program

#include <stdio.h>

int main()
{
int a[10];

int i;

for(i=0;i<10;i++)
a = i;


for(i=0;i<10;i++)
printf("a[%d]= %d ",i,a);

printf("\n");
printf("i=%d\n",i);

a = 10;/*Array overflow???*/

}

I gave the following command
gcc -w -Wall -fbounds-check arrBound.c

But it did not detect the overflow.
Am i using the options correctly.

Check the gcc man page for details regarding -fbounds-check. I have gcc
4.0.2 prerelease 20050901 (SUSE 10), and my man page states that
-fbounds-check works for fortran and java only.

Bjørn

 

[slebetman]

<OT>
Any helpful answer you receive will probably be very compiler-specific.
If using gcc, your instance of it may support the -fbounds-check
command line option.
</OT>

Thanks for replying Chris.

Yes, I am using gcc for compilation.
I used the options you suggested for the following program

#include <stdio.h>

int main()
{
int a[10];

int i;

for(i=0;i<10;i++)
a = i;


for(i=0;i<10;i++)
printf("a[%d]= %d ",i,a);

printf("\n");
printf("i=%d\n",i);

a = 10;/*Array overflow???*/

}

I gave the following command
gcc -w -Wall -fbounds-check arrBound.c

But it did not detect the overflow.
Am i using the options correctly.

In your code, I never exceed 9. So it did not detect overflow because
there is no overflow. Just modify it with the following to cause
overflow:

int main()
{
int a[10];

int i;

for(i=0;i<10;i++)
a = i;


for(i=0;i<10;i++)
printf("a[%d]= %d ",i,a);

printf("\n");
printf("i=%d\n",i);

i++; /*Cause overflow!*/
a = 10;/*Array overflow???*/

}

 

[Niklas Norrthon]

Yes, I am using gcc for compilation.
I used the options you suggested for the following program

#include <stdio.h>

int main()
{
int a[10];

int i;

for(i=0;i<10;i++)
a = i;


for(i=0;i<10;i++)
printf("a[%d]= %d ",i,a);

printf("\n");
printf("i=%d\n",i);

a = 10;/*Array overflow???*/

}

I gave the following command
gcc -w -Wall -fbounds-check arrBound.c

But it did not detect the overflow.
Am i using the options correctly.

In your code, I never exceed 9. So it did not detect overflow because
there is no overflow. Just modify it with the following to cause
overflow:

If that is the case, could you explain why the last printf
statement outputs "i=10"?

/Niklas Norrthon

 

[Igmar Palsenberg]

On linux you can use valgrind, http://valgrind.kde.org.

Which doesn't detect overflows of arrays located on the stack.



Igmar

 

[saurabh]

Hi,

Try with this code: file name overflow.c

#include <stdlib.h>
#include <stdio.h>

int main ()
{
int arr[2] = {2,3,4};
}

On compiling with gcc version 3.4.2, I can see following compilation
error message,
gcc -fbounds-check overflow.c
overflow.c: In function `main':
overflow.c:6: warning: excess elements in array initializer
overflow.c6: warning: (near initialization for `arr')

Thanks & Regards,
Saurabh.

 

[slebetman]

Yes, I am using gcc for compilation.
I used the options you suggested for the following program

#include <stdio.h>

int main()
{
int a[10];

int i;

for(i=0;i<10;i++)
a = i;


for(i=0;i<10;i++)
printf("a[%d]= %d ",i,a);

printf("\n");
printf("i=%d\n",i);

a = 10;/*Array overflow???*/

}

I gave the following command
gcc -w -Wall -fbounds-check arrBound.c

But it did not detect the overflow.
Am i using the options correctly.

In your code, I never exceed 9. So it did not detect overflow because
there is no overflow. Just modify it with the following to cause
overflow:

If that is the case, could you explain why the last printf
statement outputs "i=10"?

Ah, sorry, I missed the fact that the i++ in the for loop does indeed
increment i to 10.