实例介绍利用valgrind定位内存非法访问问题
2017-03-12 19:07
363 查看
本文继续介绍 valgind的使用, 看程序:
#include <stdio.h>
int main()
{
int a[100];
a[10000] = 0;
return 0;
} 用valgrind分析:
[root@xxx ~/valgrind-3.8.1/bin]# ./valgrind --tool=memcheck --leak-check=yes --show-reachable=yes ./a.out
==27955== Memcheck, a memory error detector
==27955== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==27955== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==27955== Command: ./a.out
==27955==
==27955== Invalid write of size 4
==27955== at 0x40055F: main (test.cpp:6)
==27955== Address 0x7ff009f90 is not stack'd, malloc'd or (recently) free'd
==27955==
==27955==
==27955== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==27955== Access not within mapped region at address 0x7FF009F90
==27955== at 0x40055F: main (test.cpp:6)
==27955== If you believe this happened as a result of a stack
==27955== overflow in your program's main thread (unlikely but
==27955== possible), you can try to increase the size of the
==27955== main thread stack using the --main-stacksize= flag.
==27955== The main thread stack size used in this run was 8388608.
==27955==
==27955== HEAP SUMMARY:
==27955== in use at exit: 0 bytes in 0 blocks
==27955== total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==27955==
==27955== All heap blocks were freed -- no leaks are possible
==27955==
==27955== For counts of detected and suppressed errors, rerun with: -v
==27955== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 6 from 6)
Segmentation fault
[root@xxx ~/valgrind-3.8.1/bin]# 可以看到, 第6行有内存非法访问, 程序core dump了。 当然, 除了用valgrind, 我们还可以用其他方法来查出这个内存异常访问导致的core dump问题, 之前介绍过很多次了, 故不再赘述。
要注意的是, 如果写成a[100] = 0; 实际发现, 并没有core dump, 但这也是非常危险的操作, 应该避免。 至于是否真的core dump, 那就要看你的运气了。 总之, 不要依赖于此类undefined behavior.
类似的非法内存访问还有:
#include <stdio.h>
int main()
{
char *p;
*p = 'a';
return 0;
} valgrind分析结果如下:
[root@xxx ~/valgrind-3.8.1/bin]# g++ -g test.cpp
[root@xxx ~/valgrind-3.8.1/bin]#
[root@xxx ~/valgrind-3.8.1/bin]# ./valgrind --tool=memcheck --leak-check=yes --show-reachable=yes ./a.out
==31774== Memcheck, a memory error detector
==31774== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==31774== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==31774== Command: ./a.out
==31774==
==31774== Use of uninitialised value of size 8
==31774== at 0x40055C: main (test.cpp:6)
==31774==
==31774== Invalid write of size 1
==31774== at 0x40055C: main (test.cpp:6)
==31774== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==31774==
==31774==
==31774== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==31774== Access not within mapped region at address 0x0
==31774== at 0x40055C: main (test.cpp:6)
==31774== If you believe this happened as a result of a stack
==31774== overflow in your program's main thread (unlikely but
==31774== possible), you can try to increase the size of the
==31774== main thread stack using the --main-stacksize= flag.
==31774== The main thread stack size used in this run was 8388608.
==31774==
==31774== HEAP SUMMARY:
==31774== in use at exit: 0 bytes in 0 blocks
==31774== total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==31774==
==31774== All heap blocks were freed -- no leaks are possible
==31774==
==31774== For counts of detected and suppressed errors, rerun with: -v
==31774== Use --track-origins=yes to see where uninitialised values come from
==31774== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 6 from 6)
Segmentation fault
[root@xxx ~/valgrind-3.8.1/bin]#
再比如:
#include <stdio.h>
#include <stdlib.h>
#include <memory.h>
int main()
{
char *p = (char *)malloc(30);
p[31] = 'a';
return 0;
}
valgrind分析结果如下:
[root@xxx ~/valgrind-3.8.1/bin]# ./valgrind --tool=memcheck --leak-check=yes --show-reachable=yes ./a.out
==32673== Memcheck, a memory error detector
==32673== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==32673== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==32673== Command: ./a.out
==32673==
==32673== Invalid write of size 1
==32673== at 0x4005C2: main (test.cpp:8)
==32673== Address 0x5d8405f is 1 bytes after a block of size 30 alloc'd
==32673== at 0x4C278FE: malloc (vg_replace_malloc.c:270)
==32673== by 0x4005B5: main (test.cpp:7)
==32673==
==32673==
==32673== HEAP SUMMARY:
==32673== in use at exit: 30 bytes in 1 blocks
==32673== total heap usage: 1 allocs, 0 frees, 30 bytes allocated
==32673==
==32673== 30 bytes in 1 blocks are definitely lost in loss record 1 of 1
==32673== at 0x4C278FE: malloc (vg_replace_malloc.c:270)
==32673== by 0x4005B5: main (test.cpp:7)
==32673==
==32673== LEAK SUMMARY:
==32673== definitely lost: 30 bytes in 1 blocks
==32673== indirectly lost: 0 bytes in 0 blocks
==32673== possibly lost: 0 bytes in 0 blocks
==32673== still reachable: 0 bytes in 0 blocks
==32673== suppressed: 0 bytes in 0 blocks
==32673==
==32673== For counts of detected and suppressed errors, rerun with: -v
==32673== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 6 from 6)
[root@xxx ~/valgrind-3.8.1/bin]#
OK, 先说这么多。
#include <stdio.h>
int main()
{
int a[100];
a[10000] = 0;
return 0;
} 用valgrind分析:
[root@xxx ~/valgrind-3.8.1/bin]# ./valgrind --tool=memcheck --leak-check=yes --show-reachable=yes ./a.out
==27955== Memcheck, a memory error detector
==27955== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==27955== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==27955== Command: ./a.out
==27955==
==27955== Invalid write of size 4
==27955== at 0x40055F: main (test.cpp:6)
==27955== Address 0x7ff009f90 is not stack'd, malloc'd or (recently) free'd
==27955==
==27955==
==27955== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==27955== Access not within mapped region at address 0x7FF009F90
==27955== at 0x40055F: main (test.cpp:6)
==27955== If you believe this happened as a result of a stack
==27955== overflow in your program's main thread (unlikely but
==27955== possible), you can try to increase the size of the
==27955== main thread stack using the --main-stacksize= flag.
==27955== The main thread stack size used in this run was 8388608.
==27955==
==27955== HEAP SUMMARY:
==27955== in use at exit: 0 bytes in 0 blocks
==27955== total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==27955==
==27955== All heap blocks were freed -- no leaks are possible
==27955==
==27955== For counts of detected and suppressed errors, rerun with: -v
==27955== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 6 from 6)
Segmentation fault
[root@xxx ~/valgrind-3.8.1/bin]# 可以看到, 第6行有内存非法访问, 程序core dump了。 当然, 除了用valgrind, 我们还可以用其他方法来查出这个内存异常访问导致的core dump问题, 之前介绍过很多次了, 故不再赘述。
要注意的是, 如果写成a[100] = 0; 实际发现, 并没有core dump, 但这也是非常危险的操作, 应该避免。 至于是否真的core dump, 那就要看你的运气了。 总之, 不要依赖于此类undefined behavior.
类似的非法内存访问还有:
#include <stdio.h>
int main()
{
char *p;
*p = 'a';
return 0;
} valgrind分析结果如下:
[root@xxx ~/valgrind-3.8.1/bin]# g++ -g test.cpp
[root@xxx ~/valgrind-3.8.1/bin]#
[root@xxx ~/valgrind-3.8.1/bin]# ./valgrind --tool=memcheck --leak-check=yes --show-reachable=yes ./a.out
==31774== Memcheck, a memory error detector
==31774== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==31774== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==31774== Command: ./a.out
==31774==
==31774== Use of uninitialised value of size 8
==31774== at 0x40055C: main (test.cpp:6)
==31774==
==31774== Invalid write of size 1
==31774== at 0x40055C: main (test.cpp:6)
==31774== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==31774==
==31774==
==31774== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==31774== Access not within mapped region at address 0x0
==31774== at 0x40055C: main (test.cpp:6)
==31774== If you believe this happened as a result of a stack
==31774== overflow in your program's main thread (unlikely but
==31774== possible), you can try to increase the size of the
==31774== main thread stack using the --main-stacksize= flag.
==31774== The main thread stack size used in this run was 8388608.
==31774==
==31774== HEAP SUMMARY:
==31774== in use at exit: 0 bytes in 0 blocks
==31774== total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==31774==
==31774== All heap blocks were freed -- no leaks are possible
==31774==
==31774== For counts of detected and suppressed errors, rerun with: -v
==31774== Use --track-origins=yes to see where uninitialised values come from
==31774== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 6 from 6)
Segmentation fault
[root@xxx ~/valgrind-3.8.1/bin]#
再比如:
#include <stdio.h>
#include <stdlib.h>
#include <memory.h>
int main()
{
char *p = (char *)malloc(30);
p[31] = 'a';
return 0;
}
valgrind分析结果如下:
[root@xxx ~/valgrind-3.8.1/bin]# ./valgrind --tool=memcheck --leak-check=yes --show-reachable=yes ./a.out
==32673== Memcheck, a memory error detector
==32673== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==32673== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==32673== Command: ./a.out
==32673==
==32673== Invalid write of size 1
==32673== at 0x4005C2: main (test.cpp:8)
==32673== Address 0x5d8405f is 1 bytes after a block of size 30 alloc'd
==32673== at 0x4C278FE: malloc (vg_replace_malloc.c:270)
==32673== by 0x4005B5: main (test.cpp:7)
==32673==
==32673==
==32673== HEAP SUMMARY:
==32673== in use at exit: 30 bytes in 1 blocks
==32673== total heap usage: 1 allocs, 0 frees, 30 bytes allocated
==32673==
==32673== 30 bytes in 1 blocks are definitely lost in loss record 1 of 1
==32673== at 0x4C278FE: malloc (vg_replace_malloc.c:270)
==32673== by 0x4005B5: main (test.cpp:7)
==32673==
==32673== LEAK SUMMARY:
==32673== definitely lost: 30 bytes in 1 blocks
==32673== indirectly lost: 0 bytes in 0 blocks
==32673== possibly lost: 0 bytes in 0 blocks
==32673== still reachable: 0 bytes in 0 blocks
==32673== suppressed: 0 bytes in 0 blocks
==32673==
==32673== For counts of detected and suppressed errors, rerun with: -v
==32673== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 6 from 6)
[root@xxx ~/valgrind-3.8.1/bin]#
OK, 先说这么多。
相关文章推荐
- 实例介绍利用valgrind定位内存异常释放问题(double free 和wrong free)
- 实例介绍利用valgrind定位memcpy内存重叠问题------顺便再次说说memcpy和memmove的区别
- 实例介绍利用valgrind定位内存泄漏问题
- 实例介绍利用valgrind定位内存泄漏问题
- 实例介绍利用valgrind定位变量未初始化的问题
- 实例介绍利用valgrind定位strcpy/strncpy/strcat/strncat内存重叠问题
- Linux用户态用信号定位异常退出访问非法内存问题
- 读书笔记:C++中利用智能指针和值型类防止内存非法访问
- 利用内存断点(数据断点)结合windows CRT 定位堆栈溢出问题
- Error:Dll调用问题,0X000005地址内存非法访问
- valgrind定位内存问题
- 话说linux 下的pthread 内存问题 (Valgrind 检测 及定位排除)
- Linux环境定位C程序内存泄露以及非法访问的方法
- 读书笔记:C++中利用智能指针和值型类防止内存非法访问
- iOS下CLLocationManager多次定位引起内存访问错误的问题解决
- 实例详细介绍各种字符集编码转换问题
- 跨进程访问共享内存的权限问题
- 全面介绍Windows内存管理机制及C++内存分配实例(一):进程空间
- illegal memory access(非法内存访问)
- 跨进程访问共享内存的权限问题