Home Forums C Programming Buffer overflow c/c++

Viewing 5 reply threads
  • Author
    Posts
    • #2208
      Stanley01K
      Participant

      Hello,
      how can I find a buffer overflow in arrays?

      For example:

      int x[10];
      int y[5][5];
      int z[5][5][2];

      x[12] = 0;
      y[3][7] = 8;
      z[2][6][1] = 8;

      Compilers don’t find these problems during compilation or during run-time.

      Can some one help me?

      Thanks

    • #3583
      GWILouisaxwzkla
      Participant

      The best thing to do in c/c++ is check that the indexes are with in range :

      since c/c++ does not use array descriptors ( an array header with the maximum length information ) there is really no other way I can think of.

    • #3584
      Stanley01K
      Participant

      Thanks for your answer.

      In this few days I’ve found a tool that does what I was looking for.

      It can detect all buffer overflow in single and multidimensional arrays and it doesn’t care about platform or compiler.

      It seems to work well, but I want to know your opinion.

      Thanks

      Best regards

    • #3585
      GWILouisaxwzkla
      Participant

      Interesting program ( I suppose this software is based on a parser that uses the C/C++ grammer that checks declarations and uses of pointers and arrays ). I guess its fine to use something like this ( if you trust the authors code :) ). You do have to run your source code through two translators per compile though , this could take extra time with large programs …..

    • #3586
      Stanley01K
      Participant

      Thanks,
      i think it’s so.

      I saw that the run time is slower, but it’s not a problem during test time.

      It is very helpful to find hidden bugs and I will go on to use it because it can discover something that I can’t by using only compiler.

      I used it with Visual C++.

      Did you try it?

      Best regards

    • #3587
      GWILouisaxwzkla
      Participant

      I haven’t used the software since I’ve gotten pretty good at finding access violations after years of writing my own data structures and lots of software that uses pointers. Anything I write in C/C++ or assembly language is designed with execution speed in mind so I probably would not use anything that slows my code down ( I belive that is why C/C++ was designed without provisions to check for access violations at compile time ). Anyway , I guess the software is a clever idea and if you don’t mind the performance hit , use it ………

Viewing 5 reply threads
  • The forum ‘C Programming’ is closed to new topics and replies.