Home › Forums › C Programming › Buffer overflow c/c++
- This topic has 5 replies, 2 voices, and was last updated 15 years, 5 months ago by GWILouisaxwzkla.
- AuthorPosts
- July 2, 2009 at 8:47 pm #2208Stanley01KParticipant
Hello,
how can I find a buffer overflow in arrays?For example:
int x[10];
int y[5][5];
int z[5][5][2];x[12] = 0;
y[3][7] = 8;
z[2][6][1] = 8;Compilers don’t find these problems during compilation or during run-time.
Can some one help me?
Thanks
- July 5, 2009 at 11:31 pm #3583GWILouisaxwzklaParticipant
The best thing to do in c/c++ is check that the indexes are with in range :
12345<br />int array [ 2] [ 2 ];<br />if ( i < 2 && j < 2 )<br />var = array [ i ] [ j ];<br />since c/c++ does not use array descriptors ( an array header with the maximum length information ) there is really no other way I can think of.
- July 16, 2009 at 10:50 pm #3584Stanley01KParticipant
Thanks for your answer.
In this few days I’ve found a tool that does what I was looking for.
It can detect all buffer overflow in single and multidimensional arrays and it doesn’t care about platform or compiler.
It seems to work well, but I want to know your opinion.
Thanks
Best regards
- July 17, 2009 at 8:04 pm #3585GWILouisaxwzklaParticipant
Interesting program ( I suppose this software is based on a parser that uses the C/C++ grammer that checks declarations and uses of pointers and arrays ). I guess its fine to use something like this ( if you trust the authors code :) ). You do have to run your source code through two translators per compile though , this could take extra time with large programs …..
- July 18, 2009 at 8:12 pm #3586Stanley01KParticipant
Thanks,
i think it’s so.I saw that the run time is slower, but it’s not a problem during test time.
It is very helpful to find hidden bugs and I will go on to use it because it can discover something that I can’t by using only compiler.
I used it with Visual C++.
Did you try it?
Best regards
- July 20, 2009 at 5:17 pm #3587GWILouisaxwzklaParticipant
I haven’t used the software since I’ve gotten pretty good at finding access violations after years of writing my own data structures and lots of software that uses pointers. Anything I write in C/C++ or assembly language is designed with execution speed in mind so I probably would not use anything that slows my code down ( I belive that is why C/C++ was designed without provisions to check for access violations at compile time ). Anyway , I guess the software is a clever idea and if you don’t mind the performance hit , use it ………
- AuthorPosts
- The forum ‘C Programming’ is closed to new topics and replies.