AddressSanitizer的错误输出分析

已于 2022-05-09 21:42:12 修改
阅读量1.4k 收藏
点赞数
分类专栏: C++ 文章标签: c++
于 2022-05-09 21:39:31 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/baidu_39282678/article/details/124675849
版权

报错解析

这是一个经典的ASAN报错。是对一个vector<int> a(8, 0)的a[8]写入。

=================================================================
==42==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000000060 at pc 0x00000034afb8 bp 0x7ffe7a13edf0 sp 0x7ffe7a13ede8
WRITE of size 4 at 0x603000000060 thread T0
    #1 0x7f7a911a50b2  (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
0x603000000060 is located 0 bytes to the right of 32-byte region [0x603000000040,0x603000000060)
allocated by thread T0 here:
    #4 0x7f7a911a50b2  (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
Shadow bytes around the buggy address: 
//这一部分是显示错误区域附近的影子内存,下方的解释说明了不同取值的含义
//每一个影子字节包含着实际的8个字节的元数据
//那个00 00 00 00即为长度为8的vector<int>,在影子内存中有4字节,说明实际上是32字节,合理
//用方括号扩起的代表意欲访问的地址。这个fa表示其所代表的整个8个字节都是poison的,
//是未分配的区域,是Heap left redzone。访问到这说明越界了。
//以vector<int>为例,假如长度为8,对应的影子内存就是00 00 00 00,
//假如长度为7,则是00 00 00 04,这是因为1个int就占4个字节。最后的04代表这8字节中有4字节可用,05就是有5字节可用,以此类推。
//回到这个报错,访问的是[8]所以00后的第一个fa被扩起来了;如果访问的是[9],扩起的仍然是这个fa,
//但如果访问[10],那就要到下一个fa了,以此类推。
  0x0c067fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c067fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c067fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c067fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c067fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c067fff8000: fa fa 00 00 00 fa fa fa 00 00 00 00[fa]fa fa fa
  0x0c067fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==42==ABORTING

再来看一个报错,这次是

vector<char> c(8, 0);
vector<char> d(8, 0);
vector<char> e(8, 0);
c[8] = '!';
std::cout << d[0];

只看Shadow Bytes部分:

0x0c047fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c047fff8000: fa fa 00[fa]fa fa 00 fa fa fa 00 fa fa fa fa fa
0x0c047fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

此时将c[8]改为c[16]

0x0c047fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c047fff8000: fa fa 00 fa[fa]fa 00 fa fa fa 00 fa fa fa fa fa
0x0c047fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

改为c[24]

0x0c047fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c047fff8000: fa fa 00 fa fa[fa]00 fa fa fa 00 fa fa fa fa fa
0x0c047fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

改为c[32]
现在程序是

vector<char> c(8, 0);
vector<char> d(8, 0);
vector<char> e(8, 0);
c[32] = '!';
std::cout << d[0];

.....
天!它没报错

执行完成,耗时:0 ms
!

说明ASAN是有极限的,并不能完全确保检出越界。
至于中间为什么是三个fa,
参阅 AddressSanitizerAlgorithm · google/sanitizers Wiki · GitHub

福尔马林速溶枸杞
关注
专栏目录
KernelAddressSanitizer (KASan)内存问题分析利器解析
07-20
从内核层KASAN到Userspace的ASAN,从原理分析到实例详解,对内存问题深度刨析
Leetcode 常见报错原因之 heap-buffer-overflow on address 和 reference binding to misaligned address
qq_39220334的博客
01-19 2万+
1. SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior 对数组进行操作时,一定要注意数组的可索引范围,保证数组不发生越界。在 Leetcode 中数组越界会给出如下几种报错信息: 1. AddressSanitizer: heap-buffer-overflow on address 报错信息: ==42==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000032
ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000000090 at pc 0x00000034d628 bp 0x7f
CFY1226的博客
07-04 2489
所以在sum+=nums[i];这里,实际上访问的是数组的第i个元素,而不是当前元素。当i的值大于nums的长度时,就会发生访问越界,导致。的问题,这通常是由于。
ERROR: AddressSanitizer: heap-use-after-free on address
CFY1226的博客
06-15 8129
悬挂指针”(Dangling Pointer)是一种常见的编程错误,它发生在当一个指针指向的内存已经被释放或者已经超出范围时。在这种情况下,指针仍然存在,但它所指向的内存可能已经被操作系统重新分配给其他地方,或者根本就不能访问。如果试图通过悬挂指针访问这块内存,就可能会导致未定义的行为,比如程序崩溃或者数据损坏。在最开始的写法中,我们把root delete掉了,再调用root->right就会出现内存报错。内存错误"heap-use-after-free",这是因为在C++中,当使用。
C++本地运行无误,Leetcode编译器报错:AddressSanitizer: heap-buffer-overflow on address
九九六.爱吸油
01-07 1277
AddressSanitizer(ASan)是一个快速的内存错误检测工具。它非常快,只拖慢程序两倍左右。可以看到上述代码中,为了易读性,我把程序特殊情况挨着列出来,忘记了顺序问题,应该就是内存泄漏问题,一般出现在数组越界访问之类的。同样会报错,因为也是顺序执行的。
address-sanitizer.md
12-18
==539==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff3a152c9c at pc 0x4009b6 bp 0x7fff3a152c60 sp 0x7fff3a152c58 WRITE of size 4 at 0x7fff3a152c9c thread T0 #0 0x4009b5 in main /home...
asan-giovese:我在C中的AddressSanitizer实现
05-25
AddressSanitizer(简称ASAN)是一种强大的动态内存错误检测工具,由Google开发并集成到LLVM项目中。它主要用于检测C和C++程序中的缓冲区溢出、使用未初始化的内存、释放后使用的内存等常见错误。在本项目"asan-...
c语言段错误小结.docx
11-26
- 内存检查工具:Valgrind、AddressSanitizer等工具可以检测内存泄漏、缓冲区溢出等问题。 - 代码审查:同事或同行的第二双眼睛可能发现潜在的问题。 - 静态分析:利用静态代码分析工具检查潜在的错误模式。 了解并...
rust-san:操作方法:清理您的Rust代码!
02-05
1. **地址Sanitizer (address-sanitizer)**: 这个工具检测内存错误,如缓冲区溢出、使用未初始化的内存、释放后使用的内存等。它通过插入运行时库来跟踪分配和释放的内存块,当检测到不安全的内存访问时会触发错误...
介绍几款 C/C++内存泄漏检测工具.帮程序员擦屁股用
10-25
AddressSanitizer是一个由Google开发的高效内存错误检测工具,包括检测堆、栈、全局变量以及未初始化的内存使用情况。ASan通过在运行时插入额外的检查代码来检测内存错误,例如缓冲区溢出、使用已释放的内存、未...
力扣-剑指 Offer 26. 树的子结构-报错堆溢出
liuqiangon的博客
03-07 198
剑指 Offer 26. 树的子结构 报错堆溢出 heap-buffer-overflow on address 0x603000000060 at pc 0x00000034afb8 bp 0x7ffe7a13edf0 sp 0x7ffe7a13ede8 WRITE of size 1
内存泄漏检测工具asan
qq_41962968的博客
10-05 2750
3.堆溢出(heap buffer overflow)。堆中存储动态申请内存,如malloc(), calloc(), new int[]等,常见情况为访问到申请内存之外的地址。2、栈溢出(Stack buffer overflow),函数中的变量,参数,引用,指针,返回地址等存储在栈中,若超出栈的容量会导致栈溢出,常见情形为递归过深或申请的数组过大。1、内存泄漏(Memory leaks),即申请的内存未释放,如上图所示。把超大静态数组/放到全局变量中或越界访问静态数组。
ASAN 问题总结
最新发布
weixin_31260305的博客
09-26 2197
MemShadowshadow memory也是内存中的一块区域,但与main memory又不同,shadow memory中有元数据的思想,其中的数据存放的是 main memory 的状态信息。因此,可以将 shadow memory 看做是 main memory 的元数据,而 main memory 中存储的才是程序真正的数据。
LeetCode报错:AddressSanitizer:DEADLYSIGNAL详细分析与解决
热门推荐
来知晓的博客
07-05 5万+
LeetCode报错:AddressSanitizer:DEADLYSIGNAL详细分析与解决问题描述问题分析实例分析 更多总结见:C刷题:LeetCode刷题踩坑常见BUG总结 问题描述 报错:AddressSanitizer:DEADLYSIGNAL,详细如下 ===42====ERROR:AddressSanitizer: SEGV on unknown address xx. The signal is caused by a READ memory access. 问题分析 一般可能主要有
bug:ERROR: AddressSanitizer: heap-buffer-overflow on address
qq_38656720的博客
01-09 517
================================================================= ==42==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000060 at pc 0x00000034c100 bp 0x7ffdfe659290 sp 0x7ffdfe659288 数组越界
Leetcode报错诊断
unspoken0714的博客
09-09 398
Heap-buffer-overflow 引索越界,做题时maxIndex = nums.size(); 应该是maxIndex = nums.size() - 1; ================================================================= ==30==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000000c at pc 0x000000401749 bp 0x7f
leetcode报错之 ERROR: AddressSanitizer: stack-overflow on address ...
AuthurLEE's Blogs
04-12 1万+
ERROR: AddressSanitizer: stack-overflow on address...原因,解决方案以及解决方案的相关资料
力扣报错“AddressSanitizer: heap-buffer-overflow on address...”的解决办法
Law of Conservation of Eudaemonia
03-16 1万+
做力扣报了个错: AddressSanitizer: heap-buffer-overflow on address 0x6020000001cc at pc…… 大概意思 LeetCode使用了AddressSanitizer检查了是否存在内存非法访问,一般是数组越界,上下都有可能 Address Sanitizer(ASan)是一个快速的内存错误检测工具。从gcc 4.8开始,AddressSanitizer成为gcc的一部分。 解决方案 一般是修改循环条件,如:<改为<=
力扣(Leet code)报错AddressSanitizer: heap-buffer-overflow on address
ShakugannoSnivy的博客
09-10 1460
即if(p == 0||data[p-1]!= now),这样检查到p==0后就不会执行后面的data[p-1],这是因为||是逻辑上的或,前面的语句符合了就不会继续判断了。在力扣执行 s = "){"情况时,循环代码中if(data[p-1]!= now || p ==0)会先判断data[p-1],此时由于p==0,p-1必然造成数组越界从而导致报错,在这里,只需要将两个判断条件替换一下位置即可。这种时候在自己编译器上不一定能检查得出问题,对于力扣来说,这种情况大概率就是。
ERROR: AddressSanitizer报错
04-02
AddressSanitizer是一种用于检测内存错误的工具,包括访问无效内存、内存泄漏、使用未初始化的内存等。如果您的程序中出现了AddressSanitizer报错,则说明程序存在内存错误。 要解决AddressSanitizer报错,您需要先了解报错的具体原因和位置。AddressSanitizer输出详细的报错信息,包括错误类型、错误位置和调用栈信息。通过分析报错信息,您可以定位到出错的代码行和变量,然后进行相应的修复。 常见的解决方法包括: 1. 检查指针使用是否正确,确保指针指向有效的内存地址。 2. 检查数组越界访问,确保访问的数组下标在合法范围内。 3. 检查内存泄漏,确保每次分配内存后都有相应的释放操作。 4. 检查未初始化的内存使用,确保使用前先进行初始化。 5. 使用工具分析代码,例如Valgrind、GDB等,帮助定位问题。 总之,解决AddressSanitizer报错需要细心和耐心,需要深入了解程序的内存使用情况,并进行相应的修复操作。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值