Sanitize检测的几种常见问题

最新推荐文章于 2025-03-28 11:52:12 发布
最新推荐文章于 2025-03-28 11:52:12 发布
阅读量2.5k 收藏 13
点赞数
分类专栏: 内存检测 文章标签: c++ 内存管理
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/fangjun791350/article/details/119204660
版权

目录

一、malloc leak/new leak(heap leak)

二、use after free

三、double free

四、heap overflow

五、stack overflow

六、global value overflow

七、use after scope

八、use after return

九、init order bugs

一、malloc leak/new leak(heap leak)

malloc leak/new leak其实都是堆内存申请的泄露问题,只不过malloc通常是c语言使用的方式,new是c++内存分配常用方式,它们的泄露其实很简单就是申请内存后没有释放。

代码:

//sanitize.cpp文件
 
1 #include <iostream>
  2
  3 using namespace std;
  4
  5 /***
  6 执行编译:
  7 g++ sanitize.c -o sanitize -ggdb -fsanitize=address
  8 ASAN_OPTIONS=detect_stack_use_after_return=1 ./sanitize =》just for use after return
  9 ***/
 22 int malloc_leak(void)
 23 {
 24    cout << "malloc leak test start" << endl;
 25    int *p;
 26    p =(int*)malloc(7); //=》这里申请了7个字节的内存
 27    cout << "malloc leak test end" << endl;
 28    //free(p); //=》这里面没有释放
 29    return 0;
 30 }
127 int main()
128 {
132    //memory leak test
133    malloc_leak();
158    return 0;
159 }

检测结果:

user2@buildsrv-190:~/sf_user2/test$ g++ sanitize.cpp sanitize_order.cpp -o sanitize -ggdb -fsanitize=address
user2@buildsrv-190:~/sf_user2/test$ ./sanitize
malloc leak test start
malloc leak test end

=================================================================
==67068==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 7 byte(s) in 1 object(s) allocated from:
    #0 0x7f45f9366b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    #1 0x55a62a162a6c in malloc_leak() /home/user2/sf_user2/test/sanitize.cpp:26 =》异常的申请点
    #2 0x55a62a163382 in main /home/user2/sf_user2/test/sanitize.cpp:133
    #3 0x7f45f8b2fb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

SUMMARY: AddressSanitizer: 7 byte(s) leaked in 1 allocation(s).

代码:

//sanitize.cpp文件
  
  1 #include <iostream>
  2
  3 using namespace std;
  4
  5 /***
  6 执行编译:
  7 g++ sanitize.c -o sanitize -ggdb -fsanitize=address
  8 ASAN_OPTIONS=detect_stack_use_after_return=1 ./sanitize =》just for use after return
  9 ***/
 32 int new_leak()
 33 {
 34    cout << "new leak test start" << endl;
 35    int *q = new int[100]; //=>这里申请了内存
 36    cout << "new leak test end" << endl;
 37    //delete []q; //=>这里没有释放
 38    return 0;
 39 }
127 int main()
128 {
135    //new leak test
136    new_leak();
158    return 0;
159 }

检测结果:

user2@buildsrv-190:~/sf_user2/test$ g++ sanitize.cpp sanitize_order.cpp -o sanitize -ggdb -fsanitize=address
user2@buildsrv-190:~/sf_user2/test$ ./sanitize
new leak test start
new leak test end

=================================================================
==67487==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 400 byte(s) in 1 object(s) allocated from:
    #0 0x7f8a5db0a608 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe0608)
    #1 0x5613d6bfdad9 in new_leak() /home/user2/sf_user2/test/sanitize.cpp:35
    #2 0x5613d6bfe382 in main /home/user2/sf_user2/test/sanitize.cpp:136
    #3 0x7f8a5d2d1b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

SUMMARY: AddressSanitizer: 400 byte(s) leaked in 1 allocation(s).

二、use after free

顾名思义就是使用那些已经释放的内存

代码:

//sanitize.cpp文件

  1 #include <iostream>
  2
  3 using namespace std;
  4
  5 /***
  6 执行编译:
  7 g++ sanitize.c -o sanitize -ggdb -fsanitize=address
  8 ASAN_OPTIONS=detect_stack_use_after_return=1 ./sanitize =》just for use after return
  9 ***/
 41 int use_after_free(void)
 42 {
 43    cout << "use after free test start" << endl;
 44    int *p = new int[100];
 45    p[1] = 2;
 46    delete []p; //=>这里已经释放
 47    p[2] = 3; //=>这里又重新使用
 48    cout << "use after free test end" << endl;
 49    return 0;
 50 }
127 int main()
128 {
138    //use after test
139    use_after_free();
158    return 0;
159 }

检测结果:

user2@buildsrv-190:~/sf_user2/test$ g++ sanitize.cpp sanitize_order.cpp -o sanitize -ggdb -fsanitize=address
user2@buildsrv-190:~/sf_user2/test$ ./sanitize
use after free test start
=================================================================
==67843==ERROR: AddressSanitizer: heap-use-after-free on address 0x614000000048 at pc 0x55c5ede63be2 bp 0x7ffdc8d331f0 sp 0x7ffdc8d331e0
WRITE of size 4 at 0x614000000048 thread T0
    #0 0x55c5ede63be1 in use_after_free() /home/user2/sf_user2/test/sanitize.cpp:47
    #1 0x55c5ede64382 in main /home/user2/sf_user2/test/sanitize.cpp:139
    #2 0x7f55aa5c4b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #3 0x55c5ede637c9 in _start (/data/sf_user2/test/sanitize+0x17c9)

0x614000000048 is located 8 bytes inside of 400-byte region [0x614000000040,0x6140000001d0)
freed by thread T0 here:
    #0 0x7f55aadfe480 in operator delete[](void*) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe1480)
    #1 0x55c5ede63ba2 in use_after_free() /home/user2/sf_user2/test/sanitize.cpp:46
    #2 0x55c5ede64382 in main /home/user2/sf_user2/test/sanitize.cpp:139
    #3 0x7f55aa5c4b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

previously allocated by thread T0 here:
    #0 0x7f55aadfd608 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe0608)
    #1 0x55c5ede63b46 in use_after_free() /home/user2/sf_user2/test/sanitize.cpp:44
    #2 0x55c5ede64382 in main /home/user2/sf_user2/test/sanitize.cpp:139
    #3 0x7f55aa5c4b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

SUMMARY: AddressSanitizer: heap-use-after-free /home/user2/sf_user2/test/sanitize.cpp:47 in use_after_free()
Shadow bytes around the buggy address:
  0x0c287fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c287fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c287fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c287fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c287fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c287fff8000: fa fa fa fa fa fa fa fa fd[fd]fd fd fd fd fd fd
  0x0c287fff8010: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c287fff8020: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c287fff8030: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
  0x0c287fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c287fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==67843==ABORTING

三、double free

顾名思义就是重复释放已经释放过的内存

代码:

//sanitize.cpp文件

  1 #include <iostream>
  2
  3 using namespace std;
  4
  5 /***
  6 执行编译:
  7 g++ sanitize.c -o sanitize -ggdb -fsanitize=address
  8 ASAN_OPTIONS=detect_stack_use_after_return=1 ./sanitize =》just for use after return
  9 ***/
 52 int double_free(void)
 53 {
 54    cout << "double free test start" << endl;
 55    int *p = new int[100];
 56    p[0] = 2;
 57    delete []p; //=>第一次释放
 58    delete []p; //=>第二次释放
 59    cout << "double free test end" << endl;
 60    return 0;
 61 }
127 int main()
128 {
141    //double free test
142    double_free();
158    return 0;
159 }

检测结果:

user2@buildsrv-190:~/sf_user2/test$ g++ sanitize.cpp sanitize_order.cpp -o sanitize -ggdb -fsanitize=address
user2@buildsrv-190:~/sf_user2/test$ ./sanitize
double free test start
=================================================================
==67962==ERROR: AddressSanitizer: attempting double-free on 0x614000000040 in thread T0:
    #0 0x7fa7f0fe9480 in operator delete[](void*) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe1480)
    #1 0x55b506095cbb in double_free() /home/user2/sf_user2/test/sanitize.cpp:58
    #2 0x55b506096382 in main /home/user2/sf_user2/test/sanitize.cpp:142
    #3 0x7fa7f07afb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #4 0x55b5060957c9 in _start (/data/sf_user2/test/sanitize+0x17c9)

0x614000000040 is located 0 bytes inside of 400-byte region [0x614000000040,0x6140000001d0)
freed by thread T0 here:
    #0 0x7fa7f0fe9480 in operator delete[](void*) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe1480)
    #1 0x55b506095ca8 in double_free() /home/user2/sf_user2/test/sanitize.cpp:57
    #2 0x55b506096382 in main /home/user2/sf_user2/test/sanitize.cpp:142
    #3 0x7fa7f07afb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

previously allocated by thread T0 here:
    #0 0x7fa7f0fe8608 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe0608)
    #1 0x55b506095c50 in double_free() /home/user2/sf_user2/test/sanitize.cpp:55
    #2 0x55b506096382 in main /home/user2/sf_user2/test/sanitize.cpp:142
    #3 0x7fa7f07afb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

SUMMARY: AddressSanitizer: double-free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe1480) in operator delete[](void*)
==67962==ABORTING

四、heap overflow

顾名思义就是申请的堆内存本来是一个固定的大小,结果使用的时候超出了申请的范围

代码:

//sanitize.cpp文件

 1 #include <iostream>
  2
  3 using namespace std;
  4
  5 /***
  6 执行编译:
  7 g++ sanitize.c -o sanitize -ggdb -fsanitize=address
  8 ASAN_OPTIONS=detect_stack_use_after_return=1 ./sanitize =》just for use after return
  9 ***/
 63 int out_of_heap(void)
 64 {
 65    cout << "out of heap test start" << endl;
 66    int *p = new int[100];
 67    p[0] = 1;
 68    p[100] = 100; //=>此处越界
 69    delete []p;
 70    cout << "out of heap test end" << endl;
 71    return 0;
 72 }
127 int main()
128 {
144    //out of heap test
145    out_of_heap();
158    return 0;
159 }

检测结果:

user2@buildsrv-190:~/sf_user2/test$ g++ sanitize.cpp sanitize_order.cpp -o sanitize -ggdb -fsanitize=address
user2@buildsrv-190:~/sf_user2/test$ ./sanitize
out of heap test start
=================================================================
==68588==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6140000001d0 at pc 0x55ed46f3adac bp 0x7ffd76172b30 sp 0x7ffd76172b20
WRITE of size 4 at 0x6140000001d0 thread T0
    #0 0x55ed46f3adab in out_of_heap() /home/user2/sf_user2/test/sanitize.cpp:68
    #1 0x55ed46f3b382 in main /home/user2/sf_user2/test/sanitize.cpp:145
    #2 0x7f3eb47c3b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #3 0x55ed46f3a7c9 in _start (/data/sf_user2/test/sanitize+0x17c9)

0x6140000001d0 is located 0 bytes to the right of 400-byte region [0x614000000040,0x6140000001d0)
allocated by thread T0 here:
    #0 0x7f3eb4ffc608 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe0608)
    #1 0x55ed46f3ad24 in out_of_heap() /home/user2/sf_user2/test/sanitize.cpp:66
    #2 0x55ed46f3b382 in main /home/user2/sf_user2/test/sanitize.cpp:145
    #3 0x7f3eb47c3b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/user2/sf_user2/test/sanitize.cpp:68 in out_of_heap()
Shadow bytes around the buggy address:
  0x0c287fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c287fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c287fff8000: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c287fff8010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c287fff8020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c287fff8030: 00 00 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa
  0x0c287fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c287fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c287fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c287fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c287fff8080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==68588==ABORTING

五、stack overflow

顾名思义就是使用超过了栈的大小,通常的局部变量或者形参都是存放在栈里面,一般常用的是数组越界或者递归过多导致的越界

代码:

//sanitize.cpp文件

  1 #include <iostream>
  2
  3 using namespace std;
  4
  5 /***
  6 执行编译:
  7 g++ sanitize.c -o sanitize -ggdb -fsanitize=address
  8 ASAN_OPTIONS=detect_stack_use_after_return=1 ./sanitize =》just for use after return
  9 ***/
 74 int out_of_stack(void)
 75 {
 76    cout << "out of stack test start" << endl;
 77    int p[10];
 78    p[0] = 1;
 79    p[10] = 11; //=》越界
 80    cout << "out of stack test end" << endl;
 81    return 0;
 82 }
127 int main()
128 {
147    //out of stack test
148    out_of_stack();
158    return 0;
159 }

检测结果:

user2@buildsrv-190:~/sf_user2/test$ ./sanitize
out of stack test start
=================================================================
==68817==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffccc8b4e98 at pc 0x55f0b793cf0f bp 0x7ffccc8b4e40 sp 0x7ffccc8b4e30
WRITE of size 4 at 0x7ffccc8b4e98 thread T0
    #0 0x55f0b793cf0e in out_of_stack() /home/user2/sf_user2/test/sanitize.cpp:79
    #1 0x55f0b793d382 in main /home/user2/sf_user2/test/sanitize.cpp:148
    #2 0x7f39aa19fb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #3 0x55f0b793c7c9 in _start (/data/sf_user2/test/sanitize+0x17c9)

Address 0x7ffccc8b4e98 is located in stack of thread T0 at offset 72 in frame
    #0 0x55f0b793ce03 in out_of_stack() /home/user2/sf_user2/test/sanitize.cpp:75

  This frame has 1 object(s):
    [32, 72) 'p' <== Memory access at offset 72 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /home/user2/sf_user2/test/sanitize.cpp:79 in out_of_stack()
Shadow bytes around the buggy address:
  0x10001990e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10001990e990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10001990e9a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10001990e9b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10001990e9c0: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00
=>0x10001990e9d0: 00 00 00[f2]f2 f2 00 00 00 00 00 00 00 00 00 00
  0x10001990e9e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10001990e9f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10001990ea00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10001990ea10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10001990ea20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==68817==ABORTING

六、global value overflow

顾名思义是全局变量区的越界,也是访问了不该访问的内存

代码:

//sanitize.cpp文件

  1 #include <iostream>
  2
  3 using namespace std;
  4
  5 /***
  6 执行编译:
  7 g++ sanitize.c -o sanitize -ggdb -fsanitize=address
  8 ASAN_OPTIONS=detect_stack_use_after_return=1 ./sanitize =》just for use after return
  9 ***/
 84 int g_value[10];
 85
 86 int global_var_overflow(void)
 87 {
 88    cout << "global var overflow test start" << endl;
 89    g_value[0] = 1;
 90    g_value[11] = 11; //=>越界
 91    cout << "global var overflow test end" << endl;
 92    return 0;
 93 }

127 int main()
128 {
150    //global var overflow test
151    global_var_overflow();
158    return 0;
159 }

检测结果:

user2@buildsrv-190:~/sf_user2/test$ g++ sanitize.cpp sanitize_order.cpp -o sanitize -ggdb -fsanitize=address
user2@buildsrv-190:~/sf_user2/test$ ./sanitize
global var overflow test start
=================================================================
==68920==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55cd7207e90c at pc 0x55cd71e7c019 bp 0x7ffc8eb8ce90 sp 0x7ffc8eb8ce80
WRITE of size 4 at 0x55cd7207e90c thread T0
    #0 0x55cd71e7c018 in global_var_overflow() /home/user2/sf_user2/test/sanitize.cpp:90
    #1 0x55cd71e7c382 in main /home/user2/sf_user2/test/sanitize.cpp:151
    #2 0x7f5071447b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #3 0x55cd71e7b7c9 in _start (/data/sf_user2/test/sanitize+0x17c9)

0x55cd7207e90c is located 4 bytes to the right of global variable 'g_value' defined in 'sanitize.cpp:84:5' (0x55cd7207e8e0) of size 40
0x55cd7207e90c is located 52 bytes to the left of global variable 'ptr' defined in 'sanitize.cpp:95:6' (0x55cd7207e940) of size 8
SUMMARY: AddressSanitizer: global-buffer-overflow /home/user2/sf_user2/test/sanitize.cpp:90 in global_var_overflow()
Shadow bytes around the buggy address:
  0x0aba2e407cd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0aba2e407ce0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0aba2e407cf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0aba2e407d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0aba2e407d10: 00 00 00 00 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
=>0x0aba2e407d20: 00[f9]f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
  0x0aba2e407d30: 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 04 f9 f9 f9
  0x0aba2e407d40: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
  0x0aba2e407d50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0aba2e407d60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0aba2e407d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==68920==ABORTING

七、use after scope

use after scope有点不太常见,大概的含义是使用了已经超过范围的局部变量,通常一个局部变量在函数外基本上就已经释放了,如果函数外再去访问其实是一种异常

代码:

//sanitize.cpp文件

  1 #include <iostream>
  2
  3 using namespace std;
  4
  5 /***
  6 执行编译:
  7 g++ sanitize.c -o sanitize -ggdb -fsanitize=address
  8 ASAN_OPTIONS=detect_stack_use_after_return=1 ./sanitize =》just for use after return
  9 ***/
 10
 11 int use_after_scope(void)
 12 {
 13    int *p; //=>定义一个指针
 14    {
 15         int x = 1;
 16         p = &x; //=>指向一个局部变量
 17    }
 18    cout << *p << endl; //=>在作用域之外其实那个x里面的内存已经释放掉了
 19    return 0;
 20 }

127 int main()
128 {
129    //use after scope test
130    //use_after_scope();
158    return 0;
159 }

检测结果:

user2@buildsrv-190:~/sf_user2/test$ g++ sanitize.cpp sanitize_order.cpp -o sanitize -ggdb -fsanitize=address
user2@buildsrv-190:~/sf_user2/test$ ./sanitize
=================================================================
==69443==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffcc4071f90 at pc 0x55bf3ada39b7 bp 0x7ffcc4071f50 sp 0x7ffcc4071f40
READ of size 4 at 0x7ffcc4071f90 thread T0
    #0 0x55bf3ada39b6 in use_after_scope() /home/user2/sf_user2/test/sanitize.cpp:18
    #1 0x55bf3ada4382 in main /home/user2/sf_user2/test/sanitize.cpp:130
    #2 0x7f4bd096fb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #3 0x55bf3ada37c9 in _start (/data/sf_user2/test/sanitize+0x17c9)

Address 0x7ffcc4071f90 is located in stack of thread T0 at offset 32 in frame
    #0 0x55bf3ada38b9 in use_after_scope() /home/user2/sf_user2/test/sanitize.cpp:12

  This frame has 1 object(s):
    [32, 36) 'x' <== Memory access at offset 32 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-scope /home/user2/sf_user2/test/sanitize.cpp:18 in use_after_scope()
Shadow bytes around the buggy address:
  0x1000188063a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000188063b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000188063c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000188063d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000188063e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
=>0x1000188063f0: f1 f1[f8]f2 f2 f2 00 00 00 00 00 00 00 00 00 00
  0x100018806400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100018806410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100018806420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100018806430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100018806440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==69443==ABORTING

八、use after return

跟上面的比较类似,甚至可以说是一个包含的关系,只不过一个是作用域之外的访问,一个是函数执行完后访问的局部变量

代码:

//sanitize.cpp文件

 1 #include <iostream>
  2
  3 using namespace std;
  4
  5 /***
  6 执行编译:
  7 g++ sanitize.c -o sanitize -ggdb -fsanitize=address
  8 ASAN_OPTIONS=detect_stack_use_after_return=1 ./sanitize =》just for use after return
  9 ***/
 10
 95 int *ptr; //=>全局的指针
 96 void getoflocal(void)
 97 {
 98    int i[100];
 99    ptr = &i[0]; //=>指向一个函数内的局部数据首地址
100 }
101 int use_after_return(void)
102 {
103    cout << "use after return test start" << endl;
104    getoflocal(); //函数执行完毕
105    cout << "ptr is: " << *ptr; //访问全局指针指向的内存内容,其实内容在函数外已经return了
106    cout << "use after return test end" << endl;
107    return 0;
108 }
127 int main()
128 {
153    //use after return test
154    use_after_return();
158    return 0;
159 }

检测结果:

第一次执行:没有检测出异常
user2@buildsrv-190:~/sf_user2/test$ g++ sanitize.cpp sanitize_order.cpp -o sanitize -ggdb -fsanitize=address
user2@buildsrv-190:~/sf_user2/test$ ./sanitize
use after return test start
ptr is: 832835699use after return test end

第二次执行:成功检测到,但是需要带上ASAN的一个参数
user2@buildsrv-190:~/sf_user2/test$ ASAN_OPTIONS=detect_stack_use_after_return=1 ./sanitize
use after return test start
=================================================================
==69546==ERROR: AddressSanitizer: stack-use-after-return on address 0x7f9ec6e00020 at pc 0x558669fad234 bp 0x7ffca2384280 sp 0x7ffca2384270
READ of size 4 at 0x7f9ec6e00020 thread T0
    #0 0x558669fad233 in use_after_return() /home/user2/sf_user2/test/sanitize.cpp:105
    #1 0x558669fad382 in main /home/user2/sf_user2/test/sanitize.cpp:154
    #2 0x7f9ecac93b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #3 0x558669fac7c9 in _start (/data/sf_user2/test/sanitize+0x17c9)

Address 0x7f9ec6e00020 is located in stack of thread T0 at offset 32 in frame
    #0 0x558669fad061 in getoflocal() /home/user2/sf_user2/test/sanitize.cpp:97

  This frame has 1 object(s):
    [32, 432) 'i' <== Memory access at offset 32 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return /home/user2/sf_user2/test/sanitize.cpp:105 in use_after_return()
Shadow bytes around the buggy address:
  0x0ff458db7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff458db7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff458db7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff458db7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff458db7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ff458db8000: f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0ff458db8010: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0ff458db8020: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0ff458db8030: f5 f5 f5 f5 f5 f5 f5 f5 00 00 00 00 00 00 00 00
  0x0ff458db8040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff458db8050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==69546==ABORTING

九、init order bugs

顾名思义,就是初始化顺序不一样导致的结果不一致问题。

代码:

//sanitize_order.cpp文件

int test(void)
{
    return 5;
}

int extern_global = test();


//sanitize.cpp文件
  1 #include <iostream>
  2
  3 using namespace std;
  4
  5 /***
  6 执行编译:
  7 g++ sanitize.c -o sanitize -ggdb -fsanitize=address
  8 ASAN_OPTIONS=detect_stack_use_after_return=1 ./sanitize =》just for use after return
  9 ASAN_OPTIONS=check_initialization_order=true ./sanitize =》just for init order bugs
 10 ***/

110 extern int extern_global;
111
112 int __attribute__((noinline)) read_extern_global(void)
113 {
114    return extern_global;
115 }
116
117 int x = read_extern_global(); // =>此处读取的会因为init的不同导致结果的不同
118
119 int init_order_bug(void)
120 {
121    cout << "init order bug test start" << endl;
122    cout << "extern global: " << x << endl;
123    cout << "init order bug test end" << endl;
124    return 0;
125 }
127 int main()
128 {
156    //init order bug
157    init_order_bug();
158    return 0;
159 }

编译情况:

user2@buildsrv-190:~/sf_user2/test$ g++ sanitize.cpp sanitize_order.cpp -o sanitize1 -ggdb -fsanitize=address
user2@buildsrv-190:~/sf_user2/test$ ./sanitize1
init order bug test start
extern global: 0 =》这里返回值是0
init order bug test end
user2@buildsrv-190:~/sf_user2/test$ g++ sanitize_order.cpp sanitize.cpp -o sanitize -ggdb -fsanitize=address
user2@buildsrv-190:~/sf_user2/test$ ./sanitize
init order bug test start
extern global: 5 =》这里返回值却是5
init order bug test end

检测结果:

user2@buildsrv-190:~/sf_user2/test$ ASAN_OPTIONS=check_initialization_order=true ./sanitize1
=================================================================
==66446==ERROR: AddressSanitizer: initialization-order-fiasco on address 0x5601dd2829e0 at pc 0x5601dd0802ad bp 0x7ffd40b576a0 sp 0x7ffd40b57690
READ of size 4 at 0x5601dd2829e0 thread T0
    #0 0x5601dd0802ac in read_extern_global() /home/user2/sf_user2/test/sanitize.cpp:114
    #1 0x5601dd0803e4 in __static_initialization_and_destruction_0 /home/user2/sf_user2/test/sanitize.cpp:117
    #2 0x5601dd08043a in _GLOBAL__sub_I__Z15use_after_scopev /home/user2/sf_user2/test/sanitize.cpp:159
    #3 0x5601dd08058c in __libc_csu_init (/data/sf_user2/test/sanitize1+0x258c)
    #4 0x7f80326e5b27 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b27)
    #5 0x5601dd07f7c9 in _start (/data/sf_user2/test/sanitize1+0x17c9)

0x5601dd2829e0 is located 0 bytes inside of global variable 'extern_global' defined in 'sanitize_order.cpp:6:5' (0x5601dd2829e0) of size 4
  registered at:
    #0 0x7f8032e744a8  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x364a8)
    #1 0x5601dd08053b in _GLOBAL__sub_I_00099_1__Z4testv (/data/sf_user2/test/sanitize1+0x253b)
    #2 0x5601dd08058c in __libc_csu_init (/data/sf_user2/test/sanitize1+0x258c)

SUMMARY: AddressSanitizer: initialization-order-fiasco /home/user2/sf_user2/test/sanitize.cpp:114 in read_extern_global()
Shadow bytes around the buggy address:
  0x0ac0bba484e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ac0bba484f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ac0bba48500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ac0bba48510: 00 00 00 00 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x0ac0bba48520: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
=>0x0ac0bba48530: 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00[f6]f6 f6 f6
  0x0ac0bba48540: f6 f6 f6 f6 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ac0bba48550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ac0bba48560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ac0bba48570: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ac0bba48580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==66446==ABORTING

智慧城市数据采集的四大难点分析及解决措施
Rainpoo_的博客
02-24 5285
2021开工后,睿铂接到关于智慧城市设备与作业建议的咨询络绎不绝,真三维建模项目成果作为智慧城市应用的基础平台,决定了智慧城市大数据平台建设和应用的水平。 为帮助客户提高城市高楼区建模的效率和效果,睿铂整理了无人机在城市高楼区域进行航摄时可能遇到的难点及解决措施,以供各位参考。 01.干扰多,易失控 全球定位系统直接从卫星接收信号到接收机,而在城市高楼区采集数据时,由于高楼玻璃幕墙的遮挡,GPS信号会在楼体之间产生多重折射,它们与直接进入接收机天线的卫星信号产生干涉,造成无人机定位偏移甚至定位错乱。 同时,
智慧(路灯)灯杆有哪些典型的创新业务应用功能?
weixin_52154467的博客
12-19 5693
作为智慧城市建设的新型公共基础设施,智慧灯杆可实现通信、公共安全、智慧照明、环境监测、智慧交通、新能源业务和信息发布等典型业务应用。随着 5G、物联网、大数据、AI 等新兴技术发展以及多类型信息数据共享及联动,将会催生更丰富的创新业务应用。智慧灯杆的业务应用可按需部署,同时兼顾未来业务和技术发展需要。 (一) 通信业务 智慧灯杆作为通信连接点,可以通过无线或有线方式对外延伸, 提供多种业务服务,包括无线基站、物联网、边缘计算、公共 WIFI 及光传输等。 随着 5G 建设加速,移动互联网和物联网业务正在成
智慧农业(蔬菜大棚解决方案
06-23
智慧农业就是将物联网技术运用到传统农业中去,运用传感器和软件通过移动平台或者电脑平台对农业生产进行控制,使传统农业更具有"智慧"。除了精准感知、控制与决策管理外,从广泛意义上讲,智慧农业还包括农业电子商务、食品溯源防伪、农业休闲旅游、农业信息服务等方面的内容。
服务农业智慧大棚解决方案
iotrelaybox的博客
05-27 1144
传统的农民都是‘面朝黄土背朝天,风吹日晒满身土’,草苫的掀起和覆盖全靠手工,什么时候适合浇水、施肥、打药,全凭经验或感觉,瓜果、蔬菜种植怎样保持精确的浓度、温度、湿度、光照,这些曾被‘模糊’处理的问题,如今在智慧农业智慧大棚的发展背景下,一切便迎刃而解。系统具备设备联动控制功能,可对通风、遮阳、卷帘、风机湿帘降温、补光灯、散热器、移动苗床、移动喷灌等自动化设备进行控制,远程操控设备,达到调节温室环境的目的,提高生产效率。:通过根据实时气候情况改变温室内的环境,减少了不必要的浪费,降低了成本。
智慧农业 | 基于物联网智慧农业能力平台建设及平台架构功能方案解析
最新发布
m0_59235699的博客
03-28 1198
本文主要介绍智慧农业物联网平台解决方案,涵盖智慧农业概念、中国农业面临的问题、产业化和信息化发展方向、物联网农业中的应用,以及智慧农业能力平台架构、典型扩展性应用等内容,旨在通过物联网技术解决农业生产中的诸多问题,推动农业现代化发展。
智慧农业大棚设计方案.pdf
05-13
智慧农业大棚设计方案.pdf
智慧农业大棚设计方案.pptx
04-19
智慧农业大棚设计方案
智慧农业农业物联网大棚管理系统应用
u012984333的博客
06-14 669
温室大棚种植能够带来许多好处,其中不乏反季节农产品的生产,并为作物提供良好的生长环境,从而为农业产能的提升创造条件。温室大棚种植在结合物联网技术之后,本质是对传统大棚的升级改造,在管理上由原本的人工管理,转变为以人工经验为指导,配合物联网感知设备、智能控制终端等设备,串联起大棚灌溉、施肥、光照、通风等管理过程,令温室环境始终处于利于作物生长的状态,这也就是智能温室大棚系统。通过长期数据的积累,积累科学种植数据,提升作物品质与产量。    智能温室大棚与传统大棚的区别,主要在功能上,以水肥灌溉举例。传统大棚
创业计划书-乌鲁木齐鲤鱼山路成片土地开发可行性分析报告
08-25
同时,物联网和AI技术也可能被提及,用于实现智慧城市的元素,如智能交通系统、环境监测等。 综上所述,《乌鲁木齐鲤鱼山路成片土地开发可行性分析报告》是一份融合了大数据、GIS、项目管理和数据分析等多个IT领域...
5G新基建到来,图扑推出智慧路灯三维可视化方案
weixin_46336189的博客
12-08 4384
作为智慧城市的重要组成部分,智慧灯杆管理系统采用信息化、数字化手段,把路灯及城市景观照明等各种不同对象的监控和数据采集及处理融于一体, 为城市管理者进行城市管理、进行科学决策提供了强有力的手段。 智慧灯杆管理系统是针对路灯智能管理的综合性系统,可对范围内的所有路灯集中控制、实时数据监测、异常智能分析及故障报警,以防止设备老化及丢失所带来的问题,同时还可以实现路灯管网和其他设施配置信息化管理,以满足后续用户需求的升级。针对此种情况,我们基于 HT for Web 实现了智慧灯杆管理系统,通过友好的 3D 视
百分点大数据技术团队:Cesium技术智慧应急行业的应用
Percent_bigdata的博客
09-19 5700
编者按:社会发展进程中,城市建设规模不断扩大,日渐复杂的社会系统衍生出大量复杂性风险,应急新需求也与日俱增,各应急场景中三维地图的建设和应用已经越来越迫切。Cesium技术能够提供基于JavaScript语言的开发包,方便用户快速搭建一款零插件的虚拟地球Web应用,并在性能、精度、渲染质量等方面都有高质量的保证,是应急行业系统GIS可视化的重要应用。本文从当前的市场需求及面临的问题出发,结合百分点科技多个项目的建设经验,从不同维度介绍了Cesium技术智慧应急行业的应用。一、Cesium介绍目前,三维空间
智慧农业大棚物联网平台建设综合解决方案.ppt
07-23
智慧方案
智慧农业(蔬菜大棚解决方案PPT课件.pptx
04-21
智慧农业(蔬菜大棚解决方案智慧农业(蔬菜大棚解决方案课件,智慧农业(蔬菜大棚解决方案PPT
智慧大棚整体解决方案.ppt
07-12
智慧方案
智慧农业智慧大棚技术解决方案.ppt
06-25
智慧方案
智慧农业大数据平台建设方案.docx
12-11
方案内容为 智慧农业大数据平台的设计方案,包含项目背景、需求分析、技术难点、技术实现等内容,适合于政企类信息化项目的方案编写参考。
物联网与数据可视化的结合:农业领域中的智慧大棚系统
HT for Web 3D
08-02 3572
前言 伴随着科技飞速发展,面朝黄土背朝天的农耕时代已经变成历史,智慧农业这一理念走入寻常百姓家。所谓的智慧农业就是充分利用现代信息技术发展的成果,结合传统农业,将物联网技术切合实际的运用到传统农业中。在智慧农业的大力发展的背景下,智慧大棚的诞生是顺其自然的,是智慧农业不可或缺的一部分。大棚应用物联网技术,可达到改善产品品质、调节生长周期、提高经济效益的目的,尤其是可实现温室大棚管理的高效和精准,且在规模化的大棚设施而言,运用“智慧大棚”可以在最短的时间内完成调控,极大的降低了劳动成本。 介于 2D 组态和
智慧农业建设方案中的物联网技术
找方案
11-22 1985
2005年国际电信联盟发布的互联网报告,对物联网做了这样的定义:通过二维码识别设备、射频识别装置、红外感应器、全球定位系统和激光扫描器等信息传感设备,按约定的协议,把任何物品与互联网相连接,进行信息交换和通信,以实现智能化识别、定位、跟踪、监控和管理的一种网络。物联网即“物物相联之网”,指通过射频识别(RFID)、红外感应器、全球定位系统、激光扫描器等信息传感设备,按约定的协议,把物与物,人与物进行智能化连接,进行信息交换和通讯,以实现智能化识别、定位、跟踪、监控和管理的一种新兴网络。
智能大棚工程建设设计方案
智慧温室
03-01 2923
玻璃温室 目前来说,智能大棚也不是什么特别神奇的存在,它已经成为现代设施农业发展主要的一项技术指标,经常会接到一些客户的电话咨询,我想做智能大棚,那么智能大棚都能实现什么功能,那么今天就和大家简单聊下经常用的一些系统,智能大棚就是在日光温室、薄膜温室、阳光板温室、玻璃温室等传统温室的基础上,利用物联网技术,通过无线传感器网络一个测量控制区,采用不同的传感器节点和具有简单执行机构的节点,文章由广源温室工程张经理原创发布,如有转载请保留版权信息,谢谢合作。如风机、低压电机、阀门等工作电流偏低的执行机构,..
python实现图文成片
05-04
要在Python中实现图文成片,您需要使用适当的库来处理图像和文本。 以下是一些库,您可以使用它们来实现图文成片: 1. Pillow:Pillow是Python Imaging Library的分支,它提供了创建、编辑和处理图像的方法。 2. Matplotlib:Matplotlib是一个绘图库,用于创建各种类型的图表,包括条形图、散点图、线图等。 3. OpenCV:OpenCV是一个针对计算机视觉的库,它提供了处理图像和视频的方法。 4. Pygame:Pygame是一个游戏开发库,它可以用于创建图形用户界面和处理图像。 5. NLTK:NLTK是一个自然语言处理库,它提供了处理文本的方法,包括分词、词性标注、命名实体识别等。 您可以使用这些库中的任何一个或多个来实现图文成片。下面是一个简单的示例,演示如何使用Pillow和Matplotlib库来创建图文成片: ```python from PIL import Image import matplotlib.pyplot as plt # 加载图像 img = Image.open('image.jpg') # 显示图像 plt.imshow(img) # 添加标题 plt.title('My Image') # 显示图像和标题 plt.show() # 添加文本 plt.text(100, 100, 'Hello World!', fontsize=12, color='red') # 保存图像和文本 plt.savefig('output.jpg') ``` 这个示例加载名为“image.jpg”的图像,并在其上添加一个标题和一些文本。然后,它将图像和文本保存到名为“output.jpg”的文件中。 您可以根据需要修改示例代码,使用其他库来添加更多的图像和文本效果。
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值