[内存管理]之用户态内存检测ASAN

最新推荐文章于 2024-07-19 17:04:12 发布

keith_y

最新推荐文章于 2024-07-19 17:04:12 发布

阅读量319

点赞数

分类专栏：内存管理文章标签： linux

本文链接：https://blog.csdn.net/keith_y/article/details/127701421

版权

本文介绍了Google的C/C++内存错误检测工具ASAN。它利用Red-zone和Shadow Memory技术检查内存访问的合法性，并通过Instrumentation模块在运行时插入检查代码，钩子new和malloc等函数以在分配的内存周围插入保护区域。编译时通过-LDFLAGS -lasan和-CFLAGS -g -fsanitize=address -fno-omit-frame-pointer -fno-common选项启用ASAN。

摘要由CSDN通过智能技术生成

1. A Memory Error Detector for C/C++ by Google

l Use after free (dangling pointer dereference )

l Heap buffer overflow

l Stack buffer overflow

l Global buffer overflow

l Use after return

l Use after scope

l Initialization order bugs

l Memory leaks

Red-zone : A memory area inserted between memory regions for checking accessing validity.

Shadow Memory : Every aligned 8-byte word of memory has only 9 stats.

There are only 9 different values for any aligned 8 bytes of the application memory:

l All 8 bytes in qword are unpoisoned (i.e. addressable). The shadow value is 0 .

l All 8 bytes in qword are poisoned (i.e. not addressable). The shadow value is negative .

l First k bytes are unpoisoned , the rest 8-k are poisoned. The shadow value is k. This is guaranteed by the fact that malloc returns 8-byte aligned chunks of memory. The only case where different bytes of an aligned qword have different state is the tail of a malloc-ed region. For example, if we call malloc (13), we will have one full unpoisoned qword and one qword where 5 first bytes are unpoisoned .

l Shadow memory address = (Normal memory address >> 3) + 0x100000000

-Instrumentation module : Insert code for checking state at the location occurred me