一.说明
本说明来源于网络, 原文链接:https://blog.csdn.net/weixin_41644391/article/details/103450401
gcc 4.8.5 : 只有Asan,即只能检测内存越界。
gcc 4.9.2 : 有Asan和Lsan两种,可以用asan来做越界检测,用lsan做内存泄露检测。(建议使用, gcc的安装跟gcc4.8.5一样,详看tensorflow 配置centos6环境)
gcc 7.2 : Asan中集成了LSan。(建议使用, gcc的安装跟gcc4.8.5一样,详看tensorflow 配置centos6环境),意思就是只用asan就可以啦。
二.内存越界示例
代码
main.cc
#include <iostream>
int main() {
char a[7] = "abcdef";
char b[7] = "abcdef";
int c = 1;
b[8] = 'g';
std::cout << a << std::endl;
return 0;
}
编译
aa:main.cc
g++ -std=c++11 -g -O0 -fsanitize=address main.cc -o aa
运行结果
# ./aa
=================================================================
==27425==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffcbc40d3c8 at pc 0x56394911007a bp 0x7ffcbc40d340 sp 0x7ffcbc40d330
WRITE of size 1 at 0x7ffcbc40d3c8 thread T0
#0 0x563949110079 in main /magicmind_dir/learn/asan/main.cc:7
#1 0x7ff91a03abf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
#2 0x56394910fdc9 in _start (/magicmind_dir/learn/asan/aa+0xdc9)
Address 0x7ffcbc40d3c8 is located in stack of thread T0 at offset 104 in frame
#0 0x56394910feb9 in main /magicmind_dir/learn/asan/main.cc:3
This frame has 2 object(s):
[32, 39) 'a'
[96, 103) 'b' <== Memory access at offset 104 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /magicmind_dir/learn/asan/main.cc:7 in main
Shadow bytes around the buggy address:
0x100017879a20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100017879a30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100017879a40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100017879a50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100017879a60: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
=>0x100017879a70: 07 f2 f2 f2 f2 f2 f2 f2 07[f2]f2 f2 00 00 00 00
0x100017879a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100017879a90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100017879aa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100017879ab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100017879ac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==27425==ABORTING
三.内存泄漏示例
代码
main.cc
#include <iostream>
int main() {
char* p = new char[10];
p[0] = 'g';
std::cout << p << std::endl;
return 0;
}
编译
aa:main.cc
g++ -std=c++11 -g -O0 -fsanitize=leak main.cc -o aa
运行
# ./aa
g
=================================================================
==27468==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 10 byte(s) in 1 object(s) allocated from:
#0 0x7fda10c8ad8b in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/liblsan.so.0+0xfd8b)
#1 0x564ca95949db in main /magicmind_dir/learn/lsan/main.cc:4
#2 0x7fda10522bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
SUMMARY: LeakSanitizer: 10 byte(s) leaked in 1 allocation(s).