Safe method wont check dangling pointer?
lzzll
ownrepos at gmail.com
Mon Apr 14 20:14:06 PDT 2014
Let me show some exmaple on c, and two common memory error detect
tool.
example 1 (stack overflow):
---
int a = 100;
printf("%p\n", &a);
int *b = &a+1;
printf("%p\n", &b);
*b = 100;
---
valgrind: nothing detected
address sanitizer: ==1996== ERROR: AddressSanitizer:
stack-buffer-overflow on address 0x7fffc976dbc4
example 2 (cross address)
---
int a = 100;
int b = 200;
printf("%p\n", &a);
printf("%p\n", &b);
int *c = &a+(&b-&a);
printf("%p\n", c);
*c = 100;
---
Of course it can't be detected.
example 3 (heap overflow)
---
int *a = (int*) malloc(sizeof(int));
printf("%p\n", a);
int *b = a + 1;
printf("%p\n", b);
*b = 100;
---
valgrind: Address 0x51f0044 is 0 bytes after a block of size 4
alloc'd
address sanitizer: AddressSanitizer: heap-buffer-overflow on
address 0x60040000dff4
It's possible to a certain extent.
Reference:
http://valgrind.org/docs/manual/mc-manual.html#mc-manual.vaddress
http://code.google.com/p/address-sanitizer/wiki/AddressSanitizerAlgorithm
I understand implemented this is hard and it need huge cost.
It still be useful if we only use it to detect memory error and
trun it off when release.
I'll be glad if I can see it on D after some years.
More information about the Digitalmars-d
mailing list