Buffer overflow c/c++

Home Forums C Programming Buffer overflow c/c++

This topic contains 5 replies, has 2 voices, and was last updated by  GWILouisaxwzkla 8 years, 4 months ago.

  • Author
    Posts
  • #2208

    Stanley01K
    Member

    Hello,
    how can I find a buffer overflow in arrays?

    For example:

    int x[10];
    int y[5][5];
    int z[5][5][2];

    x[12] = 0;
    y[3][7] = 8;
    z[2][6][1] = 8;

    Compilers don’t find these problems during compilation or during run-time.

    Can some one help me?

    Thanks

  • #3583

    The best thing to do in c/c++ is check that the indexes are with in range :

    since c/c++ does not use array descriptors ( an array header with the maximum length information ) there is really no other way I can think of.

  • #3584

    Stanley01K
    Member

    Thanks for your answer.

    In this few days I’ve found a tool that does what I was looking for.

    I downloaded it from http://www.bugfighter-soft.com

    It can detect all buffer overflow in single and multidimensional arrays and it doesn’t care about platform or compiler.
    This picture shows you how it works: http://www.bugfighter-soft.com/images/BugFighter.jpg

    It seems to work well, but I want to know your opinion.

    Thanks

    Best regards

  • #3585

    Interesting program ( I suppose this software is based on a parser that uses the C/C++ grammer that checks declarations and uses of pointers and arrays ). I guess its fine to use something like this ( if you trust the authors code :) ). You do have to run your source code through two translators per compile though , this could take extra time with large programs …..

  • #3586

    Stanley01K
    Member

    Thanks,
    i think it’s so.

    I saw that the run time is slower, but it’s not a problem during test time.

    It is very helpful to find hidden bugs and I will go on to use it because it can discover something that I can’t by using only compiler.

    I used it with Visual C++.

    Did you try it?

    Best regards

  • #3587

    I haven’t used the software since I’ve gotten pretty good at finding access violations after years of writing my own data structures and lots of software that uses pointers. Anything I write in C/C++ or assembly language is designed with execution speed in mind so I probably would not use anything that slows my code down ( I belive that is why C/C++ was designed without provisions to check for access violations at compile time ). Anyway , I guess the software is a clever idea and if you don’t mind the performance hit , use it ………

You must be logged in to reply to this topic.

0 Shares
Share
+1
Tweet
Share
Stumble