Re: Corrupted stack - Why Ubuntu 7.10 does not have libsafe; does not show errors in ?
Gilad Ben-Yossef wrote: guy keren wrote: when you can use valgrind - most other things are pretty useless. did you encounter a memory-handling bug that valgrind failed to catch, while another tool (such as libsafe) did catch? note: i never used libsafe, so i might be missing something - i simply compared valgrind to many other available tools in the past, and nothing (except for commercial software such as purify) came close. AFAIK Valgrind does not detect neither stack nor static buffer overflows at all. Gilad [EMAIL PROTECTED]:~$ cat c2.c #include stdio.h void f(char* p_i ) { char i[1024]; f(i); } int main() { f((char*)NULL); return 0; } [EMAIL PROTECTED]:~$ gcc -Wall c2.c [EMAIL PROTECTED]:~$ ./a.out Segmentation fault (core dumped) [EMAIL PROTECTED]:~$ valgrind valgrind valgrind.bin valgrind-listener [EMAIL PROTECTED]:~$ valgrind ./a.out ==5741== Memcheck, a memory error detector. ==5741== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et al. ==5741== Using LibVEX rev 1658, a library for dynamic binary translation. ==5741== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP. ==5741== Using valgrind-3.2.1-Debian, a dynamic binary instrumentation framework. ==5741== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al. ==5741== For more details, rerun with: -v ==5741== ==5741== Stack overflow in thread 1: can't grow stack to 0xBE68BF44 ==5741== ==5741== Process terminating with default action of signal 11 (SIGSEGV) ==5741== Access not within mapped region at address 0xBE68BF44 ==5741==at 0x80483B0: f (in /home/choo/a.out) ==5741== Stack overflow in thread 1: can't grow stack to 0xBE68BF3C ==5741== ==5741== Process terminating with default action of signal 11 (SIGSEGV) ==5741== Access not within mapped region at address 0xBE68BF3C ==5741==at 0x401C200: _vgnU_freeres (vg_preloaded.c:56) ==5741== ==5741== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 11 from 1) ==5741== malloc/free: in use at exit: 0 bytes in 0 blocks. ==5741== malloc/free: 0 allocs, 0 frees, 0 bytes allocated. ==5741== For counts of detected errors, rerun with: -v ==5741== All heap blocks were freed -- no leaks are possible. Segmentation fault (core dumped) how do you interpret these 'Stack overflow in thread 1: can't grow stack to 0xBE68BF44' messages? regarding static buffers - a test program shows that indeed valgrind does not report such overflows. even worse - it seems to hide errors of writing into read-only global variables (apparently it allocates global const buffers in read/write memory, while when loading the program without valgrind, ld.so (or whoever) loads them into read-only memory, and writes into them causes a crash. --guy. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Corrupted stack - Why Ubuntu 7.10 does not have libsafe; does not show errors in ?
Hi Guy, guy keren wrote: AFAIK Valgrind does not detect neither stack nor static buffer overflows at all. [EMAIL PROTECTED]:~$ cat c2.c #include stdio.h void f(char* p_i ) { char i[1024]; f(i); } int main() { f((char*)NULL); return 0; } [EMAIL PROTECTED]:~$ gcc -Wall c2.c [EMAIL PROTECTED]:~$ ./a.out Segmentation fault (core dumped) [EMAIL PROTECTED]:~$ valgrind valgrind valgrind.bin valgrind-listener [EMAIL PROTECTED]:~$ valgrind ./a.out ==5741== Memcheck, a memory error detector. ==5741== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et al. ==5741== Using LibVEX rev 1658, a library for dynamic binary translation. ==5741== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP. ==5741== Using valgrind-3.2.1-Debian, a dynamic binary instrumentation framework. ==5741== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al. ==5741== For more details, rerun with: -v ==5741== ==5741== Stack overflow in thread 1: can't grow stack to 0xBE68BF44 = how do you interpret these 'Stack overflow in thread 1: can't grow stack to 0xBE68BF44' messages? Your program does a stack overflow. What Valgrind doesn't detect are stack *buffer* overflows, which is something completely different. Try (stolen from the Wikiperdia article on Valgrind btw): int Static[5]; int func(void) { int Stack[5]; Static[5] = 0; /* boom! Static[0] to Static[4] exist, Static[5] is out of bounds */ Stack [5] = 0; /* bang! Stack[0] to Stack[4] exist, Stack[5] is out of bounds */ return 0; } regarding static buffers - a test program shows that indeed valgrind does not report such overflows. even worse - it seems to hide errors of writing into read-only global variables (apparently it allocates global const buffers in read/write memory, while when loading the program without valgrind, ld.so (or whoever) loads them into read-only memory, and writes into them causes a crash. Indeed. Gilad --guy. -- Gilad Ben-Yossef Chief Coffee Drinker Codefidence Ltd. The code is free, your time isn't.(TM) Web:http://codefidence.com Email: [EMAIL PROTECTED] Office: +972-8-9316883 ext. 201 Fax:+972-8-9316885 Mobile: +972-52-8260388
Re: Corrupted stack - Why Ubuntu 7.10 does not have libsafe; does not show errors in ?
guy keren wrote: when you can use valgrind - most other things are pretty useless. did you encounter a memory-handling bug that valgrind failed to catch, while another tool (such as libsafe) did catch? note: i never used libsafe, so i might be missing something - i simply compared valgrind to many other available tools in the past, and nothing (except for commercial software such as purify) came close. AFAIK Valgrind does not detect neither stack nor static buffer overflows at all. Gilad -- Gilad Ben-Yossef Chief Coffee Drinker Codefidence Ltd. The code is free, your time isn't.(TM) Web:http://codefidence.com Email: [EMAIL PROTECTED] Office: +972-8-9316883 ext. 201 Fax:+972-8-9316885 Mobile: +972-52-8260388
Corrupted stack - Why Ubuntu 7.10 does not have libsafe; does not show errors in ?
Hi people, I am fighting with stack corruption problem in my appilcation I wanted to use libsafe , but debian/ubuntu packages are not accessible, so I built libsafe manually from source tar distribution And now, I see from trace ouput that altough my calls are indeed intercepted in preloaded libsafe functions, no errors are shown neither in stderr, nor in /var/log/secure Any advises are heartly welcomed Toda, L. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Corrupted stack - Why Ubuntu 7.10 does not have libsafe; does not show errors in ?
You can try to use valgrind. Valery --- On Sun, 5/18/08, Lev Olshvang [EMAIL PROTECTED] wrote: From: Lev Olshvang [EMAIL PROTECTED] Subject: Corrupted stack - Why Ubuntu 7.10 does not have libsafe; does not show errors in ? To: linux-il linux-il@cs.huji.ac.il Date: Sunday, May 18, 2008, 4:47 PM Hi people, I am fighting with stack corruption problem in my appilcation I wanted to use libsafe , but debian/ubuntu packages are not accessible, so I built libsafe manually from source tar distribution And now, I see from trace ouput that altough my calls are indeed intercepted in preloaded libsafe functions, no errors are shown neither in stderr, nor in /var/log/secure Any advises are heartly welcomed Toda, L. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Corrupted stack - Why Ubuntu 7.10 does not have libsafe; does not show errors in ?
Hi Valery, I do use valgrind to find memory leaks, but libsafe suppose to directly get me the name of function where stack is smashed. I forgot to write, that in order to disable GCC stack protectin, I compile my application and libsafe with -fno-stack-protector option. Valery Reznic wrote: You can try to use valgrind. Valery --- On Sun, 5/18/08, Lev Olshvang [EMAIL PROTECTED] wrote: From: Lev Olshvang [EMAIL PROTECTED] Subject: Corrupted stack - Why Ubuntu 7.10 does not have libsafe; does not show errors in ? To: linux-il linux-il@cs.huji.ac.il Date: Sunday, May 18, 2008, 4:47 PM Hi people, I am fighting with stack corruption problem in my appilcation I wanted to use libsafe , but debian/ubuntu packages are not accessible, so I built libsafe manually from source tar distribution And now, I see from trace ouput that altough my calls are indeed intercepted in preloaded libsafe functions, no errors are shown neither in stderr, nor in /var/log/secure Any advises are heartly welcomed Toda, L. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Corrupted stack - Why Ubuntu 7.10 does not have libsafe; does not show errors in ?
when you can use valgrind - most other things are pretty useless. did you encounter a memory-handling bug that valgrind failed to catch, while another tool (such as libsafe) did catch? note: i never used libsafe, so i might be missing something - i simply compared valgrind to many other available tools in the past, and nothing (except for commercial software such as purify) came close. --guy Lev Olshvang wrote: Hi Valery, I do use valgrind to find memory leaks, but libsafe suppose to directly get me the name of function where stack is smashed. I forgot to write, that in order to disable GCC stack protectin, I compile my application and libsafe with -fno-stack-protector option. Valery Reznic wrote: You can try to use valgrind. Valery --- On Sun, 5/18/08, Lev Olshvang [EMAIL PROTECTED] wrote: From: Lev Olshvang [EMAIL PROTECTED] Subject: Corrupted stack - Why Ubuntu 7.10 does not have libsafe; does not show errors in ? To: linux-il linux-il@cs.huji.ac.il Date: Sunday, May 18, 2008, 4:47 PM Hi people, I am fighting with stack corruption problem in my appilcation I wanted to use libsafe , but debian/ubuntu packages are not accessible, so I built libsafe manually from source tar distribution And now, I see from trace ouput that altough my calls are indeed intercepted in preloaded libsafe functions, no errors are shown neither in stderr, nor in /var/log/secure Any advises are heartly welcomed Toda, L. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]