锐英源软件
第一信赖

精通

英语

开源

擅长

开发

培训

胸怀四海 

第一信赖

当前位置:锐英源 / 开源技术 / ios开源技术 / Heap buffer overflow
服务方向
人工智能数据处理
人工智能培训
kaldi数据准备
小语种语音识别
语音识别标注
语音识别系统
语音识别转文字
kaldi开发技术服务
软件开发
运动控制卡上位机
机械加工软件
软件开发培训
Java 安卓移动开发
VC++
C#软件
汇编和破解
驱动开发
联系方式
固话:0371-63888850
手机:138-0381-0136
Q Q:396806883
微信:ryysoft

锐英源精品开源,禁止转载和任何形式的非法内容使用,违者必究


Heap buffer overflow

After adding one boolean variable to class declaration application crashes whenever accessing that variable. All I do is just initializing the variable.

在添加一个布尔变量到类声明里后,只要访问变量应用程序就崩溃。我所做的只是初始化变量。

Ui::SliderWidget::SliderWidget(QWidget *parrent)
: QWidget(parrent),
  m_slider(nullptr),
  m_main_layout(nullptr),
  m_counter_lbl(nullptr)
  // m_disable(false)
{
    this->setObjectName("SliderWidget");
    this->initialize();
    // m_disable = false;
}

After removing the comment application crashes with message "AddressSanitizer: heap-buffer-overflow" and "Shadow memory range interleaves". Any read or write on m_disable cause problem. This problem occurs in linux. On Windows everything works fine. Bellow is the output.删除注释后应用程序崩溃,消息“AddressSanitizer:heap-buffer-overflow”和“Shadow memory range interleaves”。对m_disable的任何读或写都会导致问题。在linux中出现此问题。在Windows上一切正常。下面是输出。

> =================================================================
==5579==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60700014fd58 at pc 0x0000004e55c7 bp 0x7ffc0dddea70 sp 0x7ffc0dddea60
WRITE of size 1 at 0x60700014fd58 thread T0
    #0 0x4e55c6 in Ui::SliderWidget::SliderWidget(QWidget*) ../livemonitornew/Ui/sliderwidget.cpp:17
    #1 0x503b2f in Ui::Settings::GameOptions::create_widgets() ../livemonitornew/Ui/Settings/gameoptions.cpp:73
    #2 0x503acf in Ui::Settings::GameOptions::initialize() ../livemonitornew/Ui/Settings/gameoptions.cpp:65
    #3 0x503795 in Ui::Settings::GameOptions::GameOptions(QWidget*) ../livemonitornew/Ui/Settings/gameoptions.cpp:32
    #4 0x50b1bf in Ui::Settings::Preferences::create_tabs() ../livemonitornew/Ui/Settings/preferences.cpp:174
    #5 0x50a8fd in Ui::Settings::Preferences::initialize() ../livemonitornew/Ui/Settings/preferences.cpp:100
    #6 0x50a452 in Ui::Settings::Preferences::Preferences(QWidget*) ../livemonitornew/Ui/Settings/preferences.cpp:40
    #7 0x44d9ff in Ui::ControllerWidget::create_widgets() ../livemonitornew/Ui/controllerwidget.cpp:180
    #8 0x44cf76 in Ui::ControllerWidget::initialize() ../livemonitornew/Ui/controllerwidget.cpp:101
    #9 0x44c419 in Ui::ControllerWidget::ControllerWidget(QWidget*) ../livemonitornew/Ui/controllerwidget.cpp:35
    #10 0x42c9ec in Controller::initialize() ../livemonitornew/controller.cpp:105
    #11 0x42c4c5 in Controller::Controller(QSharedPointer, QMainWindow*) ../livemonitornew/controller.cpp:74
    #12 0x438399 in main ../livemonitornew/main.cpp:42
    #13 0x7fbc7632f82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #14 0x42c168 in _start (/home/mher/Documents/workspace/build-LiveMonitor-Desktop_Qt_5_6_2_GCC_64bit2-Debug/LiveMonitor+0x42c168)

0x60700014fd58 is located 0 bytes to the right of 72-byte region [0x60700014fd10,0x60700014fd58)
allocated by thread T0 here:
    #0 0x7fbc794d4532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
    #1 0x503b1f in Ui::Settings::GameOptions::create_widgets() ../livemonitornew/Ui/Settings/gameoptions.cpp:73
    #2 0x503acf in Ui::Settings::GameOptions::initialize() ../livemonitornew/Ui/Settings/gameoptions.cpp:65
    #3 0x503795 in Ui::Settings::GameOptions::GameOptions(QWidget*) ../livemonitornew/Ui/Settings/gameoptions.cpp:32
    #4 0x50b1bf in Ui::Settings::Preferences::create_tabs() ../livemonitornew/Ui/Settings/preferences.cpp:174
    #5 0x50a8fd in Ui::Settings::Preferences::initialize() ../livemonitornew/Ui/Settings/preferences.cpp:100
    #6 0x50a452 in Ui::Settings::Preferences::Preferences(QWidget*) ../livemonitornew/Ui/Settings/preferences.cpp:40
    #7 0x44d9ff in Ui::ControllerWidget::create_widgets() ../livemonitornew/Ui/controllerwidget.cpp:180
    #8 0x44cf76 in Ui::ControllerWidget::initialize() ../livemonitornew/Ui/controllerwidget.cpp:101
    #9 0x44c419 in Ui::ControllerWidget::ControllerWidget(QWidget*) ../livemonitornew/Ui/controllerwidget.cpp:35
    #10 0x42c9ec in Controller::initialize() ../livemonitornew/controller.cpp:105
    #11 0x42c4c5 in Controller::Controller(QSharedPointer, QMainWindow*) ../livemonitornew/controller.cpp:74
    #12 0x438399 in main ../livemonitornew/main.cpp:42
    #13 0x7fbc7632f82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: heap-buffer-overflow ../livemonitornew/Ui/sliderwidget.cpp:17 Ui::SliderWidget::SliderWidget(QWidget*)
Shadow bytes around the buggy address:
  0x0c0e80021f50: 00 00 00 00 00 00 00 00 fa fa fa fa fd fd fd fd
  0x0c0e80021f60: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd
  0x0c0e80021f70: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c0e80021f80: fd fd fa fa fa fa 00 00 00 00 00 00 00 00 00 fa
  0x0c0e80021f90: fa fa fa fa 00 00 00 00 00 00 00 00 00 fa fa fa
=>0x0c0e80021fa0: fa fa 00 00 00 00 00 00 00 00 00[fa]fa fa fa fa
  0x0c0e80021fb0: 00 00 00 00 00 00 00 00 04 fa fa fa fa fa fd fd
  0x0c0e80021fc0: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
  0x0c0e80021fd0: fd fd fd fd fd fa fa fa fa fa 00 00 00 00 00 00
  0x0c0e80021fe0: 00 00 00 fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c0e80021ff0: fd fd fa fa fa fa 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==5579==ABORTING

There is only 6 instance of SliderWidget and sizeof(SliderWidget) is 72 byte. They are all constructed in heap without problem until reading or writing on m_disable. Valgrind memory analyzer reports 'Invalid write of size 1' warning. Can someone explain what is happening?

只有SliderWidget 6个实例,sizeof(SliderWidget)为72字节。在读写m_disable之前,它们都是在堆中构造而没有问题。Valgrind内存分析器报告“无效写入大小1”警告。有人可以解释发生了什么吗?

There's something undefined somewhere, but it's very difficult to guess where. It does sound suspiciously like there being two conflicting definitions of SliderWidget, though. If there aren't, have you tried cleaning and rebuilding? 

某处有一些未定义的东西,但很难猜到哪里。然而,听起来确实有两个相互矛盾的定义SliderWidget。如果没有,您是否尝试过清洁和重建?

Observing behavior like you describe, I would imagine that somewhere else you have memory problems like hanging pointers, uninitialized data etc. You need to perform a static code analysis and a code review of the relevant area of your SW.

观察你所描述的行为,我会想到在其他地方你有内存问题,如悬挂指针,未初始化的数据等。你需要执行静态代码分析和SW的相关区域的代码审查。 

check also the places where a placement operator new is used if any. Besides that would be interesting the occurrence of the crashes, and the value of this in the constructor of your class (you can just printf("%p", this) it)

(如果有),还要检查使用new分配运算符的位置。除此之外,崩溃的发生以及this类的构造函数中的值(你可以只是printf("%p", this)它)会很有趣

Clang static analyzer shows no errors and no warnings. Also there is no placement new, and cleaning and rebuilding is done.

Clang静态分析仪显示没有错误,也没有警告。此外,没有新的位置,并且已完成清洁和重建

友情链接
版权所有 Copyright(c)2004-2021 锐英源软件
公司注册号:410105000449586 豫ICP备08007559号 最佳分辨率 1024*768
地址:郑州大学北校区院(文化路97号院)内