我想知道应该如何阅读以下错误消息。特别是:
(1) fa (heap left redzone) 和 fd (freed heap region) 是什么意思?
(2)00后和05后的意义是什么。
(3)被指向的内存块(0x0c067fff8010)有什么意义?
(4) 什么是野指针?
(5) 为什么fa在方括号([fa])中有指向它的箭头的内存块所在的那一行?
编译命令
clang++ test.cpp -fsanitize=address -D_LIBCPP_DEBUG=1
错误信息
Address 0x6030000000f0 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/tzadiko/randomStuff/a.out+0x4fa83d) in main
Shadow bytes around the buggy address:
0x0c067fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c067fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c067fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c067fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c067fff8000: fa fa fd fd fd fd fa fa 00 00 00 07 fa fa 00 00
=>0x0c067fff8010: 05 fa fa fa 00 00 04 fa fa fa fa fa fa fa[fa]fa
0x0c067fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
最佳答案
您遗漏了输出的关键部分。这是图例(取自 the documentation ):
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap righ redzone: fb
Freed Heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
看完this description ,我认为您的问题的地址依次是:
redzone 是分配的左侧和右侧的不可访问数据区域。 ASan 保留整个内存的位掩码,并确定每个 8 字节区域的内存类型。
如图例所示,00 是完全可寻址的内存,01 到 07 表示“部分可寻址”。其中包含
05
的值大概意味着可以寻址该 8 字节 block 的前 5 个字节。0x0c067fff801e
是位图中的索引。括号中的部分表示预期的影子字节。将它乘以 8 得到0x6033fffc00f0
,大概还必须对其进行一些修改才能返回到有问题的内存区域。野指针是指向未分配(或最近释放)内存的指针。
见 3.
关于c++ - 应该如何阅读堆缓冲区溢出错误消息?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58488551/