Re: Utilities to test buffer overflow...

From: Timothy Millea (Timothy.Millea@hurlburt.af.mil)
Date: 02/27/03


>I wrote, I know, why it occurs: it is in sanity_check(), and (in short)
>[buf] [sizeof(buf)-1] != [MAGIC_NUM | '\0']. But in code is 1000 ;-)
assignings
>to buf[]. How to find (easy) error assigning. ;-)


You could also use gdb (debugger) and add a break on the line that outputs
the BUFFER OVERFLOW message and then back trace to see where the buffer is
being overflowed at.

Since lint works at source level, and if you data size is not known at
compile time, lint will not detect the buffer overflow anyway. At least
that's my understanding. When working with dynamic data it's best to
troubleshoot it live in a debugger.

My 2 cents worth,

Tim

--
   +---------------------------------------------------------------+
   | FAQ: http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
   | Archives: http://post.queensu.ca/listserv/wwwarch/circle.html |
   | Newbie List:  http://groups.yahoo.com/group/circle-newbies/   |
   +---------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 06/26/03 PDT