What C/C++ tools can check for buffer overflows?

c++ c buffer-overflow buffer-overrun

22,539

Solution 1

On Linux I'd use Valgrind.

Solution 2

Consider using more modern data structures as a way of avoiding buffer overflows. Reading into a std::string won't overflow, and std::vectors are much safer than arrays. I don't know what your application is, and it's possible that raw buffers are used because you need the speed, but it's more common that they are used because that's what the original programmers were comfortable with.

Searching for memory leaks with the tools mentioned is a good idea, but they may not find all potential leaks, while using standard strings and container classes can eliminate problems you didn't realize you had.

Solution 3

IBM's Purify will do this, you run your app under it and it will give you a report of all errors (including other ones).

To kill memory leaks, use UMDH - run your app, take a snapshot of the memory, run it again, snapshot and then use a diff tool to see the allocations made since the first run through (note you must run your app once, and take snapshots as best you can).

Solution 4

Check on electric-fence, it is design just for buffer overflow ! It does not slow down the code itself (but slow down allocation/deallocation). It works and linux and windows.

It works by adding a segment with no read or write access before and after each allocated space. Trying to access this memory end up as a segmentation fault on UNIX and a memory violation (or something similar) on Windows.

Solution 5

I'm surprised no one's mentioned Application Verifier (free!) on Windows. Visual Leak Detector (mentioned in another answer) is absolutely amazing for tracking many types of memory leak, but Application Verifier is top dog for tracking memory errors like buffer overruns, double frees, and buffer use after free (plus many, many more).

Edit: And it's very, very easy to use.

View more solutions

22,539

MrValdez

SOreadytohelp

Updated on May 06, 2020

Comments

MrValdez about 4 years

I've been asked to maintain a large C++ codebase full of memory leaks. While poking around, I found out that we have a lot of buffer overflows that lead to the leaks (how it got this bad, I don't ever want to know).

I've decided to removing the buffer overflows first. To make my bug-hunting easier, what tools can be used to check for buffer overruns?
MrValdez over 15 years

Interesting. I'll see if this codebase can compile on Linux once I can't think of anything else to fix (although, I highly doubt it). Upvoted because someone else might find your answer useful.
PierreBdR over 15 years

It's a bit of an overkill just for buffer overflow ...
John over 15 years

Buffer overflow is a very nasty bug because the effects are not necessarily close to the cause (i.e. it can crash 500 lines later). If the stack gets smashed you'll need all the help you can get debugging. This is where Valgrind shines - it traps the overflow as soon as it happens.
hayalci over 15 years

There are frontends to valgrind, like kcachegrind that make it more usable.
Caleb Huitt - cjhuitt over 15 years

Valgrind might be a slight overkill for buffer overflows, but the original question mentioned the program being full of memory leaks. Valgrind should help with quite a few other memory problems as well.
sorin about 14 years

Good to know that it doesn't run on Windows 7 x64.
ideasman42 over 11 years

Theres nothing wrong with using valgrind even if it is overkill, You get a lot of extra error checks like use of un-initialized memory.
Fake Name almost 9 years

Sources are here. Apparently it's been superceeded by DUMA
user2284570 over 8 years

Nice ! But runtime based. With a large code base (written in C in ly case) you will mainly test your program for the way it had been designed. An attacker can the several thousands required hours at reading the code in order to find a memory leak exploit. I would have expected an automated tool for source code analysis similar to what exist for JavaScript.
user2284570 over 8 years

Nice ! But runtime based. With a large code base (written in C in ly case) you will mainly test your program for the way it had been designed. An attacker can the several thousands required hours at reading the code in order to find a memory leak exploit. I would have expected an automated tool for source code analysis similar to what exist for JavaScript.
user2284570 over 8 years

This won’t work for C.
paulm about 8 years

valgrind is my go-to tool for overflows, what else would you use to find it??
bu11d0zer over 7 years

Valgrind does not catch simple buffer overflows like sprintf of 12 characters to a 10-character buffer.