Discussion:
Use of Debug build for catching buffer overrruns, other errors?
(too old to reply)
j.a. harriman
2009-05-15 12:38:02 UTC
Permalink
I know that the "debug build" initializes unitialized variables and also puts
"padding" around things like arrays. What I have not been able to figure out
is what needs to be done to catch this condition.

I am using VS 2005, C++ unmanaged code.
Let's assume the following: If I have the classic "hello world" program
(with no asserts, debug statements, etc.) compiled as debug build and also
have a line that uses strcpy to overrun the an array in the program.

When I run this in the VS debugger, how do I make use of the padding to
detect the overrun? OR what else do I have to do to the source code to catch
this?

Any thorough links/tutorals on suing the features of the debug build would
be greatly appreciated. Thanks.
Alex Blekhman
2009-05-15 13:16:22 UTC
Permalink
Post by j.a. harriman
I know that the "debug build" initializes unitialized variables
and also puts "padding" around things like arrays. What I have
not been able to figure out is what needs to be done to catch
this condition.
You don't need to do anything apart of specifying one of the /RTCx
switches for Debug configuration. Then, if stack is corrupted, you
get CRT debug assertion dialog from which you can start debugging.
Just ensure that you get runtime checks enabled: Project
properties -> C/C++ -> Code Generation -> Basic Runtime Checks.

Also, consider the followong VC++ article that demonstrates
runtime checks in action:

"How to: Use Native Run-Time Checks"
http://msdn.microsoft.com/en-us/library/162azb0k.aspx

Notice the "RTC Sample: Run-Time Error Checks" sample at the
bottomm of the page.

HTH
Alex
Alex Blekhman
2009-05-15 13:19:06 UTC
Permalink
In addition, here's another article specifically about buffer
overruns and how to detect them:

"Compiler Security Checks In Depth"
http://msdn.microsoft.com/en-us/library/aa290051.aspx

HTH
Alex
j.a. harriman
2009-05-15 17:01:03 UTC
Permalink
Hi Alex,

I had checked both of those links.

I have my sample app set to the debug build/configuration, the basic runtime
checks set to "both", buffer security check set to yes.

When I run the following in VS debugger, no error is generated when the
buffer is overwritten. I get an access violation when it hits the return
statement.

What needs to be enabled to trap the error on the "strcpy"?

int main()
{
char myarray [10];

memset(myarray, NULL, sizeof(myarray));

strcpy(myarray, "This is too big and will cause an error.");
return 0;
}

Thanks.
Post by Alex Blekhman
In addition, here's another article specifically about buffer
"Compiler Security Checks In Depth"
http://msdn.microsoft.com/en-us/library/aa290051.aspx
HTH
Alex
David Lowndes
2009-05-15 17:09:41 UTC
Permalink
Post by j.a. harriman
When I run the following in VS debugger, no error is generated when the
buffer is overwritten. I get an access violation when it hits the return
statement.
Try a more subtle overrun - by a byte or 2 and see what happens then.
IIFC I'd expect to get the run-time check at the end of the function
where the overrun occurs.

Dave
Nathan Mates
2009-05-15 17:42:00 UTC
Permalink
Post by j.a. harriman
What needs to be enabled to trap the error on the "strcpy"?
char myarray [10];
strcpy(myarray, "This is too big and will cause an error.");
Even with Visual C++'s detect buffer overruns, it will NOT trap it
on that line of code. Buffer overrun detection puts in guard bytes at
the end of the block, and checks for their overwriting at function
exit. If you want instant death on that strcpy line when it goes over,
you'll need to look into MS's secure string handling functions -- see
http://msdn.microsoft.com/en-us/library/td1esda9(VS.80).aspx

Nathan Mates

--
<*> Nathan Mates - personal webpage http://www.visi.com/~nathan/
# Programmer at Pandemic Studios -- http://www.pandemicstudios.com/
# NOT speaking for Pandemic Studios. "Care not what the neighbors
# think. What are the facts, and to how many decimal places?" -R.A. Heinlein
Alex Blekhman
2009-05-15 21:07:26 UTC
Permalink
Post by j.a. harriman
What needs to be enabled to trap the error on the "strcpy"?
I agree with Natahan and David. Most security checks happen at the
exit from a function. If you want to trigger an assertion on the
spot, then you'll need secure CRT functions. As a bonus, for
standard names like `strcpy' you can leave an exisitng code
intact. See more info here:

"Secure Template Overloads"
http://msdn.microsoft.com/en-us/library/ms175759.aspx

Alex

Loading...